| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 8: Windows hackt und laggtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.04.2015, 11:50
| #1 |
| |  Windows 8: Windows hackt und laggt Hallo, seit einiger Zeit habe ich das Problem, dass Windows generell 'laggt'. Wenn ich zum Beispiel etwas vom Desktop oder der Taskleiste öffnen möchte, dann dauert dies ewig und der Bildschirm friert immer für ein paar Sekunden ein, bevor ich wieder die nächste Aktion machen kann. Ich wollte halt erst mal abklären ob dies eventuell an Viren liegen kann, da ich sonst nichts an meinen Rechner verändert habe. MBAM und AntiVira finden nichts. Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015
Ran by Lilhomer2 at 2015-04-13 11:57:19
Running from J:\Important Tools
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.149 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{7E33E883-0D17-4397-A461-B576605E34B1}) (Version: 12.1.6.156 - Adobe Systems, Inc)
Age of Mythology: Extended Edition (HKLM-x32\...\Steam App 266840) (Version: - SkyBox Labs)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.8 - Sereby Corporation)
AllSync (HKLM-x32\...\AllSync_is1) (Version: 3.5.64 - Michael Thummerer Software Design)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
ASUS Essence STX II Audio Device (HKLM-x32\...\{1A01B996-F7F7-473C-9EA4-B22801713A83}) (Version: - ASUSTek Computer Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 DEU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.11.4119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{E78B4959-B348-4913-874B-FF982378E035}) (Version: 0.9.11.4119 - BlueStack Systems, Inc.)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Craft The World (HKLM-x32\...\Steam App 248390) (Version: - Dekovir Entertainment)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0388 - Disc Soft Ltd)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version: - Stunlock Studios)
DiskBoss 5.2.38 (HKLM-x32\...\DiskBoss) (Version: 5.2.38 - Flexense Computing Systems Ltd.)
Dungeon Defenders II (HKLM-x32\...\Steam App 236110) (Version: - Trendy Entertainment)
DYNASTY WARRIORS 8: Xtreme Legends Complete Edition (HKLM-x32\...\Steam App 278080) (Version: - KOEI TECMO GAMES CO., LTD.)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{2466E484-9D86-416B-9C88-AA533F15AF1C}) (Version: 12.0.2000.8 - Microsoft Corporation)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Freemake Video Converter Version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Full Mojo Rampage (HKLM-x32\...\Steam App 225280) (Version: - Over the Top Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North)
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version: - Rockstar Games)
GUILD WARS (HKU\S-1-5-21-2115731667-743251652-1676115530-1001\...\Guild Wars) (Version: - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Happy Wars (HKLM-x32\...\Steam App 246280) (Version: - Toylogic inc.)
Hero Siege (HKLM-x32\...\Steam App 269210) (Version: - Elias Viglione)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HMA! Pro VPN 2.8.19.0 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.8.19.0 - Privax Ltd)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Interstellar Marines (HKLM-x32\...\Steam App 236370) (Version: - Zero Point Software)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche Studios)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - Avalanche Studios)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version: - Paradox North)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.62608.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62608.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{485F4AC6-F79E-4482-A0D2-EDF0CCE1E124}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server*2014 Management Objects (HKLM-x32\...\{4F4CB3E2-9D2F-465A-854B-8276B02F4E7D}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft Visual Studio Express 2013 für Windows mit Update 4 (HKLM-x32\...\{01070e13-0ade-4563-93f8-9d6790c0a9db}) (Version: 12.0.31101.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 - Microsoft Corporation)
Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version: - Virtual Heroes)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 RC für Windows Store-Apps (Deutsch) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version: - Vitali Kirpu)
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version: - Ndemic Creations)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version: - Tripwire Interactive)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Road Redemption (HKLM-x32\...\Steam App 300380) (Version: - Dark Seas Interactive)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version: - Cellar Door Games)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
Shark007 Standard Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 2.3.3 - Shark007)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
SIW 2013 Home Edition (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2013.05.14 - Topala Software Solutions)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Sniper Elite: Zombie Army 2 (HKLM-x32\...\Steam App 247930) (Version: - Rebellion)
Spintires (HKLM-x32\...\Steam App 263280) (Version: - Oovee® Game Studios)
Squishy the Suicidal Pig (HKLM-x32\...\Steam App 318430) (Version: - Tomi Maarela)
SRWare Iron Version SRWare Iron 41.2200.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 41.2200.0 - SRWare)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-2115731667-743251652-1676115530-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd)
The Long Dark (HKLM-x32\...\Steam App 305620) (Version: - Hinterland Studio Inc.)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Korean Microsoft IME Standard Dictionary (HKLM\...\{75A54180-CA5E-47B8-AFBB-29337B976B21}) (Version: 16.0.662.1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XecureWeb Control (HKLM-x32\...\XecureWeb Control) (Version: - )
XSplit Gamecaster (HKLM-x32\...\{5AADA165-FB60-41C0-8825-3E5B6C5F244C}) (Version: 2.1.1412.1628 - SplitmediaLabs)
==================== Restore Points =========================
08-04-2015 12:38:54 Removed Vegas Pro 13.0 (64-bit)
11-04-2015 15:47:46 Removed XSplit Broadcaster
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2015-02-04 13:09 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {11B38356-48CA-4A8D-AB83-72580DFF03C0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {1593D367-A621-4A63-AF1B-5D3FD552402E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {26B3D076-C9E0-4209-8A64-5C50CEE9A21D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {79AF8505-B724-4AE4-AD3E-2343BBE838E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-21] (Google Inc.)
Task: {89937642-48E7-4CA0-B529-9F6D6CED1081} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {ABAC51BE-DFDB-4D13-BA8E-F0BB14490454} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {D1EBC677-BBAE-4A36-A71A-D44DEC1F074A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-21] (Google Inc.)
Task: {DACBE741-A1E1-4523-8845-3B8C6CBEDFD9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-31] (Adobe Systems Incorporated)
Task: {E7D9396C-54CF-4EE5-AC28-07F1D3B49F55} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2015-03-20 20:03 - 2015-03-13 18:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-26 11:10 - 2015-01-26 11:10 - 00118784 _____ () J:\Program Files (x86)\DiskBoss\bin\diskbsa.exe
2015-04-02 11:44 - 2008-07-11 09:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2015-04-02 11:44 - 2008-07-11 09:03 - 00282112 ____N () C:\Windows\System\HsMgr64.exe
2015-01-26 11:01 - 2015-01-26 11:01 - 02625536 _____ () J:\Program Files (x86)\DiskBoss\bin\libdbs.dll
2015-01-26 10:58 - 2015-01-26 10:58 - 00724992 _____ () J:\Program Files (x86)\DiskBoss\bin\libpal.dll
2015-03-08 17:03 - 2014-03-17 04:23 - 00003132 _____ () J:\Program Files (x86)\DAEMON Tools Pro\MSIMG32.dll
2015-03-30 20:47 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-04-02 11:44 - 2013-12-16 05:05 - 00143360 ____N () C:\Program Files\ASUS Essence STX II Audio Device\Customapp\VmixP8.dll
2015-04-02 23:53 - 2015-03-30 23:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-02 23:53 - 2015-03-30 23:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-02 23:53 - 2015-03-30 23:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Lilhomer2\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2115731667-743251652-1676115530-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lilhomer2\Desktop\travel-wallpapers-and-seoul-south-korea-world-korea-wallpaper-hd-puchong-price-kota-damansara-korean-design-promotion-johor-gallery-online-malaysia.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-2115731667-743251652-1676115530-1001\...\StartupApproved\Run: => "RGSC"
HKU\S-1-5-21-2115731667-743251652-1676115530-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2115731667-743251652-1676115530-1001\...\StartupApproved\Run: => "DAEMON Tools Ultra Agent"
HKU\S-1-5-21-2115731667-743251652-1676115530-1001\...\StartupApproved\Run: => "Clownfish"
HKU\S-1-5-21-2115731667-743251652-1676115530-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-2115731667-743251652-1676115530-1001\...\StartupApproved\Run: => "SandboxieControl"
==================== Accounts: =============================
Administrator (S-1-5-21-2115731667-743251652-1676115530-500 - Administrator - Disabled)
Gast (S-1-5-21-2115731667-743251652-1676115530-501 - Limited - Disabled)
Bibum (S-1-5-21-2115731667-743251652-1676115530-1001 - Administrator - Enabled) => C:\Users\Lilhomer2
==================== Faulty Device Manager Devices =============
Name: TAP-Win32 Adapter V9 (Tunngle)
Description: TAP-Win32 Adapter V9 (Tunngle)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9 (Tunngle)
Service: tap0901t
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/13/2015 11:50:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.3.9600.17415, Zeitstempel: 0x5450541b
Name des fehlerhaften Moduls: nvwgf2umx.dll, Version: 9.18.13.4788, Zeitstempel: 0x55030413
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000008b7e67
ID des fehlerhaften Prozesses: 0x354
Startzeit der fehlerhaften Anwendung: 0xLogonUI.exe0
Pfad der fehlerhaften Anwendung: LogonUI.exe1
Pfad des fehlerhaften Moduls: LogonUI.exe2
Berichtskennung: LogonUI.exe3
Vollständiger Name des fehlerhaften Pakets: LogonUI.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LogonUI.exe5
Error: (04/13/2015 11:49:51 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/13/2015 05:33:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.3.9600.17415, Zeitstempel: 0x5450541b
Name des fehlerhaften Moduls: nvwgf2umx.dll, Version: 9.18.13.4788, Zeitstempel: 0x55030413
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000008b7e67
ID des fehlerhaften Prozesses: 0x358
Startzeit der fehlerhaften Anwendung: 0xLogonUI.exe0
Pfad der fehlerhaften Anwendung: LogonUI.exe1
Pfad des fehlerhaften Moduls: LogonUI.exe2
Berichtskennung: LogonUI.exe3
Vollständiger Name des fehlerhaften Pakets: LogonUI.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LogonUI.exe5
Error: (04/13/2015 05:33:47 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/12/2015 08:55:32 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/12/2015 08:53:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: ff4
Startzeit: 01d074fd4bfd8bbb
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\Explorer.EXE
Berichts-ID: 3c45c3ef-e145-11e4-bf20-f46d0461d4ca
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (04/12/2015 10:47:21 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/12/2015 00:45:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.3.9600.17415, Zeitstempel: 0x5450541b
Name des fehlerhaften Moduls: nvwgf2umx.dll, Version: 9.18.13.4788, Zeitstempel: 0x55030413
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000008b7e67
ID des fehlerhaften Prozesses: 0x358
Startzeit der fehlerhaften Anwendung: 0xLogonUI.exe0
Pfad der fehlerhaften Anwendung: LogonUI.exe1
Pfad des fehlerhaften Moduls: LogonUI.exe2
Berichtskennung: LogonUI.exe3
Vollständiger Name des fehlerhaften Pakets: LogonUI.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LogonUI.exe5
Error: (04/12/2015 00:43:32 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/12/2015 00:15:45 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
System errors:
=============
Error: (04/13/2015 11:49:51 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (04/13/2015 11:49:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (04/13/2015 05:33:47 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (04/13/2015 05:33:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (04/12/2015 08:55:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (04/12/2015 08:54:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (04/12/2015 10:47:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (04/12/2015 10:46:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (04/12/2015 00:43:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (04/12/2015 00:42:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Microsoft Office Sessions:
=========================
Error: (04/13/2015 11:50:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogonUI.exe6.3.9600.174155450541bnvwgf2umx.dll9.18.13.478855030413c000000500000000008b7e6735401d075cf189cddceC:\WINDOWS\system32\LogonUI.exeC:\WINDOWS\system32\nvwgf2umx.dll77ca89d9-e1c2-11e4-bf23-f46d0461d4ca
Error: (04/13/2015 11:49:51 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/13/2015 05:33:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogonUI.exe6.3.9600.174155450541bnvwgf2umx.dll9.18.13.478855030413c000000500000000008b7e6735801d0759a90229c82C:\WINDOWS\system32\LogonUI.exeC:\WINDOWS\system32\nvwgf2umx.dlle95c3744-e18d-11e4-bf22-f46d0461d4ca
Error: (04/13/2015 05:33:47 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/12/2015 08:55:32 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/12/2015 08:53:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.17667ff401d074fd4bfd8bbb4294967295C:\WINDOWS\Explorer.EXE3c45c3ef-e145-11e4-bf20-f46d0461d4ca
Error: (04/12/2015 10:47:21 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/12/2015 00:45:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogonUI.exe6.3.9600.174155450541bnvwgf2umx.dll9.18.13.478855030413c000000500000000008b7e6735801d074a8d8faa68aC:\WINDOWS\system32\LogonUI.exeC:\WINDOWS\system32\nvwgf2umx.dll760f933d-e09c-11e4-bf1f-f46d0461d4ca
Error: (04/12/2015 00:43:32 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (04/12/2015 00:15:45 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
CodeIntegrity Errors:
===================================
Date: 2015-03-26 22:04:45.699
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\LILHOM~1\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-03-26 22:04:45.618
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-02-22 13:34:09.811
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\LILHOM~1\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-02-22 13:34:09.723
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 13%
Total physical RAM: 16351.13 MB
Available physical RAM: 14150.31 MB
Total Pagefile: 18143.13 MB
Available Pagefile: 15575.27 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.45 GB) (Free:21.2 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.34 GB) (Free:0.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: (Volume) (Fixed) (Total:931.51 GB) (Free:541.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6F2A194A)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 112F8A2E)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:55 on 13/04/2015 (Lilhomer2)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015 Ran by Lilhomer2 (administrator) on LILHOMER on 13-04-2015 12:46:51 Running from C:\Users\Lilhomer2\Downloads Loaded Profiles: Lilhomer2 & (Available profiles: Lilhomer2) Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Atheros Commnucations) C:\Windows\System32\AdminService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe () J:\Program Files (x86)\DiskBoss\bin\diskbsa.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Disc Soft Ltd) J:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\System32\InputMethod\KOR\KorIME.exe () C:\Windows\SysWOW64\HsMgr.exe () C:\Windows\System\HsMgr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Malwarebytes Corporation) J:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) J:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) J:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Cmaudio8788] => C:\WINDOWS\syswow64\RunDll32.exe C:\WINDOWS\Syswow64\CmiCnfgSTXII.dll,CMICtrlWnd HKLM\...\Run: [Cmaudio8788GX] => C:\WINDOWS\syswow64\HsMgr.exe [200704 2008-07-11] () HKLM\...\Run: [Cmaudio8788GX64] => C:\WINDOWS\system\HsMgr64.exe [282112 2008-07-11] () HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [847576 2015-02-03] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2115731667-743251652-1676115530-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.) HKU\S-1-5-21-2115731667-743251652-1676115530-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2115731667-743251652-1676115530-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2115731667-743251652-1676115530-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp HKU\S-1-5-21-2115731667-743251652-1676115530-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2115731667-743251652-1676115530-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2015-03-17] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2015-03-17] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll [2015-03-17] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll [2015-03-17] (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Lilhomer2\AppData\Roaming\Mozilla\Firefox\Profiles\NPy4GMqq.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-18] () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2015-03-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2015-03-17] (Oracle Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> J:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> J:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-18] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2015-01-09] (Adobe Systems, Inc.) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll [2015-03-17] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll [2015-03-17] (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation) FF Plugin-x32: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2013-06-08] (SoftForum Co., Ltd.) FF Plugin-x32: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2013-06-08] (SoftForum Co., Ltd.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2115731667-743251652-1676115530-1001: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2013-06-08] (SoftForum Co., Ltd.) FF Plugin HKU\S-1-5-21-2115731667-743251652-1676115530-1001: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2013-06-08] (SoftForum Co., Ltd.) FF Plugin HKU\S-1-5-21-2115731667-743251652-1676115530-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2013-06-08] (SoftForum Co., Ltd.) FF Plugin HKU\S-1-5-21-2115731667-743251652-1676115530-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2013-06-08] (SoftForum Co., Ltd.) FF Extension: Avira Browser Safety - C:\Users\Lilhomer2\AppData\Roaming\Mozilla\Firefox\Profiles\NPy4GMqq.default\Extensions\abs@avira.com [2014-11-18] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Lilhomer2\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Lilhomer2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-21] CHR Extension: (YouTube) - C:\Users\Lilhomer2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-21] CHR Extension: (Adblock for Youtube™) - C:\Users\Lilhomer2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-02-20] CHR Extension: (Google Search) - C:\Users\Lilhomer2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-21] CHR Extension: (Avira Browser Safety) - C:\Users\Lilhomer2\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-12] CHR Extension: (AdBlock) - C:\Users\Lilhomer2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-04] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lilhomer2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11] CHR Extension: (Ghostery) - C:\Users\Lilhomer2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-03-17] CHR Extension: (Google Wallet) - C:\Users\Lilhomer2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-21] CHR Extension: (µMatrix) - C:\Users\Lilhomer2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfcmafjalglgifnmanfmnieipoejdcf [2015-01-21] CHR Extension: (Gmail) - C:\Users\Lilhomer2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-21] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2013-06-25] (Atheros Commnucations) [File not signed] R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814464 2015-03-10] () S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2015-02-03] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-02-03] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-02-03] (BlueStack Systems, Inc.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 DiskBoss Service; J:\Program Files (x86)\DiskBoss\bin\diskbsa.exe [118784 2015-01-26] () [File not signed] S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [175136 2015-02-04] (EasyAntiCheat Ltd) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation) R2 MBAMScheduler; J:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; J:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [2967144 2014-11-12] (INCA Internet Co., Ltd.) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation) S3 OpenVPNService; J:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2014-10-29] (The OpenVPN Project) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed] S3 TunngleService; J:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2015-01-17] (Tunngle.net GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) S3 AvastVBoxSvc; J:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X] S3 VsEtwService120; "J:\Programme (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-02-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-25] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-25] (Avira Operations GmbH & Co. KG) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2015-02-03] (BlueStack Systems) R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-03-08] (Disc Soft Ltd) R3 dtultrascsibus; C:\Windows\System32\drivers\dtultrascsibus.sys [30352 2014-12-22] (Disc Soft Ltd) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-13] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation) R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [40136 2015-03-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation) R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation) R3 STXIIService; C:\Windows\system32\drivers\STXII.sys [2736640 2014-02-18] (C-Media Inc) S3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-21] () S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) R3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited) S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-09-24] (Microsoft Corporation) S2 VBoxAswDrv; \??\J:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] U3 ugriapow; \??\C:\Users\LILHOM~1\AppData\Local\Temp\ugriapow.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-13 12:46 - 2015-04-13 12:46 - 00042843 _____ () C:\Users\Lilhomer2\Downloads\Addition.txt 2015-04-13 12:46 - 2015-04-13 12:46 - 00021126 _____ () C:\Users\Lilhomer2\Downloads\FRST.txt 2015-04-13 11:58 - 2015-04-13 11:58 - 00000112 _____ () C:\Users\Lilhomer2\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten- - Trojaner-Board.url 2015-04-13 11:57 - 2015-04-13 12:17 - 00038506 _____ () C:\Users\Lilhomer2\Desktop\Addition.txt 2015-04-13 11:56 - 2015-04-13 12:46 - 00000000 ____D () C:\FRST 2015-04-13 11:56 - 2015-04-13 11:56 - 02096640 _____ (Farbar) C:\Users\Lilhomer2\Downloads\FRST64.exe 2015-04-13 11:54 - 2015-04-13 11:55 - 00000480 _____ () C:\Users\Lilhomer2\Desktop\defogger_disable.log 2015-04-13 11:54 - 2015-04-13 11:54 - 00000178 _____ () C:\Users\Lilhomer2\defogger_reenable 2015-04-11 19:53 - 2015-04-11 19:55 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Roaming\PixelPiracy 2015-04-11 15:48 - 2015-04-11 15:48 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Local\DiskBoss 2015-04-10 00:42 - 2015-04-10 00:42 - 00000069 _____ () C:\Users\Lilhomer2\Desktop\Der Dativ ist dem Genitiv sein Tod - YouTube.url 2015-04-09 19:52 - 2015-04-09 19:52 - 00215052 _____ () C:\Users\Lilhomer2\Documents\ts3_clientui-win32-1407159763-2015-04-09 19_52_08.654288.dmp 2015-04-09 11:52 - 2015-04-09 22:56 - 00000000 ____D () C:\Users\Lilhomer2\Desktop\Progress 2015-04-08 09:54 - 2015-04-08 09:54 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Local\IsolatedStorage 2015-04-08 09:53 - 2015-04-08 09:53 - 00000872 _____ () C:\Users\Public\Desktop\HMA! Pro VPN.lnk 2015-04-08 09:53 - 2015-04-08 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HMA! Pro VPN 2015-04-08 09:42 - 2015-04-08 09:44 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Roaming\Steganos 2015-04-08 09:42 - 2015-04-08 09:42 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Roaming\Steganos VPN 2015-04-05 17:57 - 2015-04-05 17:57 - 00198706 _____ () C:\Users\Lilhomer2\Documents\ts3_clientui-win32-1407159763-2015-04-05 17_57_56.401527.dmp 2015-04-04 11:22 - 2015-04-04 11:22 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX 2015-04-04 11:22 - 2015-04-04 11:22 - 00000000 ___SD () C:\WINDOWS\system32\GWX 2015-04-03 21:18 - 2015-04-03 21:18 - 00000141 _____ () C:\Users\Lilhomer2\Desktop\Learn Korean » Basic Bootcamp #1 - Korean Self Introduction and Basic Greetings.url 2015-04-03 01:14 - 2015-04-03 01:14 - 00001390 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2015-04-03 01:14 - 2015-04-03 01:14 - 00001321 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2015-04-03 01:14 - 2015-04-03 01:14 - 00000000 ____D () C:\WINDOWS\PCHEALTH 2015-04-03 01:14 - 2015-04-03 01:14 - 00000000 ____D () C:\WINDOWS\de 2015-04-03 01:14 - 2015-04-03 01:14 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2015-04-03 01:14 - 2015-04-03 01:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2015-04-02 11:57 - 2015-04-02 11:57 - 00000071 _____ () C:\Users\Lilhomer2\Desktop\Time - Hans Zimmer.url 2015-04-02 11:55 - 2015-04-02 11:55 - 00000048 _____ () C:\Users\Lilhomer2\Desktop\Lonesome Street - Blur.url 2015-04-02 11:44 - 2015-04-02 11:44 - 00419840 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll 2015-04-02 11:44 - 2015-04-02 11:44 - 00111616 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll 2015-04-02 11:44 - 2015-04-02 11:44 - 00051139 _____ () C:\WINDOWS\CMICNFGSTXII.INI.cfl 2015-04-02 11:44 - 2015-04-02 11:44 - 00002160 _____ () C:\Users\Lilhomer2\Desktop\ASUS Essence STX II.lnk 2015-04-02 11:44 - 2015-04-02 11:44 - 00001025 _____ () C:\WINDOWS\CMICNFGSTXII.INI.imi 2015-04-02 11:44 - 2015-04-02 11:44 - 00000964 _____ () C:\WINDOWS\system\CMICNFGSTXII.INI 2015-04-02 11:44 - 2015-04-02 11:44 - 00000137 _____ () C:\WINDOWS\system\Dlap.pfx 2015-04-02 11:44 - 2015-04-02 11:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-04-02 11:44 - 2015-04-02 11:44 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Roaming\ASUS 2015-04-02 11:44 - 2015-04-02 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Essence STX II Audio Device 2015-04-02 11:44 - 2015-04-02 11:44 - 00000000 ____D () C:\Program Files\ASUS Essence STX II Audio Device 2015-04-02 11:44 - 2015-04-02 11:44 - 00000000 ____D () C:\Program Files (x86)\OpenAL 2015-04-02 11:44 - 2014-02-18 07:04 - 02736640 _____ (C-Media Inc) C:\WINDOWS\system32\Drivers\STXII.sys 2015-04-02 11:44 - 2014-02-18 07:04 - 00315392 _____ (C-Media Electronics Inc.) C:\WINDOWS\SysWOW64\CmiFltr_STXII.dll 2015-04-02 11:44 - 2014-02-18 07:04 - 00315392 _____ (C-Media Electronics Inc.) C:\WINDOWS\system\CmiFltr_STXII.dll 2015-04-02 11:44 - 2014-02-18 07:04 - 00032768 _____ (C-Media Electronics Inc.) C:\WINDOWS\system32\cmudaxp_STXII.dll 2015-04-02 11:44 - 2014-02-11 09:03 - 00000505 ____N () C:\WINDOWS\cmudaxp_STXII.ini 2015-04-02 11:44 - 2014-01-27 05:05 - 13463552 ____N (C-Media Corporation) C:\WINDOWS\SysWOW64\CmiCnfgSTXII.dll 2015-04-02 11:44 - 2014-01-08 06:08 - 00465408 ____N (C-Media Electronics Inc.) C:\WINDOWS\system32\cmasioSTXII64.dll 2015-04-02 11:44 - 2014-01-08 06:08 - 00303104 ____N (C-Media Electronics Inc.) C:\WINDOWS\SysWOW64\cmasioSTXII.dll 2015-04-02 11:44 - 2013-12-05 10:15 - 00005277 ____N () C:\WINDOWS\CMICNFGSTXII.INI.cfg 2015-04-02 11:44 - 2013-11-29 06:23 - 04650496 ____N () C:\WINDOWS\system32\CmiCnfgSTXII.cpl 2015-04-02 11:44 - 2013-11-25 06:01 - 00832000 ____N () C:\WINDOWS\system32\cmeauASUSSTX2.exe 2015-04-02 11:44 - 2013-11-22 05:35 - 00000058 ____N () C:\WINDOWS\system32\cmasioSTXII64.ini 2015-04-02 11:44 - 2013-11-22 05:35 - 00000054 ____N () C:\WINDOWS\SysWOW64\cmasioSTXII.ini 2015-04-02 11:44 - 2013-10-16 04:55 - 00143360 ____N () C:\WINDOWS\SysWOW64\VmixP8.dll 2015-04-02 11:44 - 2012-01-06 03:30 - 00212992 ____N (C-Media Electronics Inc.) C:\WINDOWS\SysWOW64\HsSrv2.dll 2015-04-02 11:44 - 2012-01-06 03:30 - 00212992 ____N (C-Media Electronics Inc.) C:\WINDOWS\SysWOW64\HsSrv.dll 2015-04-02 11:44 - 2012-01-06 03:30 - 00122880 ____N (C-Media Electronics Inc.) C:\WINDOWS\system\HsSrv642.dll 2015-04-02 11:44 - 2012-01-06 03:30 - 00122880 ____N (C-Media Electronics Inc.) C:\WINDOWS\system\HsSrv64.dll 2015-04-02 11:44 - 2009-08-19 10:00 - 00359424 ____N () C:\WINDOWS\system32\CmiInstallResAll64.dll 2015-04-02 11:44 - 2008-07-11 09:04 - 00200704 ____N () C:\WINDOWS\SysWOW64\HsMgr.exe 2015-04-02 11:44 - 2008-07-11 09:03 - 00282112 ____N () C:\WINDOWS\system\HsMgr64.exe 2015-04-02 11:44 - 2007-12-13 11:12 - 00122880 ____N (CMedia Electronics Inc.) C:\WINDOWS\SysWOW64\Cm_Oal.dll 2015-04-02 11:44 - 2007-12-13 11:12 - 00122880 ____N (CMedia Electronics Inc.) C:\WINDOWS\system32\Cm_Oal.dll 2015-04-02 11:44 - 2006-10-05 23:45 - 00524768 ____R (Microsoft Corporation) C:\WINDOWS\difxapi.dll 2015-04-02 11:44 - 2006-09-13 20:21 - 00200704 ____N (C-Media) C:\WINDOWS\SysWOW64\Cmpaoxy.dll 2015-04-02 11:24 - 2015-04-02 11:24 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Roaming\NVIDIA 2015-04-02 11:20 - 2015-03-13 17:38 - 00622224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2015-03-31 16:33 - 2015-03-31 16:33 - 00001028 _____ () C:\Users\Public\Desktop\SRWare Iron.lnk 2015-03-31 16:33 - 2015-03-31 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron 2015-03-31 16:33 - 2015-03-31 16:33 - 00000000 ____D () C:\Program Files (x86)\SRWare Iron 2015-03-27 13:16 - 2015-03-27 13:16 - 00000000 ____D () C:\Users\Lilhomer2\Documents\Flight Simulator X Files 2015-03-27 13:15 - 2015-03-27 13:15 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2015-03-26 23:04 - 2015-03-26 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys 2015-03-26 23:03 - 2015-03-26 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW 2015-03-26 23:03 - 2015-03-26 23:03 - 00000000 ____D () C:\Program Files (x86)\SIW 2013 Home Edition 2015-03-25 19:46 - 2015-03-25 20:04 - 00000000 ____D () C:\Users\Lilhomer2\Documents\Heroes of the Storm 2015-03-25 18:54 - 2015-03-25 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm 2015-03-25 18:50 - 2015-04-13 07:31 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Local\Battle.net 2015-03-25 18:50 - 2015-03-25 19:47 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2015-03-25 18:50 - 2015-03-25 18:51 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Roaming\Battle.net 2015-03-25 18:50 - 2015-03-25 18:50 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Local\Blizzard Entertainment 2015-03-25 18:50 - 2015-03-25 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2015-03-25 18:39 - 2015-03-25 18:39 - 00000000 ____D () C:\ProgramData\Battle.net 2015-03-24 18:11 - 2015-03-24 18:11 - 00000825 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-24 10:02 - 2015-03-24 10:02 - 00000000 ___HD () C:\XecureSSL 2015-03-24 10:02 - 2015-03-24 10:02 - 00000000 ___HD () C:\WINDOWS\yessign 2015-03-24 10:02 - 2015-03-24 10:02 - 00000000 ____D () C:\Program Files\NPKI 2015-03-24 10:02 - 2015-03-24 10:02 - 00000000 ____D () C:\Program Files (x86)\SoftForum 2015-03-23 21:58 - 2015-04-13 12:46 - 00000000 ____D () C:\Users\Lilhomer2\Desktop\VBZ Steam 2015-03-22 12:38 - 2015-03-22 12:38 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2015-03-21 22:32 - 2015-03-21 22:32 - 00000082 _____ () C:\Users\Lilhomer2\Desktop\Learn Korean.url 2015-03-21 11:00 - 2015-03-21 11:00 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-03-21 11:00 - 2015-03-21 11:00 - 00002039 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2015-03-21 11:00 - 2015-03-21 11:00 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-03-21 10:22 - 2015-03-21 10:26 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Roaming\RadeonPro 2015-03-21 10:22 - 2015-03-21 10:22 - 00000000 ____D () C:\Users\Lilhomer2\Documents\RadeonPro Benchmarks 2015-03-21 09:58 - 2015-03-21 09:58 - 00000060 _____ () C:\Users\Lilhomer2\Desktop\Guru3D.com Forums - Powered by vBulletin.url 2015-03-20 20:04 - 2015-04-02 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-03-20 20:04 - 2015-03-28 05:44 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2015-03-20 20:04 - 2015-03-28 05:44 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2015-03-20 20:04 - 2015-03-28 05:43 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2015-03-20 20:04 - 2015-03-28 05:43 - 01570672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2015-03-20 20:04 - 2015-03-20 20:04 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Local\NVIDIA 2015-03-20 20:03 - 2015-04-13 11:49 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-20 20:03 - 2015-03-20 20:04 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2015-03-20 20:03 - 2015-03-13 21:41 - 24775368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2015-03-20 20:03 - 2015-03-13 21:41 - 16022016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll 2015-03-20 20:03 - 2015-03-13 21:41 - 14121624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll 2015-03-20 20:03 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2015-03-20 20:03 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2015-03-20 20:03 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2015-03-20 20:03 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434788.dll 2015-03-20 20:03 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcvadgenco64.dll 2015-03-20 20:03 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434788.dll 2015-03-20 20:03 - 2015-03-13 21:41 - 01540240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll 2015-03-20 20:03 - 2015-03-13 21:41 - 00878328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll 2015-03-20 20:03 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll 2015-03-20 20:03 - 2015-03-13 21:41 - 00195728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys 2015-03-20 20:03 - 2015-03-13 21:41 - 00164568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll 2015-03-20 20:03 - 2015-03-13 21:41 - 00101576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcaparm.dll 2015-03-20 20:03 - 2015-03-13 21:41 - 00073872 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2015-03-20 20:03 - 2015-03-13 21:41 - 00060560 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2015-03-20 20:03 - 2015-03-13 21:41 - 00040136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvadarm.sys 2015-03-20 20:03 - 2015-03-13 21:41 - 00030536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll 2015-03-20 20:03 - 2015-03-13 18:16 - 06861968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2015-03-20 20:03 - 2015-03-13 18:16 - 03526856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2015-03-20 20:03 - 2015-03-13 18:16 - 02559808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2015-03-20 20:03 - 2015-03-13 18:16 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe 2015-03-20 20:03 - 2015-03-13 18:16 - 00386248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2015-03-20 20:03 - 2015-03-13 18:16 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2015-03-20 20:03 - 2015-03-11 15:10 - 04246327 _____ () C:\WINDOWS\system32\nvcoproc.bin 2015-03-20 20:02 - 2015-03-20 20:02 - 00000000 ____D () C:\NVIDIA 2015-03-20 18:45 - 2015-04-12 11:15 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Local\Bohemia_Interactive 2015-03-19 16:06 - 2015-03-19 16:06 - 00000000 ____D () C:\Users\Lilhomer2\Tracing 2015-03-19 10:10 - 2015-03-19 10:10 - 00000100 _____ () C:\Users\Lilhomer2\Desktop\www.plus-magazin.com-wp-contentnew-uploads-2013-07-Wasser-Liste.pdf.url 2015-03-18 12:43 - 2015-03-18 12:43 - 00000000 ___RD () C:\Sandbox 2015-03-18 12:41 - 2015-03-18 12:51 - 00001552 _____ () C:\WINDOWS\Sandboxie.ini 2015-03-17 18:22 - 2015-03-17 18:22 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2015-03-17 18:22 - 2015-03-17 18:22 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2015-03-17 18:22 - 2015-03-17 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-03-17 18:22 - 2015-03-17 18:22 - 00000000 ____D () C:\Program Files\Java 2015-03-17 18:22 - 2015-03-17 18:22 - 00000000 ____D () C:\Program Files (x86)\Java 2015-03-17 18:16 - 2015-03-17 18:16 - 00000000 _____ () C:\WINDOWS\SysWOW64\REN3BC5.tmp 2015-03-14 15:49 - 2015-03-14 15:49 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Local\CrashRpt 2015-03-14 15:47 - 2015-03-14 15:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Chart Controls 2015-03-14 11:57 - 2015-03-14 11:57 - 00000000 ____D () C:\Users\Lilhomer2\Cheathappens 2015-03-14 11:15 - 2015-03-14 11:15 - 00000000 ____D () C:\Users\Lilhomer2\Documents\Colossal Order 2015-03-14 11:15 - 2015-03-14 11:15 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Roaming\Colossal Order 2015-03-14 11:15 - 2015-03-14 11:15 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Roaming\.mono 2015-03-14 11:15 - 2015-03-14 11:15 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Local\Colossal Order 2015-03-14 11:15 - 2015-03-14 11:15 - 00000000 ____D () C:\ProgramData\.mono ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-13 12:14 - 2014-11-18 17:35 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-04-13 12:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-04-13 12:01 - 2014-11-20 01:24 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-04-13 11:55 - 2014-09-24 08:16 - 01886820 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-04-13 11:55 - 2014-09-24 07:43 - 00805954 _____ () C:\WINDOWS\system32\perfh007.dat 2015-04-13 11:55 - 2014-09-24 07:43 - 00176466 _____ () C:\WINDOWS\system32\perfc007.dat 2015-04-13 11:54 - 2014-11-18 19:48 - 00000000 ____D () C:\Users\Lilhomer2 2015-04-13 11:53 - 2015-01-21 17:43 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-13 11:50 - 2015-01-21 17:43 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-13 11:50 - 2014-12-30 20:39 - 00000000 ___RD () C:\Users\Lilhomer2\OneDrive 2015-04-13 11:49 - 2015-02-14 12:06 - 00035675 _____ () C:\WINDOWS\setupact.log 2015-04-13 11:49 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-04-13 11:48 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-04-13 09:16 - 2015-02-14 12:09 - 02075974 _____ () C:\WINDOWS\WindowsUpdate.log 2015-04-12 23:59 - 2014-12-18 23:45 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Roaming\vlc 2015-04-12 20:46 - 2014-11-18 23:33 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Roaming\TS3Client 2015-04-12 20:29 - 2014-11-18 17:36 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Roaming\Skype 2015-04-12 18:31 - 2014-11-27 01:48 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Local\Arma 3 2015-04-12 12:34 - 2014-11-18 15:25 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2115731667-743251652-1676115530-1001 2015-04-11 22:26 - 2015-03-05 10:48 - 00879534 _____ () C:\WINDOWS\PFRO.log 2015-04-11 22:19 - 2014-12-09 23:16 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-04-10 11:04 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-04-09 22:45 - 2015-03-12 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-04-09 22:45 - 2015-03-08 17:10 - 00000000 ____D () C:\ProgramData\Package Cache 2015-04-09 22:45 - 2014-11-18 18:30 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-04-09 00:39 - 2014-12-09 19:41 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Local\Arma 3 Launcher 2015-04-04 11:22 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-04-03 13:30 - 2014-12-06 17:44 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Roaming\Audacity 2015-04-03 01:16 - 2014-12-02 00:23 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Local\Windows Live 2015-04-03 01:14 - 2015-03-04 23:01 - 00128008 _____ () C:\WINDOWS\DirectX.log 2015-04-03 01:14 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-04-02 11:45 - 2015-02-14 12:06 - 00364872 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-04-02 11:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\System 2015-04-02 11:20 - 2015-02-15 21:32 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2015-03-31 16:36 - 2014-11-18 17:35 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-03-31 16:36 - 2014-11-18 17:23 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Local\Adobe 2015-03-24 18:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\L2Schemas 2015-03-24 18:11 - 2014-11-20 01:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-23 16:42 - 2015-03-12 17:54 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Roaming\Avira 2015-03-23 16:42 - 2015-03-12 17:53 - 00000000 ____D () C:\ProgramData\Avira 2015-03-21 11:00 - 2014-11-18 17:33 - 00000000 ____D () C:\ProgramData\Adobe 2015-03-20 20:04 - 2015-02-15 21:33 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Local\NVIDIA Corporation 2015-03-20 20:04 - 2015-02-15 21:31 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-03-20 20:03 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Help 2015-03-19 18:25 - 2014-11-27 08:13 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Roaming\Notepad++ 2015-03-19 16:06 - 2014-11-28 08:05 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-03-19 16:06 - 2014-11-18 17:36 - 00000000 ____D () C:\ProgramData\Skype 2015-03-17 18:15 - 2014-12-09 20:46 - 00000000 ____D () C:\Program Files (x86)\DivX 2015-03-17 18:15 - 2014-12-07 18:13 - 00000000 ____D () C:\ProgramData\DivX 2015-03-17 18:12 - 2015-03-04 20:08 - 00000000 ____D () C:\ProgramData\Origin 2015-03-17 17:04 - 2014-11-20 09:24 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-03-17 17:04 - 2014-11-20 09:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-03-17 13:58 - 2014-11-19 00:42 - 00000000 ____D () C:\Users\Lilhomer2\Documents\My Games 2015-03-17 08:56 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-03-17 07:15 - 2014-11-20 01:24 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-03-17 07:15 - 2014-11-20 01:24 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-03-17 07:15 - 2014-11-20 01:24 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-03-16 13:21 - 2015-02-15 22:08 - 00000000 ____D () C:\Users\Lilhomer2\Desktop\Neuer Ordner 2015-03-14 16:40 - 2014-11-20 11:18 - 00280792 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr 2015-03-14 16:40 - 2014-11-20 11:17 - 00281032 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2015-03-14 15:50 - 2015-03-06 14:57 - 00000000 ____D () C:\Users\Lilhomer2\AppData\Local\PunkBuster ==================== Files in the root of some directories ======= 2014-12-19 00:32 - 2014-12-20 22:41 - 0000302 _____ () C:\Users\Lilhomer2\AppData\Roaming\burnaware.ini 2014-12-20 21:55 - 2014-12-20 21:55 - 0000031 _____ () C:\Users\Lilhomer2\AppData\Local\burnaware.ini 2014-11-21 20:58 - 2014-11-21 20:58 - 0007601 _____ () C:\Users\Lilhomer2\AppData\Local\Resmon.ResmonCfg 2014-12-18 19:33 - 2014-12-19 09:23 - 0000040 ___SH () C:\ProgramData\.zreglib Some content of TEMP: ==================== C:\Users\Lilhomer2\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-07 10:59 ==================== End Of Log ============================ |
|
13.04.2015, 11:58
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8: Windows hackt und laggt hi,
__________________Malware ist da keine. http://support2.microsoft.com/kb/929135/de Bitte einen Clean Boot machen. Wenn das Problem dann weg ist, einzeln wieder Dienste aktivieren, dazwischen immer einen Reboot machen. Solange bis Du weißt welcher Dienst die Probleme macht. Diesen dann hier benennen.
__________________ |
|
| Themen zu Windows 8: Windows hackt und laggt |
| adware, antivirus, avira, bildschirm, browser, computer, converter, defender, desktop, flash player, helper, installation, launch, mozilla, nvbackend, onedrive, problem, programm, refresh, robot, rundll, scan, security, sekunden, server, software, svchost.exe, taskleiste, uplay, viren, windows |
Linear-Darstellung
