| |
| |||||||
Log-Analyse und Auswertung: Windows 7 home 64bit: Schädlingsbefall durch Techgile Virus. Werbung in Browser.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.02.2015, 13:24
| #1 |
| |  Windows 7 home 64bit: Schädlingsbefall durch Techgile Virus. Werbung in Browser. Hallo zusammen, durch die Installation einer Freeware ist leider der Techgile Virus auf meinen PC gelangt. Leider hat keine Anleitung im Web mir helfen können den Schädling loszuwerden  , weshalb ich mich an euch wende. Der Virus sorgt dafür dass auf nahezu jeder Webseite Werbung die Hälfte des Bildschirms einnimmt. Manche dieser ads lassen sich nicht wegklicken. Ich würde mich sehr freuen wenn Sie mir helfen können. Grüße Jonas P.S. ich habe hier die Logfiles nach der Anleitung für neue Threads angehängt  defogger_disable.txt Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:01 on 15/02/2015 (Jonas)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 (ATTENTION: ====> FRST version is 14 days old and could be outdated)
Ran by Jonas (administrator) on JONAS-PC on 15-02-2015 13:02:23
Running from C:\Users\Jonas\Desktop\virenbereinigung
Loaded Profiles: Jonas (Available profiles: Jonas & Laura & Anna & Mama)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(MKS Software Inc.) C:\Windows\System32\nutsrv4.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PTC Inc.) C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-13] (AVAST Software)
HKLM-x32\...\Run: [NuTCSetupEnviron] => C:\Program Files\PTC\MKS Toolkit\bin\ncoeenv.exe [37248 2012-10-12] (MKS Software Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3299774788-2130862179-1353054255-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
Startup: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3299774788-2130862179-1353054255-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\Windows\SysWOW64\cgmopenbho.dll (CGM Open Consortium, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @ptc.com/ProductViewLite -> C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-13]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1420202940&from=ima&uid=OCZ-AGILITY3_OCZ-32Q3217NO988P6RE
CHR RestoreOnStartup: Default -> "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=276_pr__alt__ddc_dsssyc_bd_com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-13]
CHR Extension: (Google Docs) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-13]
CHR Extension: (Google Drive) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-13]
CHR Extension: (YouTube) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-13]
CHR Extension: (Adblock Plus) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-13]
CHR Extension: (Google-Suche) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-13]
CHR Extension: (Google Tabellen) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-13]
CHR Extension: (Avast Online Security) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-13]
CHR Extension: (Google Wallet) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-13]
CHR Extension: (Techgile) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfpklbmjjijallflamcdlkgglcehpfb [2015-01-02]
CHR Extension: (Citavi Picker) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\piehhloihgjjiomhieeddiidpekaajio [2014-11-15]
CHR Extension: (Google Mail) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-13]
CHR HKLM-x32\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx [2014-11-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-13] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NuTCRACKERService; C:\Windows\system32\nutsrv4.exe [574776 2012-10-12] (MKS Software Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 PortmapperService; C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe [496128 2014-10-25] (PTC Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-13] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-15 13:02 - 2015-02-15 13:02 - 00000000 ____D () C:\FRST
2015-02-15 13:01 - 2015-02-15 13:01 - 00000472 _____ () C:\Users\Jonas\Downloads\defogger_disable.log
2015-02-15 13:01 - 2015-02-15 13:01 - 00000000 _____ () C:\Users\Jonas\defogger_reenable
2015-02-15 13:00 - 2015-02-15 13:00 - 00050477 _____ () C:\Users\Jonas\Downloads\Defogger.exe
2015-02-13 19:14 - 2015-02-13 19:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-02-13 13:58 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 13:58 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 13:58 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 13:58 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 13:08 - 2015-02-05 18:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-12 13:07 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-12 13:07 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-02-12 13:07 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-12 12:27 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-12 12:27 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-12 12:27 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-12 12:27 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 12:27 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-12 12:27 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-12 12:27 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-12 12:27 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-12 12:27 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-12 12:27 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-12 12:27 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-12 12:27 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-12 12:27 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-12 12:27 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-12 12:27 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 12:27 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-12 12:27 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-12 12:27 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-12 12:27 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-12 12:27 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-12 12:27 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-12 12:27 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-12 12:27 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-12 12:27 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-12 12:27 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 12:27 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-12 12:27 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-12 12:27 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-12 12:27 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 12:27 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 12:27 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 12:27 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 12:27 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 12:27 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-12 12:27 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 12:27 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 12:27 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 12:27 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-12 12:27 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-12 12:27 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 12:27 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 12:27 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 12:27 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 12:27 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-12 12:27 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 12:27 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-12 12:27 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 12:27 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 12:27 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-12 12:27 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 12:27 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 12:27 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 12:27 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 12:27 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-12 12:27 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-12 12:27 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 12:27 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 12:27 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 12:27 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 12:27 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 12:27 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 12:27 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 12:27 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 12:27 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 12:27 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-12 12:27 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 12:27 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 12:27 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-12 12:27 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 12:27 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 12:27 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 12:27 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 12:27 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 12:27 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 12:27 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-12 12:27 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 12:27 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 12:27 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-12 12:27 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 12:27 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 12:27 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-12 12:27 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 12:27 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-12 12:27 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-12 12:27 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 12:27 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 12:27 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 12:27 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 12:27 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-02-12 12:27 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-02-12 12:27 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-12 12:27 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-12 12:27 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-12 12:27 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-12 12:27 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-12 12:27 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-12 12:27 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-03 14:24 - 2015-02-03 14:24 - 00000219 _____ () C:\Users\Jonas\Desktop\Dota 2.url
2015-02-03 14:14 - 2015-02-15 12:47 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-03 14:14 - 2015-02-03 14:14 - 00000976 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-02-03 14:14 - 2015-02-03 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-03 14:13 - 2015-02-03 14:13 - 01142128 _____ () C:\Users\Jonas\Downloads\SteamSetup.exe
2015-02-02 21:54 - 2015-02-02 21:54 - 00000694 _____ () C:\DelFix.txt
2015-02-02 19:59 - 2015-02-02 19:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-02 19:48 - 2015-02-02 19:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 19:47 - 2015-02-02 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-02 19:47 - 2015-02-02 19:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 19:47 - 2015-02-02 19:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-02-02 19:47 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-02 19:47 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-02 19:47 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-02 19:38 - 2015-02-15 13:02 - 00000000 ____D () C:\Users\Jonas\Desktop\virenbereinigung
2015-02-02 19:38 - 2015-02-02 19:38 - 00709564 _____ () C:\Users\Jonas\Downloads\delfix_10.8.exe
2015-02-02 19:37 - 2015-02-02 19:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jonas\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-02 17:58 - 2015-02-02 17:58 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\WinRAR
2015-02-02 17:57 - 2015-02-02 17:57 - 02060888 _____ () C:\Users\Jonas\Downloads\winrar-x64-520d.exe
2015-02-02 17:57 - 2015-02-02 17:57 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-02 17:57 - 2015-02-02 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-02 17:57 - 2015-02-02 17:57 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-02 13:56 - 2015-02-02 13:56 - 00000000 ____D () C:\Users\Jonas\Documents\creo projekte
2015-02-02 11:34 - 2015-02-02 11:34 - 00038121 _____ () C:\Users\Jonas\Downloads\Lasertechnisches Praktikum - Organisatorische Informationen WS20
2015-02-01 14:12 - 2015-02-01 14:12 - 00000000 ____D () C:\Users\Jonas\Documents\bank
2015-01-31 15:14 - 2015-01-31 15:14 - 00000000 __SHD () C:\Users\Jonas\AppData\Local\EmieUserList
2015-01-31 15:14 - 2015-01-31 15:14 - 00000000 __SHD () C:\Users\Jonas\AppData\Local\EmieSiteList
2015-01-31 15:14 - 2015-01-31 15:14 - 00000000 __SHD () C:\Users\Jonas\AppData\Local\EmieBrowserModeList
2015-01-30 18:45 - 2015-01-30 18:45 - 00000945 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk
2015-01-30 18:45 - 2015-01-30 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2015-01-30 18:45 - 2015-01-30 18:45 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2015-01-30 18:43 - 2015-01-30 18:44 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Guild Wars 2
2015-01-30 18:40 - 2015-01-30 18:41 - 26068984 _____ (ArenaNet) C:\Users\Jonas\Downloads\Gw2Setup.exe
2015-01-24 13:18 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-24 13:18 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-24 13:18 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-24 13:18 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-24 13:18 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-24 13:18 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-15 13:01 - 2014-10-13 11:28 - 00000000 ____D () C:\Users\Jonas
2015-02-15 12:54 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 12:54 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 12:51 - 2010-11-21 07:50 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-02-15 12:51 - 2010-11-21 07:50 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-02-15 12:51 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 12:50 - 2014-10-13 11:28 - 01797048 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 12:47 - 2014-12-31 11:41 - 00000000 ____D () C:\Users\Jonas\AppData\Local\FreePDF_XP
2015-02-15 12:47 - 2014-10-13 12:09 - 00000000 ___RD () C:\Users\Jonas\Dropbox
2015-02-15 12:47 - 2014-10-13 12:07 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Dropbox
2015-02-15 12:47 - 2014-10-13 12:01 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 12:47 - 2014-10-13 11:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-15 12:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 12:47 - 2009-07-14 05:51 - 00059445 _____ () C:\Windows\setupact.log
2015-02-14 20:21 - 2014-10-13 12:01 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-14 20:16 - 2014-10-13 12:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-14 19:23 - 2014-10-19 21:29 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Mumble
2015-02-14 14:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 13:51 - 2014-12-13 12:51 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-13 13:51 - 2014-10-13 14:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 16:27 - 2014-10-25 12:22 - 00000000 ____D () C:\Users\Jonas\Documents\Outlook-Dateien
2015-02-12 16:15 - 2009-07-14 05:45 - 00503344 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 15:48 - 2014-12-30 23:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 13:08 - 2014-10-13 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-12 12:26 - 2014-10-13 12:08 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-08 19:16 - 2014-10-13 12:01 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-08 19:16 - 2014-10-13 12:01 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-08 19:03 - 2014-10-25 11:37 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\PTC
2015-02-05 22:01 - 2014-11-22 09:32 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-05 22:01 - 2014-10-13 11:41 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-05 22:01 - 2014-10-13 11:41 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-05 22:01 - 2014-10-13 11:41 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-05 22:01 - 2014-10-13 11:41 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-02-05 22:01 - 2014-10-13 11:41 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-05 20:07 - 2014-10-13 11:44 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-05 20:07 - 2014-10-13 11:44 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-05 20:07 - 2014-10-13 11:44 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-05 20:07 - 2014-10-13 11:44 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-05 20:07 - 2014-10-13 11:44 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-05 20:06 - 2014-10-13 11:44 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 13:50 - 2014-10-13 11:44 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-04 22:41 - 2014-10-13 14:42 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Skype
2015-02-04 22:16 - 2014-10-13 12:03 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 22:16 - 2014-10-13 12:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 22:16 - 2014-10-13 12:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 11:26 - 2014-12-16 17:49 - 00000000 ____D () C:\Users\Anna\Documents\Citavi 4
2015-02-04 11:19 - 2014-12-20 12:21 - 00000000 ____D () C:\Users\Anna\Desktop\Anna
2015-02-04 11:19 - 2014-10-13 12:07 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-03 10:37 - 2010-11-21 04:47 - 00047096 _____ () C:\Windows\PFRO.log
2015-02-02 19:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\security
2015-02-02 19:43 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini
2015-02-02 19:39 - 2014-10-25 14:06 - 00000000 ____D () C:\Users\Jonas\Desktop\nützliches
2015-01-30 19:09 - 2014-10-13 11:44 - 00007608 _____ () C:\Users\Jonas\AppData\Local\Resmon.ResmonCfg
==================== Files in the root of some directories =======
2014-10-13 11:44 - 2015-01-30 19:09 - 0007608 _____ () C:\Users\Jonas\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\Jonas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt0nfl_.dll
C:\Users\Jonas\AppData\Local\Temp\Gw2.exe
C:\Users\Jonas\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Jonas\AppData\Local\Temp\nvStInst.exe
C:\Users\Jonas\AppData\Local\Temp\Quarantine.exe
C:\Users\Jonas\AppData\Local\Temp\sdf736C.exe
C:\Users\Jonas\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-13 17:36
==================== End Of Log ============================
--- --- --- Addition.txt FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Jonas at 2015-02-15 13:02:44
Running from C:\Users\Jonas\Desktop\virenbereinigung
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Arbortext IsoView 7.3 (HKLM-x32\...\{DE52A69A-978A-480A-82F7-E17C50F98EC6}) (Version: 7.3.10.22 - PTC)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.2.0.11 - Swiss Academic Software)
Creo Direct Version 2.0 Datecode [M100] (HKLM-x32\...\Creo Direct Version 2.0 Datecode [M100]) (Version: 2.0 - PTC)
Creo Layout Version 2.0 Datecode [M100] (HKLM-x32\...\Creo Layout Version 2.0 Datecode [M100]) (Version: 2.0 - PTC)
Creo Parametric Version 2.0 Datecode [M100] (HKLM-x32\...\Creo Parametric Version 2.0 Datecode [M100]) (Version: 2.0 - PTC)
Creo Platform 2.31 (HKLM-x32\...\{8AE0A04D-4DF7-4FCF-BA94-382142B2C544}) (Version: 2.31.0 - PTC)
Creo Thumbnail Viewer 2.0 (HKLM\...\{1F9DABCA-A79B-4B38-84DE-03E66FBA2167}) (Version: 30.14.000 - PTC)
Creo View Express 2.0 (HKLM\...\{03F6002E-A32B-4C68-818F-DEE386463FBC}) (Version: 10.1.40.15 - PTC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKU\S-1-5-21-3299774788-2130862179-1353054255-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden
Fraps (HKLM-x32\...\Fraps) (Version: - )
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Robocopy GUI (HKLM-x32\...\{107C666F-63C5-4263-8D40-8B9CFB5FED08}) (Version: 1.0.0 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
MKS Platform Components 9.x (HKLM\...\{30276636-0000-0905-9ABB-000BDB5CF35D}) (Version: 9.5.0000 - Mortice Kern Systems)
Mumble 1.2.8 (HKLM-x32\...\{1BC144A3-20EF-49DD-8EBB-E421E128E30F}) (Version: 1.2.8 - Thorvald Natvig)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
PAMM (HKLM-x32\...\{DCF020E4-4FC7-4AEE-A71E-B805416E02F1}) (Version: 1.5.0.0 - The PA Community)
Planetary Annihilation Launcher (HKLM-x32\...\{B88148BA-6B11-4C5F-B775-71F39AC42F9A}) (Version: 1.1.64928 - Uber Entertainment)
PTC Portmapper Version 2.0 Datecode [M100] (HKLM-x32\...\PTC Portmapper Version 2.0 Datecode [M100]) (Version: 2.0 - PTC)
PTC Quality Agent (HKLM-x32\...\{F4061534-FBFD-4122-84A0-703D545CC9D4}) (Version: 2.0.0.0 - PTC)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.7 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version: - Ubisoft Montreal)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3299774788-2130862179-1353054255-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3299774788-2130862179-1353054255-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3299774788-2130862179-1353054255-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3299774788-2130862179-1353054255-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3299774788-2130862179-1353054255-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3299774788-2130862179-1353054255-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3299774788-2130862179-1353054255-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3299774788-2130862179-1353054255-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3299774788-2130862179-1353054255-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3299774788-2130862179-1353054255-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
12-02-2015 15:46:28 Windows Update
12-02-2015 16:58:42 Windows Update
13-02-2015 19:14:24 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0A5BB875-9F2B-4FE7-984B-01EDE61EDEA2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1C013724-0BC1-42D5-806F-99229C828CAF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {5F26310B-C2FD-445A-8405-CACBF06B1417} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-13] (Google Inc.)
Task: {A0245086-3DCA-4F58-9496-C46270BFAF5A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {B39E0209-CAE2-4353-8E0A-DA7EA04405F1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {C8A56A2C-586F-478F-98E3-86A156E82DDB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {C8EC6D75-06EF-4AB3-A78C-2C4CF446D2ED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D58F97FF-9ADE-47EC-8D87-7BA973BC64D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-13] (Google Inc.)
Task: {DE24C24A-A802-45D4-829A-CFBA6DA34962} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {EFD0FC45-473D-47CF-8779-E4C774AC3B00} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-13] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-10-13 11:44 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-31 11:34 - 2012-06-21 07:25 - 00113152 _____ () C:\Windows\System32\redmon64.dll
2014-10-25 11:24 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-10-13 11:34 - 2013-10-31 19:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-13 12:04 - 2014-10-13 12:04 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-02-15 12:47 - 2015-02-15 12:47 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021500\algo.dll
2015-02-03 14:18 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-02-03 14:18 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-02-03 14:18 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-02-03 14:18 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-02-03 14:18 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-02-03 14:18 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-02-03 14:18 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-02-03 14:18 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-02-03 14:18 - 2015-01-23 23:34 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2015-02-03 14:18 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-02-03 14:18 - 2015-01-23 23:33 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-10-13 12:04 - 2014-10-13 12:04 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\Jonas\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-15 12:47 - 2015-02-15 12:47 - 00043008 _____ () c:\users\jonas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt0nfl_.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\Jonas\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\Jonas\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\Jonas\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-03 14:18 - 2015-01-16 00:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-02-08 19:22 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-08 19:22 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-08 19:22 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2014-10-13 11:36 - 2013-09-16 11:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-02-08 19:22 - 2015-02-04 10:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Jonas\Desktop\TSPS-200-1.10.1-N-Ventilschaft-oben-t1.pdf:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3299774788-2130862179-1353054255-500 - Administrator - Disabled)
Anna (S-1-5-21-3299774788-2130862179-1353054255-1003 - Limited - Enabled) => C:\Users\Anna
Gast (S-1-5-21-3299774788-2130862179-1353054255-501 - Limited - Disabled)
Jonas (S-1-5-21-3299774788-2130862179-1353054255-1000 - Administrator - Enabled) => C:\Users\Jonas
Laura (S-1-5-21-3299774788-2130862179-1353054255-1002 - Limited - Enabled) => C:\Users\Laura
Mama (S-1-5-21-3299774788-2130862179-1353054255-1004 - Limited - Enabled) => C:\Users\Mama
Papa (S-1-5-21-3299774788-2130862179-1353054255-1005 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/15/2015 00:47:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/14/2015 06:52:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/14/2015 02:15:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/14/2015 02:13:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/14/2015 01:45:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/13/2015 01:52:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/12/2015 04:17:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/12/2015 01:42:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 40.0.2214.111 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 145c
Startzeit: 01d046bb843498b7
Endzeit: 16
Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Berichts-ID: 908e6c46-b2b4-11e4-a573-50e549c96bbf
Error: (02/12/2015 01:36:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/12/2015 00:21:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (02/15/2015 01:02:45 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/15/2015 01:02:34 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/15/2015 01:02:28 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/15/2015 01:02:27 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/15/2015 00:55:16 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/15/2015 00:55:14 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/15/2015 00:53:48 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/15/2015 00:53:14 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/15/2015 00:53:14 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/15/2015 00:53:13 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Microsoft Office Sessions:
=========================
Error: (02/15/2015 00:47:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/14/2015 06:52:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/14/2015 02:15:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (02/14/2015 02:13:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (02/14/2015 01:45:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/13/2015 01:52:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/12/2015 04:17:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/12/2015 01:42:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe40.0.2214.111145c01d046bb843498b716C:\Program Files (x86)\Google\Chrome\Application\chrome.exe908e6c46-b2b4-11e4-a573-50e549c96bbf
Error: (02/12/2015 01:36:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (02/12/2015 00:21:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 35%
Total physical RAM: 8109.12 MB
Available physical RAM: 5211.74 MB
Total Pagefile: 16216.42 MB
Available Pagefile: 13058.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Uberl SSD) (Fixed) (Total:111.79 GB) (Free:20.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (BAK) (Fixed) (Total:77.02 GB) (Free:65.43 GB) NTFS
Drive f: (Programme) (Fixed) (Total:390.62 GB) (Free:382.94 GB) NTFS
Drive g: (Daten) (Fixed) (Total:463.87 GB) (Free:458.18 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: E2DFF335)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1DCE3A9B)
Partition 1: (Not Active) - (Size=463.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=77 GB) - (Type=07 NTFS)
==================== End Of Log ============================
GMER.txt GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-15 13:12:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 OCZ-AGILITY3 rev.2.22 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Jonas\AppData\Local\Temp\fgloypow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Windows\system32\services.exe[704] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Windows\system32\winlogon.exe[736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[992] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Windows\System32\svchost.exe[604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1228] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[1244] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1756] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1992] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075251401 2 bytes JMP 74d2b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075251419 2 bytes JMP 74d2b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075251431 2 bytes JMP 74da8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007525144a 2 bytes CALL 74d048ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752514dd 2 bytes JMP 74da87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752514f5 2 bytes JMP 74da8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007525150d 2 bytes JMP 74da8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075251525 2 bytes JMP 74da8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007525153d 2 bytes JMP 74d1fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075251555 2 bytes JMP 74d268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007525156d 2 bytes JMP 74da8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075251585 2 bytes JMP 74da8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007525159d 2 bytes JMP 74da865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752515b5 2 bytes JMP 74d1fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752515cd 2 bytes JMP 74d2b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752516b2 2 bytes JMP 74da8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752516bd 2 bytes JMP 74da85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\Explorer.EXE[3052] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Windows\system32\conhost.exe[3088] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3448] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3704] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075251401 2 bytes JMP 74d2b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075251419 2 bytes JMP 74d2b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075251431 2 bytes JMP 74da8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007525144a 2 bytes CALL 74d048ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752514dd 2 bytes JMP 74da87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752514f5 2 bytes JMP 74da8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007525150d 2 bytes JMP 74da8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075251525 2 bytes JMP 74da8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007525153d 2 bytes JMP 74d1fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075251555 2 bytes JMP 74d268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007525156d 2 bytes JMP 74da8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075251585 2 bytes JMP 74da8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007525159d 2 bytes JMP 74da865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752515b5 2 bytes JMP 74d1fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752515cd 2 bytes JMP 74d2b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752516b2 2 bytes JMP 74da8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752516bd 2 bytes JMP 74da85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3816] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074d08791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3816] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3844] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000075251401 2 bytes JMP 74d2b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000075251419 2 bytes JMP 74d2b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000075251431 2 bytes JMP 74da8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007525144a 2 bytes CALL 74d048ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000752514dd 2 bytes JMP 74da87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000752514f5 2 bytes JMP 74da8978 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007525150d 2 bytes JMP 74da8698 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075251525 2 bytes JMP 74da8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007525153d 2 bytes JMP 74d1fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000075251555 2 bytes JMP 74d268ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007525156d 2 bytes JMP 74da8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000075251585 2 bytes JMP 74da8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007525159d 2 bytes JMP 74da865c C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000752515b5 2 bytes JMP 74d1fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000752515cd 2 bytes JMP 74d2b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000752516b2 2 bytes JMP 74da8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000752516bd 2 bytes JMP 74da85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[3308] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1300] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075251401 2 bytes JMP 74d2b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075251419 2 bytes JMP 74d2b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075251431 2 bytes JMP 74da8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007525144a 2 bytes CALL 74d048ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752514dd 2 bytes JMP 74da87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752514f5 2 bytes JMP 74da8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007525150d 2 bytes JMP 74da8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075251525 2 bytes JMP 74da8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007525153d 2 bytes JMP 74d1fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075251555 2 bytes JMP 74d268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007525156d 2 bytes JMP 74da8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075251585 2 bytes JMP 74da8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007525159d 2 bytes JMP 74da865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752515b5 2 bytes JMP 74d1fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752515cd 2 bytes JMP 74d2b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752516b2 2 bytes JMP 74da8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752516bd 2 bytes JMP 74da85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4536] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Windows\System32\svchost.exe[4596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Users\Jonas\Desktop\virenbereinigung\Gmer-19357.exe[2560] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [4596:364] 000007fef4fa9688
---- Processes - GMER 2.1 ----
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:28) 000000006cb60000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006f7e0000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864](2015-02-10 21:00:30) 0000000070b20000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006c770000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (ICU I18N DLL/The ICU Project)(2015-02-10 21:00:30) 000000004a900000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (ICU Common DLL/The ICU Project)(2015-02-10 21:00:30) 0000000004500000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (ICU Data DLL/The ICU Project)(2015-02-10 21:00:30) 000000004ad00000
Library c:\users\jonas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt0nfl_.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864](2015-02-15 11:47:32) 0000000004100000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000069b60000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 0000000068b70000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000068950000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 00000000686f0000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006f7b0000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864](2015-02-10 21:00:30) 00000000709c0000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 000000006cf80000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 00000000686b0000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000068660000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864](2015-02-10 21:00:28) 0000000068580000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864](2015-02-10 21:00:28) 0000000068540000
---- EOF - GMER 2.1 ----
Geändert von frozenowni (15.02.2015 um 14:22 Uhr) Grund: bessere lesbarkeit |
|
15.02.2015, 13:30
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 home 64bit: Schädlingsbefall durch Techgile Virus. Werbung in Browser. Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Alles bitte nochmal, und FRST neu laden, deine Version ist uralt.
__________________ |
|
15.02.2015, 14:07
| #3 |
| | txt's als Code Hallo Schrauber,
__________________danke für die schnelle Antwort. defogger_disable Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:01 on 15/02/2015 (Jonas)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by Jonas (administrator) on JONAS-PC on 15-02-2015 13:57:47
Running from C:\Users\Jonas\Desktop\virenbereinigung
Loaded Profiles: Jonas (Available profiles: Jonas & Laura & Anna & Mama)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(MKS Software Inc.) C:\Windows\System32\nutsrv4.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PTC Inc.) C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-13] (AVAST Software)
HKLM-x32\...\Run: [NuTCSetupEnviron] => C:\Program Files\PTC\MKS Toolkit\bin\ncoeenv.exe [37248 2012-10-12] (MKS Software Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3299774788-2130862179-1353054255-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
Startup: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3299774788-2130862179-1353054255-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\Windows\SysWOW64\cgmopenbho.dll (CGM Open Consortium, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @ptc.com/ProductViewLite -> C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-13]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1420202940&from=ima&uid=OCZ-AGILITY3_OCZ-32Q3217NO988P6RE
CHR RestoreOnStartup: Default -> "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=276_pr__alt__ddc_dsssyc_bd_com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-13]
CHR Extension: (Google Docs) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-13]
CHR Extension: (Google Drive) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-13]
CHR Extension: (YouTube) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-13]
CHR Extension: (Adblock Plus) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-13]
CHR Extension: (Google-Suche) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-13]
CHR Extension: (Google Tabellen) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-13]
CHR Extension: (Avast Online Security) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-13]
CHR Extension: (Google Wallet) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-13]
CHR Extension: (Techgile) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfpklbmjjijallflamcdlkgglcehpfb [2015-01-02]
CHR Extension: (Citavi Picker) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\piehhloihgjjiomhieeddiidpekaajio [2014-11-15]
CHR Extension: (Google Mail) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-13]
CHR HKLM-x32\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx [2014-11-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-13] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NuTCRACKERService; C:\Windows\system32\nutsrv4.exe [574776 2012-10-12] (MKS Software Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 PortmapperService; C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe [496128 2014-10-25] (PTC Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-13] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
U3 fgloypow; \??\C:\Users\Jonas\AppData\Local\Temp\fgloypow.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-15 13:02 - 2015-02-15 13:57 - 00000000 ____D () C:\FRST
2015-02-15 13:01 - 2015-02-15 13:01 - 00000000 _____ () C:\Users\Jonas\defogger_reenable
2015-02-13 19:14 - 2015-02-13 19:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-02-13 13:58 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 13:58 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 13:58 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 13:58 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 13:08 - 2015-02-05 18:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-12 13:07 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-12 13:07 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-02-12 13:07 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-12 12:27 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-12 12:27 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-12 12:27 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-12 12:27 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 12:27 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-12 12:27 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-12 12:27 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-12 12:27 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-12 12:27 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-12 12:27 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-12 12:27 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-12 12:27 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-12 12:27 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-12 12:27 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-12 12:27 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 12:27 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-12 12:27 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-12 12:27 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-12 12:27 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-12 12:27 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-12 12:27 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-12 12:27 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-12 12:27 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-12 12:27 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-12 12:27 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 12:27 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-12 12:27 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-12 12:27 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-12 12:27 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 12:27 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 12:27 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 12:27 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 12:27 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 12:27 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-12 12:27 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 12:27 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 12:27 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 12:27 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-12 12:27 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-12 12:27 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 12:27 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 12:27 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 12:27 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 12:27 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-12 12:27 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 12:27 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-12 12:27 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 12:27 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 12:27 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-12 12:27 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 12:27 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 12:27 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 12:27 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 12:27 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-12 12:27 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-12 12:27 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 12:27 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 12:27 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 12:27 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 12:27 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 12:27 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 12:27 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 12:27 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 12:27 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 12:27 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-12 12:27 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 12:27 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 12:27 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-12 12:27 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 12:27 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 12:27 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 12:27 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 12:27 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 12:27 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 12:27 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-12 12:27 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 12:27 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 12:27 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-12 12:27 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 12:27 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 12:27 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-12 12:27 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 12:27 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-12 12:27 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-12 12:27 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 12:27 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 12:27 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 12:27 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 12:27 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-02-12 12:27 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-02-12 12:27 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-12 12:27 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-12 12:27 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-12 12:27 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-12 12:27 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-12 12:27 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-12 12:27 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-03 14:24 - 2015-02-03 14:24 - 00000219 _____ () C:\Users\Jonas\Desktop\Dota 2.url
2015-02-03 14:14 - 2015-02-15 13:52 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-03 14:14 - 2015-02-03 14:14 - 00000976 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-02-03 14:14 - 2015-02-03 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-03 14:13 - 2015-02-03 14:13 - 01142128 _____ () C:\Users\Jonas\Downloads\SteamSetup.exe
2015-02-02 21:54 - 2015-02-02 21:54 - 00000694 _____ () C:\DelFix.txt
2015-02-02 19:59 - 2015-02-02 19:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-02 19:48 - 2015-02-02 19:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 19:47 - 2015-02-02 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-02 19:47 - 2015-02-02 19:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 19:47 - 2015-02-02 19:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-02-02 19:47 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-02 19:47 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-02 19:47 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-02 19:38 - 2015-02-15 13:57 - 00000000 ____D () C:\Users\Jonas\Desktop\virenbereinigung
2015-02-02 19:38 - 2015-02-02 19:38 - 00709564 _____ () C:\Users\Jonas\Downloads\delfix_10.8.exe
2015-02-02 19:37 - 2015-02-02 19:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jonas\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-02 17:58 - 2015-02-02 17:58 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\WinRAR
2015-02-02 17:57 - 2015-02-02 17:57 - 02060888 _____ () C:\Users\Jonas\Downloads\winrar-x64-520d.exe
2015-02-02 17:57 - 2015-02-02 17:57 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-02 17:57 - 2015-02-02 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-02 17:57 - 2015-02-02 17:57 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-02 13:56 - 2015-02-02 13:56 - 00000000 ____D () C:\Users\Jonas\Documents\creo projekte
2015-02-02 11:34 - 2015-02-02 11:34 - 00038121 _____ () C:\Users\Jonas\Downloads\Lasertechnisches Praktikum - Organisatorische Informationen WS20
2015-02-01 14:12 - 2015-02-01 14:12 - 00000000 ____D () C:\Users\Jonas\Documents\bank
2015-01-31 15:14 - 2015-01-31 15:14 - 00000000 __SHD () C:\Users\Jonas\AppData\Local\EmieUserList
2015-01-31 15:14 - 2015-01-31 15:14 - 00000000 __SHD () C:\Users\Jonas\AppData\Local\EmieSiteList
2015-01-31 15:14 - 2015-01-31 15:14 - 00000000 __SHD () C:\Users\Jonas\AppData\Local\EmieBrowserModeList
2015-01-30 18:45 - 2015-01-30 18:45 - 00000945 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk
2015-01-30 18:45 - 2015-01-30 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2015-01-30 18:45 - 2015-01-30 18:45 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2015-01-30 18:43 - 2015-01-30 18:44 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Guild Wars 2
2015-01-30 18:40 - 2015-01-30 18:41 - 26068984 _____ (ArenaNet) C:\Users\Jonas\Downloads\Gw2Setup.exe
2015-01-24 13:18 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-24 13:18 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-24 13:18 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-24 13:18 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-24 13:18 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-24 13:18 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-15 13:56 - 2014-10-25 12:22 - 00000000 ____D () C:\Users\Jonas\Documents\Outlook-Dateien
2015-02-15 13:21 - 2014-10-13 12:01 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 13:16 - 2014-10-13 12:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 13:04 - 2014-12-31 11:41 - 00000000 ____D () C:\Users\Jonas\AppData\Local\FreePDF_XP
2015-02-15 13:01 - 2014-10-13 11:28 - 00000000 ____D () C:\Users\Jonas
2015-02-15 12:54 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 12:54 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 12:51 - 2010-11-21 07:50 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-02-15 12:51 - 2010-11-21 07:50 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-02-15 12:51 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 12:50 - 2014-10-13 11:28 - 01801129 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 12:47 - 2014-10-13 12:09 - 00000000 ___RD () C:\Users\Jonas\Dropbox
2015-02-15 12:47 - 2014-10-13 12:07 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Dropbox
2015-02-15 12:47 - 2014-10-13 12:01 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 12:47 - 2014-10-13 11:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-15 12:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 12:47 - 2009-07-14 05:51 - 00059445 _____ () C:\Windows\setupact.log
2015-02-14 19:23 - 2014-10-19 21:29 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Mumble
2015-02-14 14:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 13:51 - 2014-12-13 12:51 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-13 13:51 - 2014-10-13 14:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 16:15 - 2009-07-14 05:45 - 00503344 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 15:48 - 2014-12-30 23:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 13:08 - 2014-10-13 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-12 12:26 - 2014-10-13 12:08 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-08 19:16 - 2014-10-13 12:01 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-08 19:16 - 2014-10-13 12:01 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-08 19:03 - 2014-10-25 11:37 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\PTC
2015-02-05 22:01 - 2014-11-22 09:32 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-05 22:01 - 2014-10-13 11:41 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-05 22:01 - 2014-10-13 11:41 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-05 22:01 - 2014-10-13 11:41 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-05 22:01 - 2014-10-13 11:41 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-02-05 22:01 - 2014-10-13 11:41 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-05 20:07 - 2014-10-13 11:44 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-05 20:07 - 2014-10-13 11:44 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-05 20:07 - 2014-10-13 11:44 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-05 20:07 - 2014-10-13 11:44 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-05 20:07 - 2014-10-13 11:44 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-05 20:06 - 2014-10-13 11:44 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 13:50 - 2014-10-13 11:44 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-04 22:41 - 2014-10-13 14:42 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Skype
2015-02-04 22:16 - 2014-10-13 12:03 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 22:16 - 2014-10-13 12:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 22:16 - 2014-10-13 12:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 11:26 - 2014-12-16 17:49 - 00000000 ____D () C:\Users\Anna\Documents\Citavi 4
2015-02-04 11:19 - 2014-12-20 12:21 - 00000000 ____D () C:\Users\Anna\Desktop\Anna
2015-02-04 11:19 - 2014-10-13 12:07 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-03 10:37 - 2010-11-21 04:47 - 00047096 _____ () C:\Windows\PFRO.log
2015-02-02 19:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\security
2015-02-02 19:43 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini
2015-02-02 19:39 - 2014-10-25 14:06 - 00000000 ____D () C:\Users\Jonas\Desktop\nützliches
2015-01-30 19:09 - 2014-10-13 11:44 - 00007608 _____ () C:\Users\Jonas\AppData\Local\Resmon.ResmonCfg
==================== Files in the root of some directories =======
2014-10-13 11:44 - 2015-01-30 19:09 - 0007608 _____ () C:\Users\Jonas\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\Jonas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt0nfl_.dll
C:\Users\Jonas\AppData\Local\Temp\Gw2.exe
C:\Users\Jonas\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Jonas\AppData\Local\Temp\nvStInst.exe
C:\Users\Jonas\AppData\Local\Temp\Quarantine.exe
C:\Users\Jonas\AppData\Local\Temp\sdf736C.exe
C:\Users\Jonas\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-13 17:36
==================== End Of Log ============================
--- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Jonas at 2015-02-15 13:02:44
Running from C:\Users\Jonas\Desktop\virenbereinigung
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Arbortext IsoView 7.3 (HKLM-x32\...\{DE52A69A-978A-480A-82F7-E17C50F98EC6}) (Version: 7.3.10.22 - PTC)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.2.0.11 - Swiss Academic Software)
Creo Direct Version 2.0 Datecode [M100] (HKLM-x32\...\Creo Direct Version 2.0 Datecode [M100]) (Version: 2.0 - PTC)
Creo Layout Version 2.0 Datecode [M100] (HKLM-x32\...\Creo Layout Version 2.0 Datecode [M100]) (Version: 2.0 - PTC)
Creo Parametric Version 2.0 Datecode [M100] (HKLM-x32\...\Creo Parametric Version 2.0 Datecode [M100]) (Version: 2.0 - PTC)
Creo Platform 2.31 (HKLM-x32\...\{8AE0A04D-4DF7-4FCF-BA94-382142B2C544}) (Version: 2.31.0 - PTC)
Creo Thumbnail Viewer 2.0 (HKLM\...\{1F9DABCA-A79B-4B38-84DE-03E66FBA2167}) (Version: 30.14.000 - PTC)
Creo View Express 2.0 (HKLM\...\{03F6002E-A32B-4C68-818F-DEE386463FBC}) (Version: 10.1.40.15 - PTC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKU\S-1-5-21-3299774788-2130862179-1353054255-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden
Fraps (HKLM-x32\...\Fraps) (Version: - )
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Robocopy GUI (HKLM-x32\...\{107C666F-63C5-4263-8D40-8B9CFB5FED08}) (Version: 1.0.0 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
MKS Platform Components 9.x (HKLM\...\{30276636-0000-0905-9ABB-000BDB5CF35D}) (Version: 9.5.0000 - Mortice Kern Systems)
Mumble 1.2.8 (HKLM-x32\...\{1BC144A3-20EF-49DD-8EBB-E421E128E30F}) (Version: 1.2.8 - Thorvald Natvig)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
PAMM (HKLM-x32\...\{DCF020E4-4FC7-4AEE-A71E-B805416E02F1}) (Version: 1.5.0.0 - The PA Community)
Planetary Annihilation Launcher (HKLM-x32\...\{B88148BA-6B11-4C5F-B775-71F39AC42F9A}) (Version: 1.1.64928 - Uber Entertainment)
PTC Portmapper Version 2.0 Datecode [M100] (HKLM-x32\...\PTC Portmapper Version 2.0 Datecode [M100]) (Version: 2.0 - PTC)
PTC Quality Agent (HKLM-x32\...\{F4061534-FBFD-4122-84A0-703D545CC9D4}) (Version: 2.0.0.0 - PTC)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.7 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version: - Ubisoft Montreal)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3299774788-2130862179-1353054255-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3299774788-2130862179-1353054255-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3299774788-2130862179-1353054255-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3299774788-2130862179-1353054255-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3299774788-2130862179-1353054255-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3299774788-2130862179-1353054255-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3299774788-2130862179-1353054255-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3299774788-2130862179-1353054255-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3299774788-2130862179-1353054255-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3299774788-2130862179-1353054255-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
12-02-2015 15:46:28 Windows Update
12-02-2015 16:58:42 Windows Update
13-02-2015 19:14:24 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0A5BB875-9F2B-4FE7-984B-01EDE61EDEA2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1C013724-0BC1-42D5-806F-99229C828CAF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {5F26310B-C2FD-445A-8405-CACBF06B1417} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-13] (Google Inc.)
Task: {A0245086-3DCA-4F58-9496-C46270BFAF5A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {B39E0209-CAE2-4353-8E0A-DA7EA04405F1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {C8A56A2C-586F-478F-98E3-86A156E82DDB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {C8EC6D75-06EF-4AB3-A78C-2C4CF446D2ED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D58F97FF-9ADE-47EC-8D87-7BA973BC64D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-13] (Google Inc.)
Task: {DE24C24A-A802-45D4-829A-CFBA6DA34962} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {EFD0FC45-473D-47CF-8779-E4C774AC3B00} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-13] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-10-13 11:44 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-31 11:34 - 2012-06-21 07:25 - 00113152 _____ () C:\Windows\System32\redmon64.dll
2014-10-25 11:24 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-10-13 11:34 - 2013-10-31 19:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-13 12:04 - 2014-10-13 12:04 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-02-15 12:47 - 2015-02-15 12:47 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021500\algo.dll
2015-02-03 14:18 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-02-03 14:18 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-02-03 14:18 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-02-03 14:18 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-02-03 14:18 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-02-03 14:18 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-02-03 14:18 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-02-03 14:18 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-02-03 14:18 - 2015-01-23 23:34 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2015-02-03 14:18 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-02-03 14:18 - 2015-01-23 23:33 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-10-13 12:04 - 2014-10-13 12:04 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\Jonas\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-15 12:47 - 2015-02-15 12:47 - 00043008 _____ () c:\users\jonas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt0nfl_.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\Jonas\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\Jonas\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\Jonas\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-03 14:18 - 2015-01-16 00:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-02-08 19:22 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-08 19:22 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-08 19:22 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2014-10-13 11:36 - 2013-09-16 11:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-02-08 19:22 - 2015-02-04 10:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Jonas\Desktop\TSPS-200-1.10.1-N-Ventilschaft-oben-t1.pdf:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3299774788-2130862179-1353054255-500 - Administrator - Disabled)
Anna (S-1-5-21-3299774788-2130862179-1353054255-1003 - Limited - Enabled) => C:\Users\Anna
Gast (S-1-5-21-3299774788-2130862179-1353054255-501 - Limited - Disabled)
Jonas (S-1-5-21-3299774788-2130862179-1353054255-1000 - Administrator - Enabled) => C:\Users\Jonas
Laura (S-1-5-21-3299774788-2130862179-1353054255-1002 - Limited - Enabled) => C:\Users\Laura
Mama (S-1-5-21-3299774788-2130862179-1353054255-1004 - Limited - Enabled) => C:\Users\Mama
Papa (S-1-5-21-3299774788-2130862179-1353054255-1005 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/15/2015 00:47:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/14/2015 06:52:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/14/2015 02:15:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/14/2015 02:13:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/14/2015 01:45:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/13/2015 01:52:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/12/2015 04:17:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/12/2015 01:42:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 40.0.2214.111 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 145c
Startzeit: 01d046bb843498b7
Endzeit: 16
Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Berichts-ID: 908e6c46-b2b4-11e4-a573-50e549c96bbf
Error: (02/12/2015 01:36:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/12/2015 00:21:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (02/15/2015 01:02:45 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/15/2015 01:02:34 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/15/2015 01:02:28 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/15/2015 01:02:27 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/15/2015 00:55:16 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/15/2015 00:55:14 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/15/2015 00:53:48 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/15/2015 00:53:14 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/15/2015 00:53:14 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/15/2015 00:53:13 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Microsoft Office Sessions:
=========================
Error: (02/15/2015 00:47:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/14/2015 06:52:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/14/2015 02:15:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (02/14/2015 02:13:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (02/14/2015 01:45:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/13/2015 01:52:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/12/2015 04:17:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/12/2015 01:42:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe40.0.2214.111145c01d046bb843498b716C:\Program Files (x86)\Google\Chrome\Application\chrome.exe908e6c46-b2b4-11e4-a573-50e549c96bbf
Error: (02/12/2015 01:36:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (02/12/2015 00:21:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 35%
Total physical RAM: 8109.12 MB
Available physical RAM: 5211.74 MB
Total Pagefile: 16216.42 MB
Available Pagefile: 13058.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Uberl SSD) (Fixed) (Total:111.79 GB) (Free:20.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (BAK) (Fixed) (Total:77.02 GB) (Free:65.43 GB) NTFS
Drive f: (Programme) (Fixed) (Total:390.62 GB) (Free:382.94 GB) NTFS
Drive g: (Daten) (Fixed) (Total:463.87 GB) (Free:458.18 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: E2DFF335)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1DCE3A9B)
Partition 1: (Not Active) - (Size=463.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=77 GB) - (Type=07 NTFS)
==================== End Of Log ============================
[CODE] GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-15 13:12:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 OCZ-AGILITY3 rev.2.22 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Jonas\AppData\Local\Temp\fgloypow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Windows\system32\services.exe[704] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Windows\system32\winlogon.exe[736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[992] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Windows\System32\svchost.exe[604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1228] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[1244] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1756] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1992] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075251401 2 bytes JMP 74d2b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075251419 2 bytes JMP 74d2b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075251431 2 bytes JMP 74da8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007525144a 2 bytes CALL 74d048ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752514dd 2 bytes JMP 74da87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752514f5 2 bytes JMP 74da8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007525150d 2 bytes JMP 74da8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075251525 2 bytes JMP 74da8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007525153d 2 bytes JMP 74d1fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075251555 2 bytes JMP 74d268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007525156d 2 bytes JMP 74da8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075251585 2 bytes JMP 74da8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007525159d 2 bytes JMP 74da865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752515b5 2 bytes JMP 74d1fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752515cd 2 bytes JMP 74d2b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752516b2 2 bytes JMP 74da8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752516bd 2 bytes JMP 74da85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\Explorer.EXE[3052] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Windows\system32\conhost.exe[3088] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3448] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[3704] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075251401 2 bytes JMP 74d2b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075251419 2 bytes JMP 74d2b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075251431 2 bytes JMP 74da8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007525144a 2 bytes CALL 74d048ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752514dd 2 bytes JMP 74da87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752514f5 2 bytes JMP 74da8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007525150d 2 bytes JMP 74da8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075251525 2 bytes JMP 74da8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007525153d 2 bytes JMP 74d1fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075251555 2 bytes JMP 74d268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007525156d 2 bytes JMP 74da8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075251585 2 bytes JMP 74da8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007525159d 2 bytes JMP 74da865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752515b5 2 bytes JMP 74d1fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752515cd 2 bytes JMP 74d2b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752516b2 2 bytes JMP 74da8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752516bd 2 bytes JMP 74da85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3816] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074d08791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3816] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3844] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000075251401 2 bytes JMP 74d2b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000075251419 2 bytes JMP 74d2b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000075251431 2 bytes JMP 74da8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007525144a 2 bytes CALL 74d048ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000752514dd 2 bytes JMP 74da87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000752514f5 2 bytes JMP 74da8978 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007525150d 2 bytes JMP 74da8698 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075251525 2 bytes JMP 74da8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007525153d 2 bytes JMP 74d1fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000075251555 2 bytes JMP 74d268ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007525156d 2 bytes JMP 74da8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000075251585 2 bytes JMP 74da8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007525159d 2 bytes JMP 74da865c C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000752515b5 2 bytes JMP 74d1fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000752515cd 2 bytes JMP 74d2b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000752516b2 2 bytes JMP 74da8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe[3864] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000752516bd 2 bytes JMP 74da85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[3308] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1300] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075251401 2 bytes JMP 74d2b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075251419 2 bytes JMP 74d2b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075251431 2 bytes JMP 74da8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007525144a 2 bytes CALL 74d048ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752514dd 2 bytes JMP 74da87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752514f5 2 bytes JMP 74da8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007525150d 2 bytes JMP 74da8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075251525 2 bytes JMP 74da8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007525153d 2 bytes JMP 74d1fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075251555 2 bytes JMP 74d268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007525156d 2 bytes JMP 74da8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075251585 2 bytes JMP 74da8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007525159d 2 bytes JMP 74da865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752515b5 2 bytes JMP 74d1fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752515cd 2 bytes JMP 74d2b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752516b2 2 bytes JMP 74da8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752516bd 2 bytes JMP 74da85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4536] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
.text C:\Windows\System32\svchost.exe[4596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007701ef8d 1 byte [62]
.text C:\Users\Jonas\Desktop\virenbereinigung\Gmer-19357.exe[2560] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074d2a2fd 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [4596:364] 000007fef4fa9688
---- Processes - GMER 2.1 ----
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:28) 000000006cb60000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006f7e0000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864](2015-02-10 21:00:30) 0000000070b20000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006c770000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (ICU I18N DLL/The ICU Project)(2015-02-10 21:00:30) 000000004a900000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (ICU Common DLL/The ICU Project)(2015-02-10 21:00:30) 0000000004500000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (ICU Data DLL/The ICU Project)(2015-02-10 21:00:30) 000000004ad00000
Library c:\users\jonas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt0nfl_.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864](2015-02-15 11:47:32) 0000000004100000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000069b60000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 0000000068b70000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000068950000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 00000000686f0000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006f7b0000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864](2015-02-10 21:00:30) 00000000709c0000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 000000006cf80000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 00000000686b0000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000068660000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864](2015-02-10 21:00:28) 0000000068580000
Library C:\Users\Jonas\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [3864](2015-02-10 21:00:28) 0000000068540000
---- EOF - GMER 2.1 ----
|
|
15.02.2015, 19:26
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7 home 64bit: Schädlingsbefall durch Techgile Virus. Werbung in Browser. hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.02.2015, 10:20
| #5 |
| | combofix log Hallo Schrauber, das ist jetzt die combofix.txt Code:
ATTFilter Combofix Logfile: |
|
16.02.2015, 18:20
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7 home 64bit: Schädlingsbefall durch Techgile Virus. Werbung in Browser. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 7 home 64bit: Schädlingsbefall durch Techgile Virus. Werbung in Browser. |
|
18.02.2015, 13:24
| #7 |
| | Schädlingsbekämpfung schritt 2 Ich konnte gestern die Maßnahmen aufgrund beruflicher Verpflichtungen nicht umsetzen. Danke für deine Geduld. anbei die neuen txt's: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 18.02.2015 Suchlauf-Zeit: 13:01:24 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.18.05 Rootkit Datenbank: v2015.02.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Jonas Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 465424 Verstrichene Zeit: 4 Min, 31 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 2 PUP.Optional.TechGile.A, C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfpklbmjjijallflamcdlkgglcehpfb, In Quarantäne, [a24b1708fd8d83b3c11beca3946fc63a], PUP.Optional.TechGile.A, C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfpklbmjjijallflamcdlkgglcehpfb\1.0.1_0, In Quarantäne, [a24b1708fd8d83b3c11beca3946fc63a], Dateien: 4 PUP.Optional.TechGile.A, C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfpklbmjjijallflamcdlkgglcehpfb\1.0.1_0\background.js, In Quarantäne, [a24b1708fd8d83b3c11beca3946fc63a], PUP.Optional.TechGile.A, C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfpklbmjjijallflamcdlkgglcehpfb\1.0.1_0\content.js, In Quarantäne, [a24b1708fd8d83b3c11beca3946fc63a], PUP.Optional.TechGile.A, C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfpklbmjjijallflamcdlkgglcehpfb\1.0.1_0\icon.png, In Quarantäne, [a24b1708fd8d83b3c11beca3946fc63a], PUP.Optional.TechGile.A, C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfpklbmjjijallflamcdlkgglcehpfb\1.0.1_0\manifest.json, In Quarantäne, [a24b1708fd8d83b3c11beca3946fc63a], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.110 - Bericht erstellt 18/02/2015 um 13:09:43
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-14.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Jonas - JONAS-PC
# Gestarted von : C:\Users\Jonas\Desktop\virenbereinigung\AdwCleaner_4.110.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.publikeco00.publikeco.com_0.localstorage
Datei Gelöscht : C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.publikeco00.publikeco.com_0.localstorage-journal
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Google Chrome v40.0.2214.111
*************************
AdwCleaner[R0].txt - [1647 Bytes] - [18/02/2015 13:08:18]
AdwCleaner[S0].txt - [1569 Bytes] - [18/02/2015 13:09:43]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1628 Bytes] ##########
[/CODE] Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Jonas on 18.02.2015 at 13:11:38,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.02.2015 at 13:14:08,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Jonas (administrator) on JONAS-PC on 18-02-2015 13:20:05
Running from C:\Users\Jonas\Desktop\virenbereinigung
Loaded Profiles: Jonas (Available profiles: Jonas & Laura & Anna & Mama)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(MKS Software Inc.) C:\Windows\System32\nutsrv4.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PTC Inc.) C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Dropbox, Inc.) C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-13] (AVAST Software)
HKLM-x32\...\Run: [NuTCSetupEnviron] => C:\Program Files\PTC\MKS Toolkit\bin\ncoeenv.exe [37248 2012-10-12] (MKS Software Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3299774788-2130862179-1353054255-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
Startup: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3299774788-2130862179-1353054255-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3299774788-2130862179-1353054255-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\Windows\SysWOW64\cgmopenbho.dll (CGM Open Consortium, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @ptc.com/ProductViewLite -> C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-13]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1420202940&from=ima&uid=OCZ-AGILITY3_OCZ-32Q3217NO988P6RE
CHR RestoreOnStartup: Default -> "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=276_pr__alt__ddc_dsssyc_bd_com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-13]
CHR Extension: (Google Docs) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-13]
CHR Extension: (Google Drive) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-13]
CHR Extension: (YouTube) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-13]
CHR Extension: (Adblock Plus) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-13]
CHR Extension: (Google-Suche) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-13]
CHR Extension: (Google Tabellen) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-13]
CHR Extension: (Avast Online Security) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-13]
CHR Extension: (Google Wallet) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-13]
CHR Extension: (Citavi Picker) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\piehhloihgjjiomhieeddiidpekaajio [2014-11-15]
CHR Extension: (Google Mail) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-13]
CHR HKLM-x32\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx [2014-11-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-13] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NuTCRACKERService; C:\Windows\system32\nutsrv4.exe [574776 2012-10-12] (MKS Software Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 PortmapperService; C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe [496128 2014-10-25] (PTC Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-13] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-18 13:14 - 2015-02-18 13:19 - 00000625 _____ () C:\Users\Jonas\Desktop\JRT.txt
2015-02-18 13:10 - 2015-02-18 13:10 - 00001708 _____ () C:\Users\Jonas\Desktop\AdwCleaner[S0].txt
2015-02-18 13:07 - 2015-02-18 13:09 - 00000000 ____D () C:\AdwCleaner
2015-02-18 13:06 - 2015-02-18 13:06 - 00002320 _____ () C:\Users\Jonas\Desktop\mbam.txt
2015-02-18 13:00 - 2015-02-18 13:00 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-16 10:16 - 2015-02-16 10:16 - 00024342 _____ () C:\ComboFix.txt
2015-02-16 10:11 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-16 10:11 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-16 10:11 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-16 10:11 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-16 10:11 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-16 10:11 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-16 10:11 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-16 10:11 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-16 10:10 - 2015-02-16 10:16 - 00000000 ____D () C:\Qoobox
2015-02-16 10:10 - 2015-02-16 10:15 - 00000000 ____D () C:\Windows\erdnt
2015-02-16 10:08 - 2015-02-16 10:08 - 05611903 ____R (Swearware) C:\Users\Jonas\Desktop\ComboFix.exe
2015-02-15 13:02 - 2015-02-18 13:20 - 00000000 ____D () C:\FRST
2015-02-15 13:01 - 2015-02-15 13:01 - 00000000 _____ () C:\Users\Jonas\defogger_reenable
2015-02-13 19:14 - 2015-02-13 19:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-02-13 13:58 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 13:58 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 13:58 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 13:58 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 13:08 - 2015-02-05 18:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-12 13:07 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-12 13:07 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-02-12 13:07 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-12 12:27 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-12 12:27 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-12 12:27 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-12 12:27 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 12:27 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-12 12:27 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-12 12:27 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-12 12:27 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-12 12:27 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-12 12:27 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-12 12:27 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-12 12:27 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-12 12:27 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-12 12:27 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-12 12:27 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 12:27 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-12 12:27 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-12 12:27 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-12 12:27 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-12 12:27 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-12 12:27 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-12 12:27 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-12 12:27 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-12 12:27 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-12 12:27 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 12:27 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-12 12:27 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-12 12:27 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-12 12:27 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 12:27 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 12:27 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 12:27 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 12:27 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 12:27 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-12 12:27 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 12:27 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 12:27 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 12:27 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-12 12:27 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-12 12:27 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 12:27 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 12:27 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 12:27 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 12:27 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-12 12:27 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 12:27 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-12 12:27 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 12:27 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 12:27 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-12 12:27 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 12:27 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 12:27 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 12:27 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 12:27 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-12 12:27 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-12 12:27 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 12:27 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 12:27 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 12:27 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 12:27 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 12:27 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 12:27 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 12:27 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 12:27 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 12:27 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-12 12:27 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 12:27 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 12:27 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-12 12:27 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 12:27 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 12:27 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 12:27 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 12:27 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 12:27 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 12:27 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-12 12:27 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 12:27 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 12:27 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-12 12:27 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 12:27 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 12:27 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-12 12:27 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 12:27 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-12 12:27 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-12 12:27 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 12:27 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 12:27 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 12:27 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 12:27 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-02-12 12:27 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-02-12 12:27 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-12 12:27 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-12 12:27 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-12 12:27 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-12 12:27 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-12 12:27 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-12 12:27 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-03 14:24 - 2015-02-03 14:24 - 00000219 _____ () C:\Users\Jonas\Desktop\Dota 2.url
2015-02-03 14:14 - 2015-02-18 13:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-03 14:14 - 2015-02-03 14:14 - 00000976 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-02-03 14:14 - 2015-02-03 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-03 14:13 - 2015-02-03 14:13 - 01142128 _____ () C:\Users\Jonas\Downloads\SteamSetup.exe
2015-02-02 21:54 - 2015-02-02 21:54 - 00000694 _____ () C:\DelFix.txt
2015-02-02 19:59 - 2015-02-02 19:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-02 19:48 - 2015-02-18 13:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 19:47 - 2015-02-18 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-02 19:47 - 2015-02-18 13:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-02-02 19:47 - 2015-02-02 19:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 19:47 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-02 19:47 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-02 19:47 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-02 19:38 - 2015-02-18 13:20 - 00000000 ____D () C:\Users\Jonas\Desktop\virenbereinigung
2015-02-02 19:38 - 2015-02-02 19:38 - 00709564 _____ () C:\Users\Jonas\Downloads\delfix_10.8.exe
2015-02-02 19:37 - 2015-02-02 19:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jonas\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-02 17:58 - 2015-02-02 17:58 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\WinRAR
2015-02-02 17:57 - 2015-02-02 17:57 - 02060888 _____ () C:\Users\Jonas\Downloads\winrar-x64-520d.exe
2015-02-02 17:57 - 2015-02-02 17:57 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-02 17:57 - 2015-02-02 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-02 17:57 - 2015-02-02 17:57 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-02 13:56 - 2015-02-02 13:56 - 00000000 ____D () C:\Users\Jonas\Documents\creo projekte
2015-02-02 11:34 - 2015-02-02 11:34 - 00038121 _____ () C:\Users\Jonas\Downloads\Lasertechnisches Praktikum - Organisatorische Informationen WS20
2015-02-01 14:12 - 2015-02-01 14:12 - 00000000 ____D () C:\Users\Jonas\Documents\bank
2015-01-31 15:14 - 2015-01-31 15:14 - 00000000 __SHD () C:\Users\Jonas\AppData\Local\EmieUserList
2015-01-31 15:14 - 2015-01-31 15:14 - 00000000 __SHD () C:\Users\Jonas\AppData\Local\EmieSiteList
2015-01-31 15:14 - 2015-01-31 15:14 - 00000000 __SHD () C:\Users\Jonas\AppData\Local\EmieBrowserModeList
2015-01-30 18:45 - 2015-01-30 18:45 - 00000945 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk
2015-01-30 18:45 - 2015-01-30 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2015-01-30 18:45 - 2015-01-30 18:45 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2015-01-30 18:43 - 2015-01-30 18:44 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Guild Wars 2
2015-01-30 18:40 - 2015-01-30 18:41 - 26068984 _____ (ArenaNet) C:\Users\Jonas\Downloads\Gw2Setup.exe
2015-01-24 13:18 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-24 13:18 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-24 13:18 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-24 13:18 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-24 13:18 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-24 13:18 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-18 13:20 - 2014-10-13 11:28 - 01972293 _____ () C:\Windows\WindowsUpdate.log
2015-02-18 13:17 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-18 13:17 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-18 13:16 - 2014-10-13 12:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-18 13:15 - 2010-11-21 07:50 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-02-18 13:15 - 2010-11-21 07:50 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-02-18 13:15 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-18 13:10 - 2014-12-31 11:41 - 00000000 ____D () C:\Users\Jonas\AppData\Local\FreePDF_XP
2015-02-18 13:10 - 2014-10-13 12:09 - 00000000 ___RD () C:\Users\Jonas\Dropbox
2015-02-18 13:10 - 2014-10-13 12:07 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Dropbox
2015-02-18 13:10 - 2014-10-13 12:01 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-18 13:10 - 2014-10-13 11:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-18 13:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-18 13:10 - 2009-07-14 05:51 - 00061642 _____ () C:\Windows\setupact.log
2015-02-18 12:21 - 2014-10-13 12:01 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 11:19 - 2014-10-25 12:22 - 00000000 ____D () C:\Users\Jonas\Documents\Outlook-Dateien
2015-02-16 10:17 - 2010-11-21 04:47 - 00047648 _____ () C:\Windows\PFRO.log
2015-02-16 10:15 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-15 21:55 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-15 13:01 - 2014-10-13 11:28 - 00000000 ____D () C:\Users\Jonas
2015-02-14 19:23 - 2014-10-19 21:29 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Mumble
2015-02-14 14:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 13:51 - 2014-12-13 12:51 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-13 13:51 - 2014-10-13 14:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 16:15 - 2009-07-14 05:45 - 00503344 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 15:48 - 2014-12-30 23:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 13:08 - 2014-10-13 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-12 12:26 - 2014-10-13 12:08 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-08 19:16 - 2014-10-13 12:01 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-08 19:16 - 2014-10-13 12:01 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-08 19:03 - 2014-10-25 11:37 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\PTC
2015-02-05 22:01 - 2014-11-22 09:32 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-05 22:01 - 2014-10-13 11:41 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-05 22:01 - 2014-10-13 11:41 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-05 22:01 - 2014-10-13 11:41 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-05 22:01 - 2014-10-13 11:41 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-02-05 22:01 - 2014-10-13 11:41 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-05 20:07 - 2014-10-13 11:44 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-05 20:07 - 2014-10-13 11:44 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-05 20:07 - 2014-10-13 11:44 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-05 20:07 - 2014-10-13 11:44 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-05 20:07 - 2014-10-13 11:44 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-05 20:06 - 2014-10-13 11:44 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 13:50 - 2014-10-13 11:44 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-04 22:41 - 2014-10-13 14:42 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Skype
2015-02-04 22:16 - 2014-10-13 12:03 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 22:16 - 2014-10-13 12:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 22:16 - 2014-10-13 12:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 11:26 - 2014-12-16 17:49 - 00000000 ____D () C:\Users\Anna\Documents\Citavi 4
2015-02-04 11:19 - 2014-12-20 12:21 - 00000000 ____D () C:\Users\Anna\Desktop\Anna
2015-02-04 11:19 - 2014-10-13 12:07 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-02 19:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\security
2015-02-02 19:43 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini
2015-02-02 19:39 - 2014-10-25 14:06 - 00000000 ____D () C:\Users\Jonas\Desktop\nützliches
2015-01-30 19:09 - 2014-10-13 11:44 - 00007608 _____ () C:\Users\Jonas\AppData\Local\Resmon.ResmonCfg
==================== Files in the root of some directories =======
2014-10-13 11:44 - 2015-01-30 19:09 - 0007608 _____ () C:\Users\Jonas\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\Jonas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc_35z0.dll
C:\Users\Jonas\AppData\Local\Temp\Quarantine.exe
C:\Users\Jonas\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-13 17:36
==================== End Of Log ============================
--- --- --- |
|
18.02.2015, 19:32
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7 home 64bit: Schädlingsbefall durch Techgile Virus. Werbung in Browser.ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.02.2015, 11:43
| #9 |
| | sieht gut aus Die Symptome im Browser sind durch die Maßnahmen verschwunden. Danke! Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=45b497eb7ee2254a82cd749da032a40a
# engine=22269
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-02 08:06:58
# local_time=2015-02-02 09:06:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 78 5028938 9709390 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 8587 174537468 0 0
# scanned=210940
# found=77
# cleaned=0
# scan_time=3869
sh=5A17F88C36C08C1A75CCEC077DAC4D8990F474EC ft=1 fh=21aa11c9110f431d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3299774788-2130862179-1353054255-1000\$R6PQIEH.exe"
sh=4139F95644E13A650D4827C943BCC9F2F0F6AA93 ft=1 fh=3b96e1736604b8bc vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir"
sh=E52BFBE1CEE5CF0904360A676625A922B1C186F2 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\ohfpklbmjjijallflamcdlkgglcehpfb.crx.vir"
sh=8146498505E7093651ECD2101CF03EC9300BC004 ft=1 fh=6b216f5fc523d1db vn="Variante von Win64/BrowseFox.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\TechgileBHO.dll.vir"
sh=FE75D14D0A24C7F740568742C8F215E7DFA059BA ft=1 fh=5d96bc68521930c8 vn="Variante von Win64/BrowseFox.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\TechgileUn.exe.vir"
sh=C2DC56F1E34DEE301F6568C78DC01CCAB5CD17A9 ft=1 fh=fa426c82d5619b2c vn="Variante von Win64/BrowseFox.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\TechgileUninstall.exe.vir"
sh=68442F5E9D3EA6BE9AB5FFF27D4FE801E6D12539 ft=1 fh=d09e57f9899fdeb8 vn="Variante von MSIL/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\updateTechgile.exe.vir"
sh=BF84D9156D97DB7EA412A279BA3994DE6413604B ft=1 fh=cce35c9ae20ffdc5 vn="Variante von Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\0bab82926c5d4497a29c.dll.vir"
sh=CBB8EAE75398253CC2BBB77ADD523EC9F4AF1C77 ft=1 fh=59b522b6f462c8c8 vn="Variante von Win64/BrowseFox.CI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\0bab82926c5d4497a29c64.dll.vir"
sh=685275F2123424B8FB5E0A87051C753FAD68891E ft=1 fh=2d030f89a3167265 vn="Variante von Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\1c02978a62e14a079e56.dll.vir"
sh=F7D772E4D50E4042A6D45FD0A1118D6851475A69 ft=1 fh=f64b57f1b0bf45d0 vn="Variante von Win64/BrowseFox.CI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\1c02978a62e14a079e5664.dll.vir"
sh=70735029D33CD937D8885B666F492F50D6B4C73C ft=1 fh=b1f88f92a1dbbb15 vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\1c02978a62e14a079e56c805d0438441.dll.vir"
sh=D603469710377AC46755DE7D752F4ED8B54DBDC1 ft=1 fh=2ab5b59655776649 vn="Variante von Win64/BrowseFox.CK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\1c02978a62e14a079e56c805d043844164.dll.vir"
sh=792EF369F248B333EE8D4FBFB4FFA81BAF3CB918 ft=1 fh=aa34fe1a029494b6 vn="Variante von Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\3200bfc05e5f40e7b9b9.dll.vir"
sh=C473737CB292B54E115F782E4E529F320CAEDFD1 ft=1 fh=4670f809f8cc1b7d vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\3200bfc05e5f40e7b9b911a87e4d2aa6.dll.vir"
sh=5021872194E42D1B85881324CED0D13B38E9311F ft=1 fh=02f8f0e713d63703 vn="Variante von Win64/BrowseFox.CK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\3200bfc05e5f40e7b9b911a87e4d2aa664.dll.vir"
sh=C8FD9BD2521B835A92E363149ADE45B92E7A15AC ft=1 fh=263d8f671fc716d6 vn="Variante von Win64/BrowseFox.CI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\3200bfc05e5f40e7b9b964.dll.vir"
sh=847BA691322C7C98EF5B140320C649D8D746F919 ft=1 fh=40f941ea52f98071 vn="Variante von Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\4a0d88691fbc49189ada.dll.vir"
sh=453297FD76FEBC064AD8272B9A9DEA238C749F3A ft=1 fh=9e0d62892aea03e4 vn="Variante von Win64/BrowseFox.CI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\4a0d88691fbc49189ada64.dll.vir"
sh=9FA11E3C50B2B99352907B62C88801F2F6C50718 ft=1 fh=ee1a7e0d8f52ce10 vn="Variante von Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\665e51a3da934d76a3a4.dll.vir"
sh=CAFBDF71C209737E689A8833B511537E76082E06 ft=1 fh=eef35225a1c3f584 vn="Variante von Win64/BrowseFox.CI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\665e51a3da934d76a3a464.dll.vir"
sh=04E9463DE624FF3913542F10913A98DD72EB3A90 ft=1 fh=ca4507d35a4c02d2 vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\665e51a3da934d76a3a4e4194c384ce8.dll.vir"
sh=DB7AAADB5811A5420D7FE4F3E9F845B42845EB40 ft=1 fh=7efe67fd53841d86 vn="Variante von Win64/BrowseFox.CK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\665e51a3da934d76a3a4e4194c384ce864.dll.vir"
sh=E816BD6B0A761B823CC8051DC0A442F31864EEAE ft=1 fh=73ebd7fb9d8ef3cf vn="Variante von Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\770d9261ea7b44d1b1fa.dll.vir"
sh=27BEC91CF58E99CC20102601A5FD8AB7A5109F63 ft=1 fh=13452e3116178d53 vn="Variante von Win64/BrowseFox.CI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\770d9261ea7b44d1b1fa64.dll.vir"
sh=AE07ACF55CBCE944839A0D8D3D5A8557CDC3581B ft=1 fh=e6ff3ac96eda96d1 vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\770d9261ea7b44d1b1facd753813d1ca.dll.vir"
sh=B34249531AB7CC624223A88BCC79F37A09BB09DD ft=1 fh=95491952e7dd3e70 vn="Variante von Win64/BrowseFox.CK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\770d9261ea7b44d1b1facd753813d1ca64.dll.vir"
sh=6B91F44EB333E044EE90137F2253DB5E1010F52E ft=1 fh=9f7242b294877553 vn="Variante von Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\f10b86b0bf15437d92fd.dll.vir"
sh=4DA51E377029059A59E6D971ADD515694963B9D5 ft=1 fh=24e741e39d4aac1e vn="Variante von Win64/BrowseFox.CI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\f10b86b0bf15437d92fd64.dll.vir"
sh=0321FCED0E7714F703026D3C9A3EE5A950E655AA ft=1 fh=a3345ff69a2f9bcd vn="Variante von Win32/BrowseFox.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\Techgile.BOAS.exe.vir"
sh=FAD4EE4E2C413F2785D244A06C60D20E8B576127 ft=1 fh=8e4a95f7a8b24bc2 vn="Variante von Win32/BrowseFox.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\Techgile.BOASHelper.exe.vir"
sh=63158F0B9D0E302ABB3E02F4D55EA6C9D3063B49 ft=1 fh=41f60c0ca7df01f1 vn="Variante von Win32/BrowseFox.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\Techgile.BOASPRT.exe.vir"
sh=F5053AA290C3EE53F0B0A2040FEAA685FBA3132E ft=1 fh=b83d23c7f5749a23 vn="Variante von Win32/BrowseFox.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter.exe.vir"
sh=418F8CC796393150CBD3C2AA97482128B923B106 ft=1 fh=8676b85a2ff113d8 vn="Variante von Win64/BrowseFox.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter64.exe.vir"
sh=06CCBA74A02381E71D842E66A4191066FCB73CA6 ft=1 fh=298ec97b15874107 vn="Variante von Win64/BrowseFox.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\Techgile.BRT.Helper.exe.vir"
sh=E0AA5BA022E5318BFA8037DD02A551F30470EF02 ft=1 fh=0b3fa7862a750e89 vn="Win32/BrowseFox.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\Techgile.expext.exe.vir"
sh=AA9C4229522596242EC3BE6151132984D392FA0A ft=1 fh=3609b527d4c45595 vn="Variante von Win64/BrowseFox.CJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\Techgile.expextdll.dll.vir"
sh=727C151530AE69764CE62FC21CB54AC3896A2094 ft=1 fh=72114e69219c2fa4 vn="Variante von Win64/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\Techgile.PurBrowse64.exe.vir"
sh=F1439C3F0E02B6196FF4679951008857DF2EE514 ft=1 fh=26fad698e7e5bebd vn="Variante von MSIL/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\tmp1AAD.tmp.vir"
sh=E3CFC0F80DE41EFF5C965039D22DD7071D827CB3 ft=1 fh=0b2156237dabae82 vn="Variante von MSIL/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\tmp5F44.tmp.vir"
sh=2358DB71E00F2C6EA1D9D35F54F7C38B4DF05FA7 ft=1 fh=27a1b59dd39edbde vn="Variante von MSIL/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\tmp8DED.tmp.vir"
sh=68442F5E9D3EA6BE9AB5FFF27D4FE801E6D12539 ft=1 fh=d09e57f9899fdeb8 vn="Variante von MSIL/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\utilTechgile.exe.vir"
sh=7CA8F9623F04B347EF4EA1EFAF6691FB3F44A2DE ft=1 fh=9f9c24482cf7c270 vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\{0bab8292-6c5d-4497-a29c-a0f9172b118b}.dll.vir"
sh=FD2006C6F957B163334EAAB80C70EF42FA031AEF ft=1 fh=8caa7b796301498e vn="Variante von Win64/BrowseFox.CK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\{0bab8292-6c5d-4497-a29c-a0f9172b118b}64.dll.vir"
sh=88DB6FDFD325C17548032AFC03A12F151B04EB55 ft=1 fh=16b9660a5bd786e2 vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\{4a0d8869-1fbc-4918-9ada-bb10f8dfcc5c}.dll.vir"
sh=5290CDC2529EE06B0CFF2264017B9458DCA4ABCA ft=1 fh=1e69097b6eee6817 vn="Variante von Win64/BrowseFox.CK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\{4a0d8869-1fbc-4918-9ada-bb10f8dfcc5c}64.dll.vir"
sh=54326C28345ED6860F9BC3541B305F9F7C76170F ft=1 fh=9b77a9b8afca20cb vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\{f10b86b0-bf15-437d-92fd-f05ff37c387b}.dll.vir"
sh=CC0A714240E423EAAF5CA3FD52A4F488D8DD129A ft=1 fh=15e181c03b8a5eb1 vn="Variante von Win64/BrowseFox.CK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\{f10b86b0-bf15-437d-92fd-f05ff37c387b}64.dll.vir"
sh=2552D53B7145DA8955EE84DF3C5E7AA17A4951DD ft=1 fh=1673462403a27d16 vn="Variante von MSIL/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\plugins\Techgile.BOAS.dll.vir"
sh=B7E5470EFB593ADD0D65098A243ECC10A51AC01F ft=1 fh=eee7df2810f4eabe vn="Variante von MSIL/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\plugins\Techgile.BrowserAdapter.dll.vir"
sh=BF23D40D43DA940E3C25080BEB1ABCBC712EFB78 ft=1 fh=e08cb90c377ac49e vn="Variante von MSIL/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\plugins\Techgile.BRT.dll.vir"
sh=4AF2F591FF97F7533A3EE216E85EF797B1A5718F ft=1 fh=ace8a880db89707c vn="Variante von Win64/BrowseFox.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\plugins\Techgile.CompatibilityChecker.dll.vir"
sh=CB01104DE8FB60D34FA1304D1DDF82A9641AECF2 ft=1 fh=7985667a7748086b vn="Variante von MSIL/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\plugins\Techgile.ExpExt.dll.vir"
sh=8767DDE5156ADBF238BEEEAB895775C2073509F3 ft=1 fh=45594558e4a26d01 vn="Variante von MSIL/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\plugins\Techgile.FFUpdate.dll.vir"
sh=A091B9A7CEE554A8D0D004B33C06EFD1D54B926B ft=1 fh=0269539969d9fc20 vn="Variante von MSIL/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\plugins\Techgile.GCUpdate.dll.vir"
sh=16EDC6DA3ED6B76643E64603766BE741FD787802 ft=1 fh=efa01c0d7e376abd vn="Variante von MSIL/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\plugins\Techgile.IEUpdate.dll.vir"
sh=BC2B6CBB44103AE410C28721EA98F397466933DF ft=1 fh=f36b16eb68696ed0 vn="Variante von MSIL/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\plugins\Techgile.OfSvc.dll.vir"
sh=A3BC729676F4C230361EF8883A0D070AE9F48036 ft=1 fh=efc35d636e153f94 vn="Variante von MSIL/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\plugins\Techgile.OptChecker.dll.vir"
sh=B32E63DE420D1A489B881AA5A7D22E411C63772F ft=1 fh=5b2cbf4e30c6528e vn="Variante von MSIL/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\plugins\Techgile.PurBrowseG.dll.vir"
sh=7DD85235D617DD048552340445F1F65AB8C6A2C2 ft=1 fh=6f867585110f2fc7 vn="Variante von MSIL/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techgile\bin\plugins\Techgile.Repmon.dll.vir"
sh=9DF3638EE93AB2DB89A89AC6B67BF088DC64416B ft=1 fh=c71c00110e78363b vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=102B8F7E00B0C3A47121BE78D6E94CAE8B9E6ECA ft=1 fh=6ed3d2194d788e97 vn="Variante von Win64/BrowseFox.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{0bab8292-6c5d-4497-a29c-a0f9172b118b}Gw64.sys.vir"
sh=AD72B8E4A0D2D64630CCCDE214D24D56FDAB99D7 ft=1 fh=b849d7317f6e2c1a vn="Variante von Win64/BrowseFox.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{1c02978a-62e1-4a07-9e56-c805d0438441}Gw64.sys.vir"
sh=C916F2DE17C32C8A178901CA13B3A37C5584F7AD ft=1 fh=6344859a3b27c482 vn="Variante von Win64/BrowseFox.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{3200bfc0-5e5f-40e7-b9b9-11a87e4d2aa6}Gw64.sys.vir"
sh=61EA237915512AE5779363645C9DA3E63DC404B3 ft=1 fh=5666c07d3812770a vn="Variante von Win64/BrowseFox.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{4a0d8869-1fbc-4918-9ada-bb10f8dfcc5c}Gw64.sys.vir"
sh=4CC4E8547B02189631D58780A1700CF3A291E701 ft=1 fh=25b43bd92ff127ab vn="Variante von Win64/BrowseFox.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{665e51a3-da93-4d76-a3a4-e4194c384ce8}Gw64.sys.vir"
sh=04C7982707325A83FDF9C9E7608FEA4749A9B0A2 ft=1 fh=2e7ef7ca249c1594 vn="Variante von Win64/BrowseFox.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{770d9261-ea7b-44d1-b1fa-cd753813d1ca}Gw64.sys.vir"
sh=86BA392B89025FFEC4005CBC28F28A98870C6773 ft=1 fh=b928b8711b3b19a2 vn="Variante von Win64/BrowseFox.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{8590482e-6fbf-4e86-9e78-2d81034791b1}Gw64.sys.vir"
sh=1917FBAC058F120EA04C39CFE7E93A5CCF10A5AA ft=1 fh=a1ac7c881b881d3e vn="Variante von Win64/BrowseFox.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{f10b86b0-bf15-437d-92fd-f05ff37c387b}Gw64.sys.vir"
sh=469D5DC03F27E1289A92206FFF69F6C7C3E4AEB3 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfpklbmjjijallflamcdlkgglcehpfb\1.0.1_0\background.js"
sh=45615F25E9B7537C094F0AAC5535EE13FFD89FA3 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfpklbmjjijallflamcdlkgglcehpfb\1.0.1_0\content.js"
sh=A51897DAE5A7CC0301D4CCB65C01CFB8E7842D5D ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PZOGY0GL\p[1].htm"
sh=08131ADF7C15E801A902E72ADA9DBA8EF81AD101 ft=1 fh=0e19461b6ef503f8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jonas\AppData\Local\Temp\DMR\dmr_72.exe"
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003190"
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mama\Downloads\ReimageRepair (1).exe"
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mama\Downloads\ReimageRepair (2).exe"
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mama\Downloads\ReimageRepair.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=45b497eb7ee2254a82cd749da032a40a
# engine=22533
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-18 07:24:25
# local_time=2015-02-18 08:24:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 78 6408785 11089237 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 30687 175917315 0 0
# scanned=54470
# found=0
# cleaned=0
# scan_time=1416
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=45b497eb7ee2254a82cd749da032a40a
# engine=22617
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-24 09:29:17
# local_time=2015-02-24 10:29:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 78 6887877 11571929 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 57654 176400007 0 0
# scanned=217402
# found=5
# cleaned=0
# scan_time=3224
sh=A51897DAE5A7CC0301D4CCB65C01CFB8E7842D5D ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PZOGY0GL\p[1].htm"
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003190"
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mama\Downloads\ReimageRepair (1).exe"
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mama\Downloads\ReimageRepair (2).exe"
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mama\Downloads\ReimageRepair.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 64-bit 8 Update 31
Adobe Reader XI
Google Chrome (40.0.2214.111)
Google Chrome (40.0.2214.115)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by Jonas (administrator) on JONAS-PC on 24-02-2015 11:37:53
Running from C:\Users\Jonas\Desktop\virenbereinigung
Loaded Profiles: Jonas (Available profiles: Jonas & Laura & Anna & Mama)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(MKS Software Inc.) C:\Windows\System32\nutsrv4.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PTC Inc.) C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-13] (AVAST Software)
HKLM-x32\...\Run: [NuTCSetupEnviron] => C:\Program Files\PTC\MKS Toolkit\bin\ncoeenv.exe [37248 2012-10-12] (MKS Software Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3299774788-2130862179-1353054255-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation)
Startup: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3299774788-2130862179-1353054255-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3299774788-2130862179-1353054255-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\Windows\SysWOW64\cgmopenbho.dll (CGM Open Consortium, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @ptc.com/ProductViewLite -> C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-13]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1420202940&from=ima&uid=OCZ-AGILITY3_OCZ-32Q3217NO988P6RE
CHR RestoreOnStartup: Default -> "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=276_pr__alt__ddc_dsssyc_bd_com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-13]
CHR Extension: (Google Docs) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-13]
CHR Extension: (Google Drive) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-13]
CHR Extension: (YouTube) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-13]
CHR Extension: (Adblock Plus) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-13]
CHR Extension: (Google Search) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-13]
CHR Extension: (Google Sheets) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-13]
CHR Extension: (Avast Online Security) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-13]
CHR Extension: (Google Wallet) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-13]
CHR Extension: (Citavi Picker) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\piehhloihgjjiomhieeddiidpekaajio [2014-11-15]
CHR Extension: (Gmail) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-13]
CHR HKLM-x32\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx [2014-11-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-13] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NuTCRACKERService; C:\Windows\system32\nutsrv4.exe [574776 2012-10-12] (MKS Software Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 PortmapperService; C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe [496128 2014-10-25] (PTC Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-13] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-23 13:21 - 2015-02-23 13:21 - 00008352 _____ () C:\Users\Jonas\Desktop\turnier.xlsx
2015-02-19 21:52 - 2015-02-19 21:52 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Steam
2015-02-18 19:58 - 2015-02-18 19:58 - 02347384 _____ (ESET) C:\Users\Jonas\Downloads\esetsmartinstaller_deu.exe
2015-02-18 19:58 - 2015-02-18 19:58 - 00852594 _____ () C:\Users\Jonas\Downloads\SecurityCheck.exe
2015-02-18 13:14 - 2015-02-18 13:19 - 00000625 _____ () C:\Users\Jonas\Desktop\JRT.txt
2015-02-18 13:10 - 2015-02-18 13:10 - 00001708 _____ () C:\Users\Jonas\Desktop\AdwCleaner[S0].txt
2015-02-18 13:07 - 2015-02-18 13:09 - 00000000 ____D () C:\AdwCleaner
2015-02-18 13:06 - 2015-02-18 13:06 - 00002320 _____ () C:\Users\Jonas\Desktop\mbam.txt
2015-02-18 13:00 - 2015-02-18 13:00 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-16 10:16 - 2015-02-16 10:16 - 00024342 _____ () C:\ComboFix.txt
2015-02-16 10:11 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-16 10:11 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-16 10:11 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-16 10:11 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-16 10:11 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-16 10:11 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-16 10:11 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-16 10:11 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-16 10:10 - 2015-02-16 10:16 - 00000000 ____D () C:\Qoobox
2015-02-16 10:10 - 2015-02-16 10:15 - 00000000 ____D () C:\Windows\erdnt
2015-02-16 10:08 - 2015-02-16 10:08 - 05611903 ____R (Swearware) C:\Users\Jonas\Desktop\ComboFix.exe
2015-02-15 13:02 - 2015-02-24 11:37 - 00000000 ____D () C:\FRST
2015-02-15 13:01 - 2015-02-15 13:01 - 00000000 _____ () C:\Users\Jonas\defogger_reenable
2015-02-13 19:14 - 2015-02-13 19:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-02-13 13:58 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 13:58 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 13:58 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 13:58 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 13:08 - 2015-02-05 18:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-12 13:07 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-12 13:07 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-02-12 13:07 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-12 13:07 - 2015-02-05 22:01 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-12 12:27 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-12 12:27 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-12 12:27 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-12 12:27 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-12 12:27 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 12:27 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-12 12:27 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-12 12:27 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-12 12:27 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-12 12:27 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-12 12:27 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-12 12:27 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-12 12:27 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-12 12:27 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-12 12:27 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-12 12:27 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 12:27 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-12 12:27 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-12 12:27 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-12 12:27 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-12 12:27 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-12 12:27 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-12 12:27 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-12 12:27 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-12 12:27 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-12 12:27 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 12:27 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-12 12:27 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-12 12:27 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-12 12:27 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 12:27 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 12:27 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 12:27 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 12:27 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 12:27 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-12 12:27 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 12:27 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 12:27 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 12:27 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-12 12:27 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-12 12:27 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 12:27 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 12:27 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 12:27 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 12:27 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-12 12:27 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 12:27 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-12 12:27 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 12:27 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 12:27 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-12 12:27 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 12:27 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 12:27 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 12:27 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 12:27 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-12 12:27 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-12 12:27 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 12:27 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 12:27 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 12:27 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 12:27 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 12:27 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 12:27 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 12:27 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 12:27 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 12:27 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-12 12:27 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 12:27 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 12:27 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-12 12:27 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 12:27 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 12:27 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 12:27 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 12:27 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 12:27 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 12:27 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-12 12:27 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 12:27 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 12:27 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-12 12:27 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 12:27 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 12:27 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-12 12:27 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-12 12:27 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-12 12:27 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 12:27 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-12 12:27 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-12 12:27 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 12:27 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 12:27 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 12:27 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 12:27 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-02-12 12:27 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-02-12 12:27 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-12 12:27 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-12 12:27 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-12 12:27 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-12 12:27 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-12 12:27 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-12 12:27 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-03 14:24 - 2015-02-03 14:24 - 00000219 _____ () C:\Users\Jonas\Desktop\Dota 2.url
2015-02-03 14:14 - 2015-02-24 11:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-03 14:14 - 2015-02-03 14:14 - 00000976 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-02-03 14:14 - 2015-02-03 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-03 14:13 - 2015-02-03 14:13 - 01142128 _____ () C:\Users\Jonas\Downloads\SteamSetup.exe
2015-02-02 21:54 - 2015-02-02 21:54 - 00000694 _____ () C:\DelFix.txt
2015-02-02 19:59 - 2015-02-02 19:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-02 19:48 - 2015-02-18 13:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 19:47 - 2015-02-18 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-02 19:47 - 2015-02-18 13:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-02-02 19:47 - 2015-02-02 19:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 19:47 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-02 19:47 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-02 19:47 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-02 19:38 - 2015-02-24 11:37 - 00000000 ____D () C:\Users\Jonas\Desktop\virenbereinigung
2015-02-02 19:38 - 2015-02-02 19:38 - 00709564 _____ () C:\Users\Jonas\Downloads\delfix_10.8.exe
2015-02-02 19:37 - 2015-02-02 19:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jonas\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-02 17:58 - 2015-02-02 17:58 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\WinRAR
2015-02-02 17:57 - 2015-02-02 17:57 - 02060888 _____ () C:\Users\Jonas\Downloads\winrar-x64-520d.exe
2015-02-02 17:57 - 2015-02-02 17:57 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-02 17:57 - 2015-02-02 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-02 17:57 - 2015-02-02 17:57 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-02 13:56 - 2015-02-02 13:56 - 00000000 ____D () C:\Users\Jonas\Documents\creo projekte
2015-02-02 11:34 - 2015-02-02 11:34 - 00038121 _____ () C:\Users\Jonas\Downloads\Lasertechnisches Praktikum - Organisatorische Informationen WS20
2015-02-01 14:12 - 2015-02-01 14:12 - 00000000 ____D () C:\Users\Jonas\Documents\bank
2015-01-31 15:14 - 2015-01-31 15:14 - 00000000 __SHD () C:\Users\Jonas\AppData\Local\EmieUserList
2015-01-31 15:14 - 2015-01-31 15:14 - 00000000 __SHD () C:\Users\Jonas\AppData\Local\EmieSiteList
2015-01-31 15:14 - 2015-01-31 15:14 - 00000000 __SHD () C:\Users\Jonas\AppData\Local\EmieBrowserModeList
2015-01-30 18:45 - 2015-01-30 18:45 - 00000945 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk
2015-01-30 18:45 - 2015-01-30 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2015-01-30 18:45 - 2015-01-30 18:45 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2015-01-30 18:43 - 2015-01-30 18:44 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Guild Wars 2
2015-01-30 18:40 - 2015-01-30 18:41 - 26068984 _____ (ArenaNet) C:\Users\Jonas\Downloads\Gw2Setup.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-24 11:21 - 2014-10-13 12:01 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 11:19 - 2014-10-13 11:28 - 01245844 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 11:16 - 2014-10-13 12:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-24 09:39 - 2010-11-21 07:50 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-02-24 09:39 - 2010-11-21 07:50 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-02-24 09:39 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 09:39 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-24 09:39 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-24 09:32 - 2014-12-31 11:41 - 00000000 ____D () C:\Users\Jonas\AppData\Local\FreePDF_XP
2015-02-24 09:32 - 2014-10-13 12:09 - 00000000 ___RD () C:\Users\Jonas\Dropbox
2015-02-24 09:32 - 2014-10-13 12:07 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Dropbox
2015-02-24 09:32 - 2014-10-13 12:01 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-24 09:32 - 2014-10-13 11:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-24 09:32 - 2010-11-21 04:47 - 00053172 _____ () C:\Windows\PFRO.log
2015-02-24 09:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 09:32 - 2009-07-14 05:51 - 00063154 _____ () C:\Windows\setupact.log
2015-02-23 20:41 - 2014-10-25 11:24 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-23 18:13 - 2014-12-16 17:49 - 00000000 ____D () C:\Users\Anna\Documents\Citavi 4
2015-02-23 13:45 - 2014-10-25 12:22 - 00000000 ____D () C:\Users\Jonas\Documents\Outlook-Dateien
2015-02-18 17:04 - 2014-10-19 21:29 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Mumble
2015-02-18 13:44 - 2014-10-13 12:07 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-16 10:15 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-15 21:55 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-15 13:01 - 2014-10-13 11:28 - 00000000 ____D () C:\Users\Jonas
2015-02-14 14:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 13:51 - 2014-12-13 12:51 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-13 13:51 - 2014-10-13 14:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 16:15 - 2009-07-14 05:45 - 00503344 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 15:48 - 2014-12-30 23:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 13:08 - 2014-10-13 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-12 12:26 - 2014-10-13 12:08 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-08 19:16 - 2014-10-13 12:01 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-08 19:16 - 2014-10-13 12:01 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-08 19:03 - 2014-10-25 11:37 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\PTC
2015-02-05 22:01 - 2014-11-22 09:32 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-05 22:01 - 2014-10-13 11:41 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-05 22:01 - 2014-10-13 11:41 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-05 22:01 - 2014-10-13 11:41 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-05 22:01 - 2014-10-13 11:41 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-02-05 22:01 - 2014-10-13 11:41 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-05 20:07 - 2014-10-13 11:44 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-05 20:07 - 2014-10-13 11:44 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-05 20:07 - 2014-10-13 11:44 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-05 20:07 - 2014-10-13 11:44 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-05 20:07 - 2014-10-13 11:44 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-05 20:06 - 2014-10-13 11:44 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 13:50 - 2014-10-13 11:44 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-04 22:41 - 2014-10-13 14:42 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Skype
2015-02-04 22:16 - 2014-10-13 12:03 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 22:16 - 2014-10-13 12:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 22:16 - 2014-10-13 12:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 11:19 - 2014-12-20 12:21 - 00000000 ____D () C:\Users\Anna\Desktop\Anna
2015-02-02 19:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\security
2015-02-02 19:43 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini
2015-02-02 19:39 - 2014-10-25 14:06 - 00000000 ____D () C:\Users\Jonas\Desktop\nützliches
2015-01-30 19:09 - 2014-10-13 11:44 - 00007608 _____ () C:\Users\Jonas\AppData\Local\Resmon.ResmonCfg
==================== Files in the root of some directories =======
2014-10-13 11:44 - 2015-01-30 19:09 - 0007608 _____ () C:\Users\Jonas\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\Jonas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf3v0cb.dll
C:\Users\Jonas\AppData\Local\Temp\Quarantine.exe
C:\Users\Jonas\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-13 17:36
==================== End Of Log ============================
|
|
24.02.2015, 17:11
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7 home 64bit: Schädlingsbefall durch Techgile Virus. Werbung in Browser. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\$Recycle.Bin
C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfpklbmjjijallflamcdlkgglcehpfb\1.0.1_0\background.js
C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfpklbmjjijallflamcdlkgglcehpfb\1.0.1_0\content.js
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PZOGY0GL\p[1].htm
C:\Users\Jonas\AppData\Local\Temp\DMR\dmr_72.exe
C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003190
C:\Users\Mama\Downloads\ReimageRepair (1).exe
C:\Users\Mama\Downloads\ReimageRepair (2).exe
C:\Users\Mama\Downloads\ReimageRepair.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.02.2015, 17:30
| #11 |
| | letzte rückmeldungCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-02-2015
Ran by Jonas at 2015-02-24 17:18:25 Run:1
Running from C:\Users\Jonas\Desktop\virenbereinigung
Loaded Profiles: Jonas (Available profiles: Jonas & Laura & Anna & Mama)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\$Recycle.Bin
C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfpklbmjjijallflamcdlkgglcehpfb\1.0.1_0\background.js
C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfpklbmjjijallflamcdlkgglcehpfb\1.0.1_0\content.js
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PZOGY0GL\p[1].htm
C:\Users\Jonas\AppData\Local\Temp\DMR\dmr_72.exe
C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003190
C:\Users\Mama\Downloads\ReimageRepair (1).exe
C:\Users\Mama\Downloads\ReimageRepair (2).exe
C:\Users\Mama\Downloads\ReimageRepair.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Emptytemp:
*****************
C:\$Recycle.Bin => Moved successfully.
"C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfpklbmjjijallflamcdlkgglcehpfb\1.0.1_0\background.js" => File/Directory not found.
"C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfpklbmjjijallflamcdlkgglcehpfb\1.0.1_0\content.js" => File/Directory not found.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PZOGY0GL\p[1].htm => Moved successfully.
"C:\Users\Jonas\AppData\Local\Temp\DMR\dmr_72.exe" => File/Directory not found.
C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003190 => Moved successfully.
C:\Users\Mama\Downloads\ReimageRepair (1).exe => Moved successfully.
C:\Users\Mama\Downloads\ReimageRepair (2).exe => Moved successfully.
C:\Users\Mama\Downloads\ReimageRepair.exe => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
EmptyTemp: => Removed 639.7 MB temporary data.
The system needed a reboot.
==== End of Fixlog 17:18:37 ====
|
|
25.02.2015, 07:02
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7 home 64bit: Schädlingsbefall durch Techgile Virus. Werbung in Browser. Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7 home 64bit: Schädlingsbefall durch Techgile Virus. Werbung in Browser. |
| adware, antivirus, browser, desktop, failed, fehler, flash player, google, home, homepage, installation, mozilla, office 365, realtek, registry, rundll, schädling, security, software, svchost.exe, system, techgile, teredo, updates, usb, virus, werbung, windows |
Linear-Darstellung
