|
Plagegeister aller Art und deren Bekämpfung: Chrom lädt automatisch Datein runter ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.03.2015, 20:30 | #1 |
| Chrom lädt automatisch Datein runter ? Hallo. Ich war heute ganz normal beim Internet surfen als plötzlich Chrome angefangen eine "vlc.exe" zu downloaden. Da die Datei klein war konnte ich den Download nicht schnell genug canceln und Avira ist daraufhin angeschlagen mit folgendem Fund: 'PUA/Softpulse.Gen' . Nun ist das schon zum zweiten mal passiert jedoch findet Avira sonst nichts verdächtiges auf dem System. Wisst ihr was da los ist ? Und richten diese runter geladenen Datein schaden aus ? Wurden ja beide male direkt von Avira in die Quarantäne verschoben. |
07.03.2015, 20:32 | #2 |
/// the machine /// TB-Ausbilder | Chrom lädt automatisch Datein runter ? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
07.03.2015, 20:46 | #3 |
| Chrom lädt automatisch Datein runter ?FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01 Ran by Hossam (administrator) on EASYMUFFIN on 07-03-2015 20:38:49 Running from X:\Libraries\Downloads Loaded Profiles: Hossam & (Available profiles: Hossam) Platform: Windows 8.1 (X64) OS Language: German (Germany) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe () C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Program Files (x86)\puush\puush.exe (Valve Corporation) X:\Program Files\Steam\Steam.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe () C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Valve Corporation) X:\Program Files\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (AppWork GmbH) C:\Program Files\JDownloader v2.0\JDownloader2.exe (Valve Corporation) X:\Program Files\Steam\bin\steamwebhelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-04] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Razer Lachesis Driver] => C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe [838160 2012-12-21] (Razer USA Ltd) HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2014-12-15] () HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG) HKLM-x32\...\RunOnce: [EasyTune] => C:\Program Files (x86)\Gigabyte\EasyTune\etro.exe [5632 2014-08-18] (GIGA-BYTE TECHNOLOGY CO., LTD.) HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.) HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-12-07] () HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\Run: [Spotify Web Helper] => C:\Users\Hossam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-14] (Spotify Ltd) HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\Run: [Steam] => X:\Program Files\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation) HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\Run: [Spotify] => C:\Users\Hossam\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-14] (Spotify Ltd) HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.) HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-12-07] () HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Hossam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-14] (Spotify Ltd) HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => X:\Program Files\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation) HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\Hossam\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-14] (Spotify Ltd) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3450479177-531897440-768990038-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Hossam\AppData\Roaming\Mozilla\Firefox\Profiles\RdWz8WBB.default FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-05-14] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-05-14] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Extension: Avira Browser Safety - C:\Users\Hossam\AppData\Roaming\Mozilla\Firefox\Profiles\RdWz8WBB.default\Extensions\abs@avira.com [2014-12-09] Chrome: ======= CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzuyByE0DyEtAyD0F0B0E0F0BtCtAyE0C0BtN0D0Tzu0StCtCyEyEtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtC0EyCzz0D0DyCtGzztB0ByCtGyDyBtDzytG0E0C0FtDtGtB0C0EyEtByCtAyE0B0Bzy0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByCtA0DyEyByByBtGzzzz0BzytGyE0EtCzytGzzyCtDzztGtDtA0AzytByEyDyB0AyDzz0C2Q&cr=1867435061&ir= CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzuyByE0DyEtAyD0F0B0E0F0BtCtAyE0C0BtN0D0Tzu0StCtCyEyEtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtC0EyCzz0D0DyCtGzztB0ByCtGyDyBtDzytG0E0C0FtDtGtB0C0EyEtByCtAyE0B0Bzy0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByCtA0DyEyByByBtGzzzz0BzytGyE0EtCzytGzzyCtDzztGtDtA0AzytByEyDyB0AyDzz0C2Q&cr=1867435061&ir=" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-07] CHR Extension: (BetterTTV) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-12-07] CHR Extension: (Google Docs) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-07] CHR Extension: (Google Drive) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-07] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-15] CHR Extension: (YouTube) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-07] CHR Extension: (Adblock Plus) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-07] CHR Extension: (Google Search) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-07] CHR Extension: (Woodark) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\daiallmdmonifegjibcalpdgnjaomkme [2015-02-19] CHR Extension: (Google Sheets) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-07] CHR Extension: (Avira Browser Safety) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-10] CHR Extension: (Hola Better Internet) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-01-09] CHR Extension: (Reddit Enhancement Suite) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-12-07] CHR Extension: (FVD Downloader) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2015-02-14] CHR Extension: (Google Wallet) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-07] CHR Extension: (Gmail) - C:\Users\Hossam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-07] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-07] () R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-12-07] (EasyAntiCheat Ltd) R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16384 2014-04-16] () [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation) S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [62784 2014-11-06] (GIGA-BYTE TECHNOLOGY CO., LTD.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-05-14] (Intel Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S3 KAUpdateService; F:\Programme\The Book of Unwritten Tales 2\service\KAUpdateService.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-04] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG) R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [468240 2013-08-29] (Intel Corporation) R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] () R3 lachesis35g; C:\Windows\System32\drivers\lachesis35g.sys [11776 2012-12-10] (Razer USA Ltd) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-07] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [125952 2014-05-14] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation) R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 TesSafe; C:\Windows\system32\TesSafe.sys [910992 2015-02-13] (TENCENT) S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] () S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-07 20:38 - 2015-03-07 20:38 - 00000000 ____D () C:\FRST 2015-03-07 20:21 - 2015-03-07 20:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-07 20:21 - 2015-03-07 20:21 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-07 20:21 - 2015-03-07 20:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-07 20:21 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-07 20:21 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-07 20:21 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-06 11:54 - 2015-03-06 11:54 - 00000000 ____D () C:\Program Files\GIGABYTE 2015-03-06 11:54 - 2013-10-28 10:02 - 00022240 _____ () C:\Windows\system32\Drivers\AppleCharger.sys 2015-03-06 11:54 - 2013-10-24 17:29 - 00022240 _____ () C:\Windows\system32\Drivers\UsbCharger.sys 2015-03-06 11:54 - 2010-04-06 16:30 - 00031272 _____ () C:\Windows\system32\AppleChargerSrv.exe 2015-03-05 15:43 - 2015-03-05 15:43 - 00000000 ____D () C:\Users\Hossam\AppData\Local\Keysticks.net 2015-03-05 15:42 - 2015-03-05 15:42 - 00002657 _____ () C:\Users\Public\Desktop\Keysticks.lnk 2015-03-05 15:42 - 2015-03-05 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Keysticks 2015-03-05 15:42 - 2015-03-05 15:42 - 00000000 ____D () C:\ProgramData\Keysticks.net 2015-03-05 15:42 - 2015-03-05 15:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA 2015-03-05 15:42 - 2015-03-05 15:42 - 00000000 ____D () C:\Program Files (x86)\Keysticks.net 2015-03-02 21:10 - 2015-03-02 21:10 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-28 16:05 - 2015-02-28 16:11 - 00001024 ____H () C:\AMTAG.BIN 2015-02-28 15:35 - 2015-02-28 15:35 - 00004096 ___SH () C:\{E997FCA9-2A36-4989-9162-FD05FC2C0A1A}.CBM 2015-02-28 15:26 - 2015-02-28 15:35 - 00492032 ___SH () C:\{1944EB38-0039-4E61-937A-C26C31DF3E8B}.CBM 2015-02-28 15:23 - 2015-02-28 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo 2015-02-28 15:23 - 2015-02-28 15:23 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo 2015-02-28 15:18 - 2015-02-28 15:26 - 00488448 ___SH () C:\EUMONBMP.SYS 2015-02-28 14:31 - 2015-02-28 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 8.0 2015-02-28 14:29 - 2014-12-15 01:03 - 00024104 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\fbnative.exe 2015-02-28 13:39 - 2015-02-28 13:40 - 00001546 _____ () C:\Users\Hossam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad.lnk 2015-02-28 13:39 - 2015-02-28 13:39 - 00000000 _____ () C:\Users\Hossam\-multi.txt 2015-02-27 19:49 - 2015-02-27 19:49 - 00000000 ____D () C:\Windows\SysWOW64\directx 2015-02-25 17:47 - 2015-02-25 17:47 - 00000000 ____D () C:\Users\Hossam\My Games 2015-02-25 17:38 - 2015-02-25 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\There Came an Echo 2015-02-25 17:38 - 2015-02-25 17:38 - 00000000 ____D () C:\Program Files (x86)\Combined Community Codec Pack 2015-02-24 21:06 - 2015-02-24 21:06 - 00001321 _____ () C:\Users\Hossam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenHardwareMonitor.lnk 2015-02-24 10:20 - 2015-02-24 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-24 10:20 - 2015-02-24 10:20 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-02-24 10:20 - 2015-02-24 10:20 - 00000000 ____D () C:\Program Files\iTunes 2015-02-24 10:20 - 2015-02-24 10:20 - 00000000 ____D () C:\Program Files\iPod 2015-02-24 10:20 - 2015-02-24 10:20 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-02-23 15:50 - 2015-02-23 15:50 - 00000000 ____D () C:\Meine Backups 2015-02-23 15:50 - 2014-12-15 00:59 - 00192040 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EuFdDisk.sys 2015-02-23 15:50 - 2014-12-15 00:59 - 00060968 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eubakup.sys 2015-02-23 15:50 - 2014-12-15 00:59 - 00048168 _____ () C:\Windows\system32\Drivers\EUBKMON.sys 2015-02-23 15:50 - 2014-12-15 00:59 - 00018472 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eudskacs.sys 2015-02-23 15:48 - 2015-02-28 14:30 - 00000000 ____D () C:\Program Files (x86)\EaseUS 2015-02-21 22:11 - 2015-02-25 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Book of Unwritten Tales 2 2015-02-21 00:15 - 2015-02-21 00:15 - 00000000 ____D () C:\Users\Hossam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-02-21 00:15 - 2015-02-21 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-02-19 11:14 - 2015-02-19 11:14 - 00000000 ____D () C:\Users\Hossam\AppData\Local\Steam 2015-02-18 22:24 - 2015-02-18 22:24 - 00000000 ____D () C:\Users\Hossam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2015-02-18 22:22 - 2015-03-07 19:31 - 00000000 ____D () C:\Program Files\JDownloader v2.0 2015-02-18 14:30 - 2015-02-18 14:30 - 00000000 ____D () C:\Users\Hossam\AppData\Local\Focus Home Interactive 2015-02-13 00:26 - 2015-02-13 00:26 - 00000000 ____D () C:\Users\Hossam\AppData\Local\AAA_Internet_Publishing,_ 2015-02-13 00:26 - 2015-02-13 00:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WTFast 2015-02-13 00:26 - 2014-10-15 14:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SPORDER.DLL 2015-02-12 11:32 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-12 11:32 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-11 12:23 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 12:23 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 12:23 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-02-11 12:23 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-02-11 12:23 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 12:23 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 12:23 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 12:23 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-02-11 12:23 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-02-11 12:23 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-11 12:23 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-11 12:23 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 12:23 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 12:23 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 12:23 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 12:23 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-11 12:23 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-11 12:23 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-02-11 12:23 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-02-11 12:23 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-02-11 12:23 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 12:23 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-02-11 12:23 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-02-11 12:23 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-02-11 12:23 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-02-11 12:23 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-02-11 12:22 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 12:22 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 12:22 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 12:22 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-11 12:22 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-02-11 12:22 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-11 12:22 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 12:22 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-11 12:22 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 12:22 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-11 12:22 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-11 12:22 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-02-11 12:22 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-02-11 12:22 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-02-11 12:22 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 12:22 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 12:22 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 12:22 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 12:22 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 12:22 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 12:22 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-02-11 12:22 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-02-11 12:22 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-02-11 12:22 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 12:22 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-02-11 12:22 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 12:22 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 12:22 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-11 12:22 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-11 12:22 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 12:22 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-11 12:22 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-11 12:22 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-11 12:22 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-02-11 12:22 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-07 20:42 - 2015-02-07 20:42 - 00000000 ____D () C:\Download 2015-02-07 20:42 - 2015-02-07 20:42 - 00000000 ____D () C:\AllShare 2015-02-07 20:41 - 2015-03-06 11:54 - 00000000 ____D () C:\Users\Hossam\AppData\Local\Downloaded Installations 2015-02-07 20:41 - 2015-02-09 10:39 - 00000000 ____D () C:\Program Files (x86)\Samsung 2015-02-07 20:17 - 2015-02-09 10:39 - 00000000 ____D () C:\Users\Hossam\AppData\Roaming\SAMSUNG 2015-02-07 20:17 - 2015-02-07 20:17 - 00000000 ____D () C:\Upload 2015-02-07 20:17 - 2015-02-07 20:17 - 00000000 ____D () C:\ProgramData\SAMSUNG ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-07 20:35 - 2014-12-07 00:54 - 01323332 _____ () C:\Windows\WindowsUpdate.log 2015-03-07 20:34 - 2014-12-18 21:56 - 00045301 _____ () C:\Windows\SysWOW64\Gms.log 2015-03-07 20:32 - 2014-12-07 07:36 - 00000000 ____D () C:\Users\Hossam\AppData\Roaming\Skype 2015-03-07 20:12 - 2014-12-07 06:57 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-07 20:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2015-03-07 16:37 - 2014-03-18 11:03 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-07 16:37 - 2014-03-18 10:25 - 00765378 _____ () C:\Windows\system32\perfh007.dat 2015-03-07 16:37 - 2014-03-18 10:25 - 00159696 _____ () C:\Windows\system32\perfc007.dat 2015-03-07 16:31 - 2014-12-26 13:36 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\etdrv.sys 2015-03-07 16:31 - 2014-12-26 13:36 - 00000014 _____ () C:\Windows\OCStatus.ini 2015-03-07 16:31 - 2014-12-26 01:11 - 00026192 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys 2015-03-07 16:31 - 2014-12-07 06:57 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-07 16:31 - 2014-12-07 06:49 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-07 16:31 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-06 14:52 - 2014-12-07 01:14 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3450479177-531897440-768990038-1001 2015-03-06 12:15 - 2014-12-26 01:15 - 00170303 _____ () C:\Windows\SysWOW64\bios.ini 2015-03-06 11:54 - 2014-12-26 01:10 - 00000000 ____D () C:\Program Files (x86)\Gigabyte 2015-03-06 11:54 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-03-05 11:59 - 2014-12-09 11:36 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-05 11:59 - 2014-12-07 07:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-03-05 11:59 - 2014-12-07 07:11 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-03-04 13:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer 2015-03-04 12:52 - 2014-12-09 11:36 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-03-04 12:52 - 2014-12-07 07:11 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-03-04 12:52 - 2014-12-07 07:11 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-03-03 14:06 - 2014-12-17 22:48 - 00000000 ____D () C:\Users\Hossam\AppData\Roaming\OBS 2015-02-28 16:29 - 2014-12-07 00:54 - 00000000 ____D () C:\Users\Hossam 2015-02-25 17:38 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-02-24 21:06 - 2010-01-31 23:00 - 00000000 ____D () C:\Program Files\OpenHardwareMonitor 2015-02-24 20:05 - 2015-01-06 20:07 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4 2015-02-24 19:51 - 2013-08-22 15:44 - 00362816 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-24 10:20 - 2014-12-07 06:59 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-02-23 22:45 - 2014-12-17 22:48 - 00000000 ____D () C:\Program Files\OBS 2015-02-23 16:45 - 2014-12-07 07:10 - 00000000 ____D () C:\Program Files\CCleaner 2015-02-21 13:28 - 2014-12-07 11:46 - 00000000 ____D () C:\Users\Hossam\AppData\Local\Spotify 2015-02-21 13:28 - 2014-12-07 06:58 - 00000000 ____D () C:\Users\Hossam\AppData\Roaming\Spotify 2015-02-21 00:15 - 2014-12-07 06:58 - 00000000 ____D () C:\Program Files\WinRAR 2015-02-20 13:54 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-02-19 11:42 - 2014-12-07 07:36 - 00000000 ____D () C:\ProgramData\Skype 2015-02-19 11:41 - 2014-12-07 07:36 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-02-18 22:32 - 2014-12-27 18:13 - 00000000 ____D () C:\Users\Hossam\.weblaf 2015-02-18 22:08 - 2014-12-07 13:02 - 00000000 ____D () C:\Program Files (x86)\puush 2015-02-17 13:25 - 2015-01-30 13:45 - 00000000 ____D () C:\Users\Hossam\AppData\Roaming\Tunngle 2015-02-16 13:03 - 2014-12-11 13:24 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-16 13:01 - 2014-12-11 13:24 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-13 22:55 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2015-02-13 01:48 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-02-13 01:34 - 2014-12-25 01:16 - 00910992 _____ (TENCENT) C:\Windows\system32\TesSafe.sys 2015-02-09 10:39 - 2014-12-07 07:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information ==================== Files in the root of some directories ======= 2014-12-15 00:14 - 2014-12-15 00:14 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-12-07 07:00 - 2014-12-07 07:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\Hossam\AppData\Local\Temp\avgnt.exe C:\Users\Hossam\AppData\Local\Temp\proxy_vole4827868200911130535.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-27 11:52 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2015 01 Ran by Hossam at 2015-03-07 20:39:06 Running from X:\Libraries\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) @BIOS B14.1003.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE) @BIOS B14.1003.1 (x32 Version: 3.00.0000 - GIGABYTE) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.) APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.14.1205 - Gigabyte) APP Center (x32 Version: 1.14.1205 - Gigabyte) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.650 - Avira) BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BUSB (HKLM-x32\...\{0AADC50C-C4F8-49A7-8699-AFE46875CA67}) (Version: 1.13.0911.1 - GIGABYTE) Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth) CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project) CrystalDiskInfo 6.3.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.3.0 - Crystal Dew World) DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) Dynasty Warriors 8 Xtreme Legends version 1.02 (HKLM-x32\...\{F2CA1EE3-A492-4220-AE30-69F963100DE2}_is1) (Version: 1.02 - Koei Tecmo) EaseUS Todo Backup Free 8.0 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.0 - CHENGDU YIWO Tech Development Co., Ltd) EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0002 - GIGABYTE) EasyTune (x32 Version: 1.00.0002 - GIGABYTE) Hidden F1 2012 (HKLM-x32\...\Steam App 208500) (Version: - Codemasters Birmingham) Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft) Fragen-Lern-CD 4.6 (x32 Version: 4.6.5 - Wendel-Verlag GmbH) Hidden Google Chrome (HKLM-x32\...\{DDCA236C-A28B-3979-8855-B7475BCAD806}) (Version: 66.30.49223 - Google, Inc.) Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Homeworld Remastered Collection MULTi2 1.0 (HKLM-x32\...\Homeworld Remastered Collection MULTi2 1.0) (Version: - ) HP Photosmart 5510 series - Grundlegende Software für das Gerät (HKLM\...\{8133D9DE-F412-4CFB-A359-5E3EE38A9A19}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) Intel(R) Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.25.1006 - Intel Corporation) Intel(R) Network Connections 18.8.136.0 (HKLM\...\PROSetDX) (Version: 18.8.136.0 - Intel) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation) iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.) Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Keysticks (HKLM-x32\...\{017E32B0-23A9-40F0-952B-6B12F0702A15}) (Version: 1.8.1 - Keysticks.net) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (de-DE) (HKLM-x32\...\{955F43D9-38C4-4C22-BEE3-1A6C63F968FA}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (en-AU) (HKLM-x32\...\{FA19A2B8-9A24-49B0-A51C-CF4A6B4B2B62}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (en-CA) (HKLM-x32\...\{0C96ED3F-83E2-4917-89DC-7837DC775FEC}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (en-GB) (HKLM-x32\...\{E0D13850-F97C-4B30-9F05-862299CE8DA5}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (en-IN) (HKLM-x32\...\{3B06AC90-DE68-44A9-95EB-0A3C1AF1514F}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (en-US) (HKLM-x32\...\{66D57636-BD4B-402F-9E7D-5E89C28C8136}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (es-ES) (HKLM-x32\...\{5D4A25B6-3A4E-409B-90FA-EDE99E2006B4}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (es-MX) (HKLM-x32\...\{BE94188A-CA4F-4AC7-A1B3-52D37882C30D}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (fr-CA) (HKLM-x32\...\{58DE670F-4977-4A23-9D2E-8C82A2072920}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (fr-FR) (HKLM-x32\...\{4D2DDB98-1FE6-4CFE-BCFD-EFE27FF24FAE}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (it-IT) (HKLM-x32\...\{9267D7E7-5872-4CB1-B4E3-377F4CA272D0}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (ja-JP) (HKLM-x32\...\{A06F3EA5-7C55-4505-8982-534BA05F49BE}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (ko-KR) (HKLM-x32\...\{1D8F6891-9B7F-4F08-A54E-C568D8C33276}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (pt-BR) (HKLM-x32\...\{F6B5EB21-0ABF-487C-B9A9-D9DB259C4403}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (pt-PT) (HKLM-x32\...\{DAFE30C6-C638-4505-9372-2ECD1A1B317C}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (ru-RU) (HKLM-x32\...\{9419B7EA-6A4B-4A57-8E2A-3BDD4676118F}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (zh-CN) (HKLM-x32\...\{BAD2A75A-1708-47BA-A498-20890D2C78A7}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (zh-HK) (HKLM-x32\...\{6BAA03F9-B2E5-40EB-8871-703FF0046E9D}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (zh-TW) (HKLM-x32\...\{28292B72-CF8A-4915-A5F5-07FF1E44C6F5}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Middle Earth Shadow of Mordor version 1.2 (HKLM-x32\...\{CBC0D3A9-406A-43DD-8CC1-A268F9E8D6BC}_is1) (Version: 1.2 - RFT) NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA Miracast Virtual Audio 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.09 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) ON_OFF Charge 2 B14.0217.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) ON_OFF Charge 2 B14.0217.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert) Razer Lachesis (HKLM-x32\...\{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}) (Version: 1.00.0000 - Razer USA Ltd.) Razer Lachesis 5600 (HKLM-x32\...\{B86EE1B4-85B7-4731-AA28-7262A722B3FE}) (Version: 3.03.00 - Razer USA Ltd.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7256 - Realtek Semiconductor Corp.) Shadow Warrior (HKLM-x32\...\Steam App 233130) (Version: - Flying Wild Hog) SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden SIV (HKLM-x32\...\InstallShield_{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.00.0000 - GIGABYTE) SIV (x32 Version: 1.00.0000 - GIGABYTE) Hidden Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) SPEEDLINK STRIKE Gamepad (HKLM-x32\...\{DFF7CD2E-2BB5-40C3-9592-078F64677EFF}) (Version: 1.00.0000 - ) Spotify (HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) Spotify (HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl) The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version: - Galactic Cafe) There Came an Echo (HKLM-x32\...\There Came an Echo_is1) (Version: - ) Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.1305.1 - Microsoft Corporation) Hidden Uplay (HKLM-x32\...\Uplay) (Version: 5.0 - Ubisoft) Viscera Cleanup Detail: Shadow Warrior (HKLM-x32\...\Steam App 255520) (Version: - RuneStorm) WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 24-02-2015 20:05:57 Installed SPEEDLINK STRIKE Gamepad 04-03-2015 15:09:04 Geplanter Prüfpunkt 05-03-2015 15:42:01 DirectX wurde installiert ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {17A94334-B319-4C45-9038-A6324028D670} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-07] (Google Inc.) Task: {80FF52AB-C731-406D-87E0-350C9C5B39C7} - System32\Tasks\Cleanup by CCleaner => C:\Program Files\CCleaner\CCleaner64.exe [2015-01-20] (Piriform Ltd) Task: {92E43638-4A53-4608-A5CC-CA2A9A481AE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-07] (Google Inc.) Task: {AA0C94F6-330F-4B39-A162-BB13E3922B97} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {B4AAC837-C887-480E-B14A-B877A127306C} - System32\Tasks\Driver Booster SkipUAC (Hossam) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe Task: {C7212003-8111-4EF3-AFAC-FB62F53E091A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-16] (Microsoft Corporation) Task: {F25C9B10-A7CB-4388-B60C-65F7C0A01A1D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-12-07 06:49 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-04-16 16:09 - 2014-04-16 16:09 - 00016384 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe 2015-02-28 14:29 - 2014-12-15 01:03 - 00241704 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe 2014-12-07 13:02 - 2014-12-07 13:02 - 00567880 _____ () C:\Program Files (x86)\puush\puush.exe 2015-02-28 14:30 - 2014-12-15 01:04 - 00253992 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe 2015-03-07 17:11 - 2015-03-07 17:11 - 00040448 ____N () C:\Users\Hossam\AppData\Local\Temp\proxy_vole4827868200911130535.dll 2015-03-07 17:11 - 2015-03-07 17:11 - 00566439 _____ () C:\Program Files\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll 2015-03-07 17:11 - 2015-03-07 17:11 - 04078962 _____ () C:\Program Files\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00098856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00031272 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00107560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00030248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00280104 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00037416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00754728 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00407080 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00022568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00115752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00194088 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00037928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00135720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00096808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00353832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00027176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00137256 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00146984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00050216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00061992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00089640 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll 2015-02-28 14:29 - 2014-12-15 00:53 - 00056360 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll 2012-11-27 08:03 - 2012-11-27 08:03 - 00102400 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\ycc.DLL 2015-02-28 14:29 - 2014-12-15 00:53 - 00223784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll 2015-02-24 21:12 - 2014-11-11 19:47 - 00774656 _____ () X:\Program Files\Steam\SDL2.dll 2015-02-24 21:12 - 2014-12-02 01:29 - 05002752 _____ () X:\Program Files\Steam\v8.dll 2015-02-24 21:12 - 2015-02-19 00:51 - 02360000 _____ () X:\Program Files\Steam\video.dll 2015-02-24 21:12 - 2014-12-02 01:29 - 01612800 _____ () X:\Program Files\Steam\icui18n.dll 2015-02-24 21:12 - 2014-12-02 01:29 - 01210368 _____ () X:\Program Files\Steam\icuuc.dll 2015-02-24 21:12 - 2014-12-01 22:31 - 02396672 _____ () X:\Program Files\Steam\libavcodec-56.dll 2015-02-24 21:12 - 2014-12-01 22:31 - 00479744 _____ () X:\Program Files\Steam\libavformat-56.dll 2015-02-24 21:12 - 2014-12-01 22:31 - 00332800 _____ () X:\Program Files\Steam\libavresample-2.dll 2015-02-24 21:12 - 2014-12-01 22:31 - 00442880 _____ () X:\Program Files\Steam\libavutil-54.dll 2015-02-24 21:12 - 2014-12-01 22:31 - 00485888 _____ () X:\Program Files\Steam\libswscale-3.dll 2015-02-24 21:12 - 2015-02-19 00:51 - 00702656 _____ () X:\Program Files\Steam\bin\chromehtml.DLL 2015-02-28 14:30 - 2014-12-15 01:04 - 00223272 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\traynet.dll 2015-02-28 14:30 - 2014-12-15 01:04 - 00275496 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\libcurl.dll 2015-02-28 14:30 - 2014-12-15 01:04 - 00118328 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\zlib1.dll 2015-02-28 14:30 - 2014-12-15 01:04 - 00249896 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\uexper.dll 2015-02-24 21:12 - 2015-01-28 02:30 - 34641288 _____ () X:\Program Files\Steam\bin\libcef.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-05-14 15:08 - 2014-05-14 15:08 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-02-24 21:12 - 2015-01-28 02:30 - 01709960 _____ () X:\Program Files\Steam\bin\ffmpegsumo.dll 2015-02-20 16:12 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll 2015-02-20 16:12 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll 2015-02-20 16:12 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll 2015-02-20 16:12 - 2015-02-17 23:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3450479177-531897440-768990038-1001\Control Panel\Desktop\\Wallpaper -> F:\Inhalte\Desktop\3840x2400 (4).jpg HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> F:\Inhalte\Desktop\3840x2400 (4).jpg DNS Servers: 192.168.2.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "ShadowPlay" HKLM\...\StartupApproved\Run: => "NvBackend" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "Razer Lachesis Driver" HKLM\...\StartupApproved\Run32: => "Lachesis" HKLM\...\StartupApproved\Run32: => "AllShareAgent" HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-3450479177-531897440-768990038-1001\...\StartupApproved\Run: => "HP Photosmart 5510 series (NET)" HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-3450479177-531897440-768990038-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "HP Photosmart 5510 series (NET)" ==================== Accounts: ============================= Administrator (S-1-5-21-3450479177-531897440-768990038-500 - Administrator - Disabled) Gast (S-1-5-21-3450479177-531897440-768990038-501 - Limited - Disabled) Hossam (S-1-5-21-3450479177-531897440-768990038-1001 - Administrator - Enabled) => C:\Users\Hossam ==================== Faulty Device Manager Devices ============= Name: USB Mass Storage Device Description: USB Mass Storage Device Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Compatible USB storage device Service: USBSTOR Problem: : Windows is removing this device. (Code 21) Resolution: Wait several seconds, and then press the F5 key to update the Device Manager view. If that does not resolve the problem, restart your computer. ==================== Event log errors: ========================= Application errors: ================== Error: (03/06/2015 00:16:33 PM) (Source: ThermalConsole) (EventID: 0) (User: ) Description: System.NotSupportedException: Specified method is not supported. at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanRegulatorEx2.InitFanObjects(MotherboardHealthIdentification healthNumber) at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanRegulatorEx2.InitObjectsInternal(MotherboardHealthIdentification healthNumber) at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl.InitIntelObjects() at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl.InitObjects(String productName) at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl..ctor() at ThermalConsole.MainWindow.InitObjects() Error: (03/06/2015 00:16:33 PM) (Source: thermald) (EventID: 0) (User: ) Description: System.NotSupportedException: Specified method is not supported. at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanRegulatorEx2.InitFanObjects(MotherboardHealthIdentification healthNumber) at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanRegulatorEx2.InitObjectsInternal(MotherboardHealthIdentification healthNumber) at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl.InitIntelObjects() at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl.InitObjects(String productName) at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl..ctor() at thermald.MainWindow.InitHardwareMonitorObjects() Error: (03/03/2015 08:52:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: League of Legends.exe, version: 5.4.0.241, time stamp: 0x54e6b86b Faulting module name: League of Legends.exe, version: 5.4.0.241, time stamp: 0x54e6b86b Exception code: 0xc0000409 Fault offset: 0x00b45f15 Faulting process id: 0x2244 Faulting application start time: 0xLeague of Legends.exe0 Faulting application path: League of Legends.exe1 Faulting module path: League of Legends.exe2 Report Id: League of Legends.exe3 Faulting package full name: League of Legends.exe4 Faulting package-relative application ID: League of Legends.exe5 Error: (03/03/2015 04:12:51 PM) (Source: BugSplat) (EventID: 1) (User: ) Description: This event has been logged by the BugSplat crash reporting library (hxxp://www.bugsplatsoftware.com) in partnership with your vendor lol_beta_riotgames_com. A crash report from the application 'LOL_Public' has been successfully logged into the BugSplat database with id=-1. Please contact your vendor for more information. Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an. (HRESULT : 0x80040d06) (0x80040d06) Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Kontext: Windows Anwendung Details: Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an. (HRESULT : 0x80040d06) (0x80040d06) Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Kontext: Windows Anwendung, SystemIndex Katalog Details: Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an. (HRESULT : 0x80040d06) (0x80040d06) Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Kontext: Windows Anwendung, SystemIndex Katalog Details: Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an. (HRESULT : 0x80040d06) (0x80040d06) Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 3057) (User: ) Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized. Kontext: Windows Anwendung Details: (HRESULT : 0x8e5e0210) (0x8e5e0210) Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801) System errors: ============= Error: (03/07/2015 04:31:27 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 00:20:49 on 07.03.2015 was unexpected. Error: (03/07/2015 04:31:21 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT) Description: 32212256844719550584112040 Error: (03/06/2015 11:54:41 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (03/06/2015 00:12:59 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (03/05/2015 01:00:53 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (03/04/2015 01:33:17 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (03/03/2015 00:02:58 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (03/03/2015 00:53:11 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (03/02/2015 09:12:50 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (03/02/2015 09:12:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Neustart des Diensts. Microsoft Office Sessions: ========================= Error: (03/06/2015 00:16:33 PM) (Source: ThermalConsole) (EventID: 0) (User: ) Description: System.NotSupportedException: Specified method is not supported. at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanRegulatorEx2.InitFanObjects(MotherboardHealthIdentification healthNumber) at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanRegulatorEx2.InitObjectsInternal(MotherboardHealthIdentification healthNumber) at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl.InitIntelObjects() at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl.InitObjects(String productName) at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl..ctor() at ThermalConsole.MainWindow.InitObjects() Error: (03/06/2015 00:16:33 PM) (Source: thermald) (EventID: 0) (User: ) Description: System.NotSupportedException: Specified method is not supported. at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanRegulatorEx2.InitFanObjects(MotherboardHealthIdentification healthNumber) at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanRegulatorEx2.InitObjectsInternal(MotherboardHealthIdentification healthNumber) at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl.InitIntelObjects() at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl.InitObjects(String productName) at Gigabyte.EnvironemntControl.CoolingDevice.Fan.FanControl..ctor() at thermald.MainWindow.InitHardwareMonitorObjects() Error: (03/03/2015 08:52:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: League of Legends.exe5.4.0.24154e6b86bLeague of Legends.exe5.4.0.24154e6b86bc000040900b45f15224401d055e2dd38ece7C:\Program Files (x86)\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.79\deploy\League of Legends.exeC:\Program Files (x86)\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.79\deploy\League of Legends.exeda172883-c1de-11e4-82b6-74d435fbefb1 Error: (03/03/2015 04:12:51 PM) (Source: BugSplat) (EventID: 1) (User: ) Description: lol_beta_riotgames_comLOL_Public-1 Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Details: Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an. (HRESULT : 0x80040d06) (0x80040d06) Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Kontext: Windows Anwendung Details: Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an. (HRESULT : 0x80040d06) (0x80040d06) Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an. (HRESULT : 0x80040d06) (0x80040d06) Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an. (HRESULT : 0x80040d06) (0x80040d06) Search.TripoliIndexer Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 3057) (User: ) Description: Kontext: Windows Anwendung Details: (HRESULT : 0x8e5e0210) (0x8e5e0210) Search.TripoliIndexer Error: (03/02/2015 09:12:41 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801) The catalog is corrupt ==================== Memory info =========================== Processor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz Percentage of memory in use: 31% Total physical RAM: 16304.85 MB Available physical RAM: 11241.11 MB Total Pagefile: 17328.85 MB Available Pagefile: 11327.9 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:238.13 GB) (Free:159.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive x: (Storage) (Fixed) (Total:831.39 GB) (Free:697.91 GB) NTFS Drive z: (Metopus) (Fixed) (Total:453.76 GB) (Free:269.62 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: CBA5BC7A) Partition 1: (Active) - (Size=238.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ======================================================== Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 3B902D93) Partition 1: (Not Active) - (Size=993 KB) - (Type=42) Partition 2: (Not Active) - (Size=12 GB) - (Type=27) Partition 3: (Not Active) - (Size=453.8 GB) - (Type=42) ==================== End Of Log ============================ |
08.03.2015, 14:10 | #4 |
/// the machine /// TB-Ausbilder | Chrom lädt automatisch Datein runter ? Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Chrom lädt automatisch Datein runter ? |
automatisch, canceln, chrome, datein, fehlercode 0xc0000409, fehlercode 21, gefangen, interne, internet, konnte, nichts, plötzlich, pua/softpulse.gen, runter, schnell, surfen, verdächtiges, windows is removing this device. (code 21) |