|
Log-Analyse und Auswertung: Windows 7: Ungültiges Bild (error) VC32LOWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.04.2015, 16:07 | #1 |
| Windows 7: Ungültiges Bild (error) VC32LO Hallo, Ich Marcel M. (23) habe folgendes Problem: Als ich Heute meinen Laptop (Asus G74S) gestartet habe, kam ein Errorfenster mit dem Namen "(als erstes ein name wie z.B steam.exe) - Ungültiges Bild" und im Fenster steht immer "C:\Progra~2\Search~1\Search~1\bin\VC32LO~1.DLL ist entweder nicht für die Ausführung unter Windows vorgesehen oder enthält einen Fehler. Installieren Sie das Programm mit den Originalinstallationsmedien erneut, oder wenden Sie sich an den Systemadministrator oder Softwarelieferanten, Um Unterstützung zu erhalten." Dieses Fenster kommt sehr häufig beim starten von Windows und dann temporär, wenn Ich irgendwelche Programme oder ähnliches öffne. Mein System: Windows 7 Home Premium Systemtyp: 64 Bit-Betriebssystem Arbeitsspeicher: 8GB Prozessor: Inte(R) Core(TM) i7-2670QM CPU @ 2.20GHz Ich habe noch garnichts unternommen, habe nur mit 'FRST 64Bit' ein Scan durchgeführt -> FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015 Ran by Marci (administrator) on ASUSG74 on 14-04-2015 16:45:18 Running from C:\Users\Marci\Desktop Loaded Profiles: Marci & (Available profiles: Marci) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe () C:\Program Files\EslWire\service\WireHelperSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (ASUS) C:\Program Files\Asus\P4G\BatteryLife.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe () C:\ExpressGateUtil\VAWinService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Spotify Ltd) C:\Users\Marci\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd) C:\Users\Marci\AppData\Roaming\Spotify\Spotify.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Dropbox, Inc.) C:\Users\Marci\AppData\Roaming\Dropbox\bin\Dropbox.exe (ASUS) C:\Windows\AsScrPro.exe () C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe () C:\ExpressGateUtil\VAWinAgent.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe () C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (Visicom Media Inc. (Powered by Panda Security)) C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Razer USA Ltd.) C:\Program Files (x86)\Razer\Tarantula\razerhid.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Spotify Ltd) C:\Users\Marci\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\Marci\AppData\Roaming\Spotify\Spotify.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Razer Inc.) C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe () C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Portrait Displays, Inc) C:\Program Files (x86)\BenQ\Display Pilot\dthtml.exe (Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Program Files (x86)\Razer\Tarantula\razertra.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe () C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe () C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2869008 2012-01-26] (Synaptics Incorporated) HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [100112 2012-01-26] (Synaptics Incorporated) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2011-10-19] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme) HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2011-12-20] (ASUS) HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909312 2011-03-17] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe [84464 2011-04-01] () HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-04-08] () HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [DeathAdder] => C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [248832 2012-01-14] () HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-06] (ASUS) HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [Anti-phishing Domain Advisor] => C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [232616 2012-01-17] (Visicom Media Inc. (Powered by Panda Security)) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1564880 2012-05-29] (Ask) HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [48128 2012-07-19] (Windows (R) Win 7 DDK provider) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) HKLM-x32\...\Run: [Tarantula] => C:\Program Files (x86)\Razer\Tarantula\razerhid.exe [159744 2007-05-07] (Razer USA Ltd.) HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [112424 2013-06-18] () HKLM-x32\...\Run: [DT BEN] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [122384 2013-11-12] (Portrait Displays, Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-06] (Acresso Corporation) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Run: [Spotify Web Helper] => C:\Users\Marci\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-18] (Spotify Ltd) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Run: [PriceMeterW] => "C:\Users\Marci\AppData\Local\PriceMeter\pricemeterw.exe" HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Run: [Spotify] => C:\Users\Marci\AppData\Roaming\Spotify\Spotify.exe [6701624 2015-03-18] (Spotify Ltd) AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [263952 2015-04-12] (Client Connect LTD) AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [223504 2015-04-12] () Startup: C:\Users\Marci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://safesearch.avira.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://safesearch.avira.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://safesearch.avira.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://safesearch.avira.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://safesearch.avira.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = https://safesearch.avira.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://safesearch.avira.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = https://safesearch.avira.com/ HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com URLSearchHook: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=20120408217B472BB7BAB314064B3F6E&q={searchTerms} SearchScopes: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000 -> {F9A7C24B-42F9-4910-AF51-F43B0FC69209} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=ffaae8c0-1033-45c1-9098-6dfae1dc7a99&apn_sauid=D7A574B5-E1D3-4C95-AD1B-C8790D48DEA0 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-03-22] (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO-x32: Avira SearchFree Toolbar plus Web Protection -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-05-29] (Ask) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-03-22] (Oracle Corporation) Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-05-29] (Ask) Toolbar: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3330189&octid=EB_ORIGINAL_CTID&ISID=MF4EF329C-1A7D-4430-935B-4B54A32A05A3&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SPE57B27DA-DF99-47DB-9243-3EB2C46653C2 FF SelectedSearchEngine: Trovi FF Homepage: https://www.youtube.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] () FF Plugin-x32: @esn/esnlaunch,version=1.116.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.122.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.138.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-03-22] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 -> C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 -> C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation) FF Plugin HKU\S-1-5-21-1586699263-1730969920-3125584917-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-11-25] () FF user.js: detected! => C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\user.js [2014-07-19] FF Extension: Avira Browser Safety - C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\Extensions\abs@avira.com [2015-03-31] FF Extension: Battlefield Heroes Updater - C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\Extensions\battlefieldheroespatcher@ea.com [2012-10-01] FF Extension: FireJump - C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\Extensions\firejump@firejump.net [2013-01-19] FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\Extensions\toolbar@ask.com [2012-06-19] FF Extension: Preispilot - C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\Extensions\extension@preispilot.com.xpi [2013-01-20] FF Extension: MEGA - C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\Extensions\firefox@mega.co.nz.xpi [2014-12-20] FF Extension: Adblock Plus - C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-10] FF HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Firefox\Extensions: [extension@preispilot.com] - C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\extensions\extension@preispilot.com FF HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Firefox\Extensions: [firejump@firejump.net] - C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\extensions\firejump@firejump.net FF HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG) R2 AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [113840 2010-07-27] () [File not signed] R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed] S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [817536 2015-01-27] () R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3251472 2015-04-12] (Client Connect LTD) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-12-20] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-12-20] (Creative Labs) [File not signed] R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2013-11-12] (Portrait Displays, Inc.) R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2013-06-11] () R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-25] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-18] () R2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2011-01-28] (PostgreSQL Global Development Group) [File not signed] R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-03-26] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-01-30] (ASUSTek Computer Inc.) R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG) S3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [25528 2012-01-24] (Turtle Entertainment GmbH) R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [184968 2013-12-22] (<Turtle Entertainment>) R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [76584 2012-07-19] (Fresco Logic) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-01-26] (Synaptics Incorporated) R3 TarFltr; C:\Windows\System32\drivers\UsbFltr.sys [49664 2007-04-11] (Razer USA Ltd.) S3 massfilter; system32\drivers\massfilter.sys [X] R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-14 16:45 - 2015-04-14 16:45 - 00032311 _____ () C:\Users\Marci\Desktop\FRST.txt 2015-04-14 16:44 - 2015-04-14 16:45 - 00000000 ____D () C:\FRST 2015-04-14 16:42 - 2015-04-14 16:42 - 02096640 _____ (Farbar) C:\Users\Marci\Desktop\FRST64.exe 2015-04-14 15:31 - 2015-04-14 15:31 - 00003458 _____ () C:\Windows\System32\Tasks\avaavaevy 2015-04-14 15:31 - 2015-04-14 15:31 - 00000000 ____D () C:\Users\Marci\AppData\Local\avaavaevy 2015-04-05 11:31 - 2015-04-05 11:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX 2015-03-26 16:08 - 2015-04-09 19:47 - 00000000 ____D () C:\Users\Marci\AppData\Local\Arma 3 Launcher 2015-03-26 16:08 - 2015-03-26 16:08 - 00000000 ____D () C:\Users\Marci\AppData\Local\Bohemia_Interactive 2015-03-25 17:10 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-03-25 17:10 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-03-25 17:10 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-03-25 17:10 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-03-25 17:10 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-03-25 17:10 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-03-25 17:10 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-03-25 17:10 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-14 16:45 - 2013-03-23 15:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-14 16:44 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-14 16:44 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-14 16:39 - 2014-01-30 19:04 - 00000000 ____D () C:\Users\Marci\AppData\Local\Spotify 2015-04-14 16:38 - 2011-02-19 06:24 - 00711530 _____ () C:\Windows\system32\perfh007.dat 2015-04-14 16:38 - 2011-02-19 06:24 - 00153720 _____ () C:\Windows\system32\perfc007.dat 2015-04-14 16:38 - 2009-07-14 07:13 - 01652988 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-14 16:36 - 2014-03-18 21:44 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-04-14 16:36 - 2014-01-30 19:02 - 00000000 ____D () C:\Users\Marci\AppData\Roaming\Spotify 2015-04-14 16:36 - 2013-12-08 13:33 - 00000000 ____D () C:\Users\Marci\AppData\Local\CrashDumps 2015-04-14 16:36 - 2013-10-31 18:41 - 00000380 _____ () C:\Users\Marci\AppData\Roaming\sp_data.sys 2015-04-14 16:36 - 2012-09-23 23:01 - 00000000 ___RD () C:\Users\Marci\Dropbox 2015-04-14 16:36 - 2012-09-23 22:59 - 00000000 ____D () C:\Users\Marci\AppData\Roaming\Dropbox 2015-04-14 16:35 - 2011-12-20 01:03 - 02006778 _____ () C:\Windows\WindowsUpdate.log 2015-04-14 16:31 - 2014-07-19 14:05 - 00000960 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job 2015-04-14 16:31 - 2012-03-01 23:02 - 00000000 ____D () C:\Users\Marci\AppData\Roaming\TS3Client 2015-04-14 16:31 - 2011-10-19 05:20 - 00630610 _____ () C:\Windows\PFRO.log 2015-04-14 16:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-14 16:31 - 2009-07-14 06:51 - 00351070 _____ () C:\Windows\setupact.log 2015-04-14 16:10 - 2014-07-19 14:05 - 00000964 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job 2015-04-14 15:31 - 2015-01-27 23:57 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2015-04-14 15:28 - 2014-03-24 18:52 - 00000000 ____D () C:\Users\Marci\AppData\Local\Arma 3 2015-04-12 12:57 - 2012-09-23 22:59 - 00000000 ____D () C:\Users\Marci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-04-08 15:36 - 2012-05-08 16:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-07 15:45 - 2013-08-16 11:08 - 00000000 ____D () C:\Users\Marci\AppData\Roaming\Avira 2015-03-26 16:06 - 2014-12-11 15:18 - 00000000 ____D () C:\Windows\system32\appraiser 2015-03-26 16:06 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-03-25 17:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-03-18 21:50 - 2014-01-30 19:04 - 00001808 _____ () C:\Users\Marci\Desktop\Spotify.lnk 2015-03-18 21:50 - 2014-01-30 19:04 - 00001794 _____ () C:\Users\Marci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk ==================== Files in the root of some directories ======= 2012-03-04 16:37 - 2012-01-24 14:50 - 0168864 _____ () C:\Program Files\Common Files\WireHelpSvc.exe 2014-05-11 20:52 - 2014-05-11 20:52 - 0000282 _____ () C:\Users\Marci\AppData\Roaming\BreakingPoint_Login.ini 2014-05-10 23:03 - 2014-05-11 20:54 - 0001301 _____ () C:\Users\Marci\AppData\Roaming\BreakingPoint_Options.ini 2013-10-31 18:41 - 2015-04-14 16:36 - 0000380 _____ () C:\Users\Marci\AppData\Roaming\sp_data.sys 2014-02-26 18:41 - 2014-11-19 18:37 - 0007623 _____ () C:\Users\Marci\AppData\Local\Resmon.ResmonCfg 2011-10-19 06:26 - 2010-10-06 18:45 - 0131984 _____ () C:\ProgramData\FullRemove.exe 2011-12-20 01:18 - 2011-12-20 01:18 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2011-12-20 01:17 - 2011-12-20 01:17 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-12-20 01:17 - 2011-12-20 01:17 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some content of TEMP: ==================== C:\Users\Marci\AppData\Local\Temp\avgnt.exe C:\Users\Marci\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaedohy.dll C:\Users\Marci\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Marci\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Marci\AppData\Local\Temp\EslWireSetup-1.17.3.7769-x64.exe C:\Users\Marci\AppData\Local\Temp\Gw2.exe C:\Users\Marci\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\Marci\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Marci\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Marci\AppData\Local\Temp\nvStereoApiI.dll C:\Users\Marci\AppData\Local\Temp\nvStInst.exe C:\Users\Marci\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Marci\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Marci\AppData\Local\Temp\sfamcc00001.dll C:\Users\Marci\AppData\Local\Temp\sfamcc00002.dll C:\Users\Marci\AppData\Local\Temp\sfareca00001.dll C:\Users\Marci\AppData\Local\Temp\sfextra.dll C:\Users\Marci\AppData\Local\Temp\sonarinst.exe C:\Users\Marci\AppData\Local\Temp\utt840F.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-14 07:47 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015 Ran by Marci at 2015-04-14 16:45:47 Running from C:\Users\Marci\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\uTorrent) (Version: 3.4.2.38397 - BitTorrent Inc.) A3Launcher version 0.0.0.9 (HKLM-x32\...\{E31045B4-9DB5-9EBD-44DF-BD4CFDE640DF}_is1) (Version: 0.0.0.9 - Maca134) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft) Anti-phishing Domain Advisor (HKLM-x32\...\Anti-phishing Domain Advisor) (Version: 1.0.0.0 - Visicom Media Inc. (Powered by Panda Security)) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead Beta (Obsolete) (HKLM-x32\...\Steam App 219540) (Version: - ) Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive) Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.2.0 - Ask.com) <==== ATTENTION Assassin's Creed(R) III v1.03 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.03 - Ubisoft) ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS) ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0013 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.2 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.0 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0040 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.8 - ASUS) ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS) ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.) AsusScr_G74 Series_ENG (HKLM-x32\...\AsusScr_G74 Series_ENG) (Version: 1.0.0001 - ASUS) AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.7.142 - ASUSTEK) Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS) Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG) Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.0.23268 - Ask.com) <==== ATTENTION Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.4.0.0 - Electronic Arts) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts) Battlefield 4™ Beta (HKLM-x32\...\{CFAB3721-549D-4827-A4E8-7F90192114AB}) (Version: 1.0.0.0 - Electronic Arts) Battlefield™ Hardline Beta (HKLM-x32\...\{599276A7-F45D-40B1-A0B6-CF132A1CAD49}) (Version: 1.0.0.5 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - ) Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.) CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) DayZ Commander (HKLM-x32\...\{7B2CA5E9-763C-4FCE-81EE-13E81ABFE908}) (Version: 0.92.115 - Dotjosh Studios) DayZLauncher version 0.0.0.7 (HKLM-x32\...\{E31045B4-9DB5-44DF-9EBD-BD4CFDE640FD}_is1) (Version: 0.0.0.7 - Maca134) Deadtime Stories (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}) (Version: - Oberon Media) Desktop Icon für Amazon (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 (de) - ) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version: - Blizzard Entertainment) Die Siedler 7 (HKLM-x32\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden Display Pilot (HKLM-x32\...\{6DD25D67-4339-47A1-950E-EEFC321CBB24}) (Version: 2.11.002 - Portrait Displays, Inc.) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Dropbox (HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.) Dying Light (HKLM-x32\...\Steam App 239140) (Version: - Techland) ESL Wire 1.17.3 (HKLM\...\ESL Wire_is1) (Version: - Turtle Entertainment GmbH) ExpressGateCloud (HKLM-x32\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 2.6.27.160 - VideACE Co.) ExpressGateCloud (x32 Version: 2.6.27.160 - VideACE Co.) Hidden Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.04 - Ubisoft) Farm Frenzy 3 - Madagascar (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119205603}) (Version: - Oberon Media) FireJump (HKLM-x32\...\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1) (Version: 1.0.2.5 - FireJump.net) Free YouTube to MP3 Converter version 3.12.42.716 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.42.716 - DVDVideoSoft Ltd.) Fresco Logic USB3.0 Host Controller (HKLM\...\{FFF6BB59-380A-4338-AEFB-226F511C0713}) (Version: 3.5.73.0 - Fresco Logic Inc.) Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Game Park Console (HKLM-x32\...\Game Park Console) (Version: 1.2.4.431 - Oberon Media Inc.) GameFast.exe (HKLM\...\GameFast_is1) (Version: 1.0.0.1 - ASUSTEK Computer Inc) Go Go Gourmet Chef of the Year (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}) (Version: - Oberon Media) Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto) Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version: - ) iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel) iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.) Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Mahjong Memoirs (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}) (Version: - Oberon Media) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Medal of Honor™ Warfighter (HKLM-x32\...\{48379835-BF2E-4487-9CB1-D5E654502B53}) (Version: 1.0.0.0 - Electronic Arts) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.2.0.0 - Electronic Arts) Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.) NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.) Pivot Pro Plugin (x32 Version: 9.61.004 - Portrait Displays, Inc.) Hidden Plants vs Zombies (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}) (Version: - Oberon Media) PokerClue (HKLM-x32\...\{4C48700A-1A06-4DB1-A5E5-B25520C1ED54}) (Version: 1.00.0000 - Koreleone | Software) PokerRoom Home Game Organizer (HKLM-x32\...\PokerRoom Home Game Organizer) (Version: - ) PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu) Pokerstartkapital BlindTimer v3.1 (HKLM-x32\...\Pokerstartkapital.info BlindTimer_is1) (Version: - Pokerstartkapital) PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group) Preispilot für Firefox (HKLM-x32\...\{0D8E6567-7082-48DB-A305-293873AC8B39}_is1) (Version: 2.0 - Preispilot) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Razer DeathAdder(TM) Mouse (HKLM-x32\...\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}) (Version: 3.05 - Razer Inc.) Razer Tarantula (HKLM-x32\...\{655B9514-3963-490B-9EE1-431E80444889}) (Version: 5.01 - Razer USA Ltd.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6564 - Realtek Semiconductor Corp.) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.) Rotation Desktop for G Series.exe (HKLM\...\Rotation Desktop for G Series_is1) (Version: 1.0.0.9 - ASUSTEK Computer Inc) Roxio CinePlayer (HKLM-x32\...\{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}) (Version: 5.8.58232.1 - Roxio) SDK (x32 Version: 2.40.007 - Portrait Displays, Inc.) Hidden Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.22.26.1 - Client Connect LTD) <==== ATTENTION SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Stranded Deep (HKLM-x32\...\Steam App 313120) (Version: - Beam Team Games) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.43.0 - Synaptics Incorporated) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) TeamSpeak 3 Client (HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\TeamSpeak 3 Client) (Version: - TeamSpeak Systems GmbH) This War of Mine (HKLM-x32\...\Steam App 282070) (Version: - 11 bit studios) THX TruStudio (HKLM-x32\...\{B11AB9C8-18A6-41DC-98B4-4988CC030136}) (Version: 1.03.01 - Creative Technology Limited) Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.0.3 - Electronic Arts) Titanfall™-Beta (HKLM-x32\...\{E933BD1A-9B05-42A3-A1CF-3DA81C72E454}) (Version: 1.0.0.0 - Electronic Arts) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.0 - ASUS) WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH) Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS) World of Goo (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}) (Version: - Oberon Media) WS Launcher (HKLM-x32\...\{575E5E77-2C8E-405F-AB8E-9A7418B704CF}) (Version: 0.0.0.9 - Launcher) Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation) גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation) بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation) معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden 適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 14-04-2015 15:30:23 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {035A019C-E04E-4CE5-9CBB-F1FC495CE4C9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {24EF5DBE-AFC1-487A-8E23-4E4BD7CB5161} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2012-01-31] (ASUSTek Computer Inc.) Task: {3D4FE3BF-6273-415B-A8D9-827D08B59E29} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-05-29] () <==== ATTENTION Task: {3F29B975-CB79-4C9C-A018-C4B530A6D5B2} - System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe <==== ATTENTION Task: {47641524-8A52-40C7-9903-F196D907D01F} - System32\Tasks\{1561C887-2692-4C88-91FD-660A9E6C6495} => pcalua.exe -a "C:\Program Files (x86)\Origin\EAProxyInstaller.exe" -d "C:\Program Files (x86)\Origin" Task: {4A93DE3E-8F60-49FF-915B-8B98A4728A53} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation) Task: {632A08B8-3C81-416E-9F27-410A74A8AAAE} - System32\Tasks\ASUS Patch 10430001 => C:\Windows\AsPatch10430001.exe [2010-07-29] () Task: {6A2F713D-141A-49E4-87F7-DC992D620CC8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {6B3AD26E-6C79-43A9-AF85-D2F6F4255777} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-09-14] (Apple Inc.) Task: {99F6E8DB-5876-4331-8E2B-69BF6244E306} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {A3AA2048-F375-4231-9AED-563AE227C246} - System32\Tasks\avaavaevy => C:\Users\Marci\AppData\Local\avaavaevy\avaavaevy.exe [2015-04-12] () <==== ATTENTION Task: {A3DF5189-9B54-4436-B589-97226A2760B2} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-22] (ASUSTek Computer Inc.) Task: {C0BC8FBA-3DEB-4925-AC70-DAB73707D8B6} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-01-09] (ASUSTeK Computer Inc.) Task: {C2EC060E-1E6B-4807-BB4D-3C7D7DD769AE} - System32\Tasks\{7B90BDFD-FF6A-4E49-8237-7CC12D13C132} => pcalua.exe -a "C:\Program Files (x86)\Origin\EAProxyInstaller.exe" -d "C:\Program Files (x86)\Origin" Task: {D7943F34-11D9-4B01-A094-A965E93319CA} - System32\Tasks\pricemeterdownloader => C:\Users\Marci\AppData\Local\PriceMeter\pricemeterd.exe <==== ATTENTION Task: {D882862F-6011-443E-97A8-F4B6451D17B0} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-01-04] (ASUS) Task: {DAC59F23-66F5-441A-AF61-46D6C9344C78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {E7592D61-4BCC-44C2-8FB8-EE2735EF31FB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {EF5383D8-68B2-45BF-AEE9-5EA7D99D8B84} - System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe <==== ATTENTION Task: {F2E8DECD-5F53-444F-A781-F01557BE4B0B} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS) Task: {F79E7FCD-ABB1-4200-A5C3-FEBAD28F056C} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-01-30] (ASUSTek Computer Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============== 2013-10-31 18:39 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2011-12-20 01:13 - 2010-07-27 20:40 - 00113840 _____ () C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe 2013-12-22 16:08 - 2013-06-11 11:52 - 00663056 _____ () C:\Program Files\EslWire\service\WireHelperSvc.exe 2013-12-22 16:08 - 2013-07-09 13:12 - 00214016 _____ () C:\Program Files\EslWire\service\NocIPC64.dll 2014-12-04 22:12 - 2013-11-12 12:44 - 00274960 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dthook.dll 2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2012-02-20 12:26 - 2014-06-18 22:24 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2011-03-26 03:55 - 2011-03-26 03:55 - 00091464 _____ () C:\ExpressGateUtil\VAWinService.exe 2011-12-20 01:14 - 2010-06-08 23:23 - 00236544 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL 2011-04-01 13:23 - 2011-04-01 13:23 - 00084464 _____ () C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe 2011-04-08 07:26 - 2011-04-08 07:26 - 00045448 _____ () C:\ExpressGateUtil\VAWinAgent.exe 2012-02-29 21:37 - 2012-01-14 13:56 - 00248832 _____ () C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe 2012-02-29 21:37 - 2011-04-14 12:48 - 01758208 _____ () C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe 2014-11-23 15:03 - 2007-03-05 19:17 - 00143360 _____ () C:\Program Files (x86)\Razer\Tarantula\razertra.exe 2014-12-04 22:12 - 2013-06-18 13:26 - 00677160 _____ () C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe 2014-12-04 22:12 - 2013-06-18 13:26 - 00714024 _____ () C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe 2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-01-27 00:32 - 2011-01-28 07:15 - 00172032 _____ () c:\postgreSQL\bin\LIBPQ.dll 2013-01-27 00:32 - 2009-02-12 21:01 - 00976384 _____ () c:\postgreSQL\bin\libxml2.dll 2013-01-27 00:32 - 2005-07-20 12:48 - 00059904 _____ () c:\postgreSQL\bin\zlib1.dll 2011-03-26 03:55 - 2011-03-26 03:55 - 00157000 _____ () C:\ExpressGateUtil\libexpat.dll 2011-03-26 03:55 - 2011-03-26 03:55 - 00061768 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL 2014-03-18 21:50 - 2015-03-10 08:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-01-20 08:31 - 2014-12-02 02:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-01-20 08:31 - 2014-12-02 02:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-01-20 08:31 - 2014-12-02 02:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2014-05-22 16:08 - 2015-04-14 01:44 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll 2014-08-29 15:13 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-08-29 15:13 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2014-08-29 15:13 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-08-29 15:13 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2014-08-29 15:13 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2014-03-18 21:50 - 2015-04-14 01:44 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2015-03-12 17:53 - 2015-03-18 21:50 - 40506936 _____ () C:\Users\Marci\AppData\Roaming\Spotify\libcef.dll 2015-04-14 16:36 - 2015-04-14 16:36 - 00043008 _____ () c:\users\marci\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaedohy.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Marci\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Marci\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Marci\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Marci\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2010-08-20 19:57 - 2010-08-20 19:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2010-08-20 19:57 - 2010-08-20 19:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2012-02-06 19:32 - 2012-02-06 19:32 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll 2012-01-31 09:25 - 2012-01-31 09:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll 2014-03-18 21:50 - 2015-02-25 03:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2015-03-12 17:53 - 2015-03-18 21:50 - 01365560 _____ () C:\Users\Marci\AppData\Roaming\Spotify\libglesv2.dll 2015-03-12 17:53 - 2015-03-18 21:50 - 00219192 _____ () C:\Users\Marci\AppData\Roaming\Spotify\libegl.dll 2015-03-12 17:53 - 2015-03-18 21:50 - 09305656 _____ () C:\Users\Marci\AppData\Roaming\Spotify\pdf.dll 2015-03-12 17:53 - 2015-03-18 21:50 - 00990776 _____ () C:\Users\Marci\AppData\Roaming\Spotify\ffmpegsumo.dll 2014-12-04 22:12 - 2013-11-12 12:44 - 00187920 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marci\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-1586699263-1730969920-3125584917-500 - Administrator - Disabled) Gast (S-1-5-21-1586699263-1730969920-3125584917-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-1586699263-1730969920-3125584917-1002 - Limited - Enabled) Marci (S-1-5-21-1586699263-1730969920-3125584917-1000 - Administrator - Enabled) => C:\Users\Marci postgres (S-1-5-21-1586699263-1730969920-3125584917-1006 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Bluetooth Module Description: Bluetooth Module Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Atheros Communications Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (04/14/2015 04:36:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Avira.OE.Systray.exe, Version: 1.1.27.25537, Zeitstempel: 0x546de872 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86 Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000c42d ID des fehlerhaften Prozesses: 0x1438 Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Systray.exe0 Pfad der fehlerhaften Anwendung: Avira.OE.Systray.exe1 Pfad des fehlerhaften Moduls: Avira.OE.Systray.exe2 Berichtskennung: Avira.OE.Systray.exe3 Error: (04/14/2015 04:36:27 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.Systray.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException Stapel: bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef) bei System.Configuration.BaseConfigurationRecord.GetSection(System.String) bei System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String) bei System.Configuration.ConfigurationManager.get_AppSettings() bei Avira.OE.WinCore.OeProductInfo.get_Culture() bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings() bei Avira.OE.Systray.Program.Main(System.String[]) Error: (04/14/2015 04:32:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.ServiceHost.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.TypeInitializationException Stapel: bei NLog.Common.InternalLogger.Debug(System.String, System.Object[]) bei NLog.LogFactory.get_Configuration() bei NLog.LogFactory.GetLogger(LoggerCacheKey) bei NLog.LogFactory.GetLogger(System.String) bei NLog.LogManager.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/14/2015 04:32:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.ServiceHost.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.TypeInitializationException Stapel: bei NLog.Common.InternalLogger.Debug(System.String, System.Object[]) bei NLog.LogFactory.get_Configuration() bei NLog.LogFactory.GetLogger(LoggerCacheKey) bei NLog.LogFactory.GetLogger(System.String) bei NLog.LogManager.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/14/2015 04:31:45 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (04/14/2015 04:31:45 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (04/14/2015 04:31:45 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] Error: (04/14/2015 04:31:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.ServiceHost.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.TypeInitializationException Stapel: bei NLog.Common.InternalLogger.Debug(System.String, System.Object[]) bei NLog.LogFactory.get_Configuration() bei NLog.LogFactory.GetLogger(LoggerCacheKey) bei NLog.LogFactory.GetLogger(System.String) bei NLog.LogManager.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/14/2015 04:31:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: ASUSG74) Description: Sie konnten nicht angemeldet werden, da das lokal gespeicherte Profil nicht geladen werden konnte. Überprüfen Sie, ob eine Netzwerkverbindung besteht und das Netzwerk ordnungsgemäß funktioniert. Details - Das System kann den angegebenen Pfad nicht finden. Error: (04/14/2015 04:31:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: ASUSG74) Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren. System errors: ============= Error: (04/14/2015 04:32:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert. Error: (04/14/2015 04:32:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/14/2015 04:31:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/14/2015 04:31:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (04/14/2015 04:31:42 PM) (Source: Service Control Manager) (EventID: 7005) (User: ) Description: Der Aufruf "LoadUserProfile" ist aufgrund folgenden Fehlers fehlgeschlagen: %%3 Error: (04/14/2015 03:33:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert. Error: (04/14/2015 03:33:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/14/2015 03:33:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/14/2015 03:33:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (04/14/2015 03:33:10 PM) (Source: Service Control Manager) (EventID: 7005) (User: ) Description: Der Aufruf "LoadUserProfile" ist aufgrund folgenden Fehlers fehlgeschlagen: %%3 Microsoft Office Sessions: ========================= Error: (04/14/2015 04:36:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Avira.OE.Systray.exe1.1.27.25537546de872KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d143801d076bfbb869a3bC:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exeC:\Windows\syswow64\KERNELBASE.dlla278f679-e2b3-11e4-bd17-5404a64be8ae Error: (04/14/2015 04:36:27 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.Systray.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException Stapel: bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef) bei System.Configuration.BaseConfigurationRecord.GetSection(System.String) bei System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String) bei System.Configuration.ConfigurationManager.get_AppSettings() bei Avira.OE.WinCore.OeProductInfo.get_Culture() bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings() bei Avira.OE.Systray.Program.Main(System.String[]) Error: (04/14/2015 04:32:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.ServiceHost.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.TypeInitializationException Stapel: bei NLog.Common.InternalLogger.Debug(System.String, System.Object[]) bei NLog.LogFactory.get_Configuration() bei NLog.LogFactory.GetLogger(LoggerCacheKey) bei NLog.LogFactory.GetLogger(System.String) bei NLog.LogManager.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/14/2015 04:32:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.ServiceHost.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.TypeInitializationException Stapel: bei NLog.Common.InternalLogger.Debug(System.String, System.Object[]) bei NLog.LogFactory.get_Configuration() bei NLog.LogFactory.GetLogger(LoggerCacheKey) bei NLog.LogFactory.GetLogger(System.String) bei NLog.LogManager.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/14/2015 04:31:45 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (04/14/2015 04:31:45 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (04/14/2015 04:31:45 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] Error: (04/14/2015 04:31:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.ServiceHost.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.TypeInitializationException Stapel: bei NLog.Common.InternalLogger.Debug(System.String, System.Object[]) bei NLog.LogFactory.get_Configuration() bei NLog.LogFactory.GetLogger(LoggerCacheKey) bei NLog.LogFactory.GetLogger(System.String) bei NLog.LogManager.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/14/2015 04:31:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: ASUSG74) Description: Das System kann den angegebenen Pfad nicht finden. Error: (04/14/2015 04:31:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: ASUSG74) Description: ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz Percentage of memory in use: 34% Total physical RAM: 8169.16 MB Available physical RAM: 5339.38 MB Total Pagefile: 16336.52 MB Available Pagefile: 13052.44 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:95.39 GB) (Free:13.11 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Games) (Fixed) (Total:118.08 GB) (Free:4.32 GB) NTFS Drive e: (Sonstiges) (Fixed) (Total:349.3 GB) (Free:274.56 GB) NTFS Drive f: (SDATA2) (Fixed) (Total:349.33 GB) (Free:123.84 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: E3102A4B) Partition 1: (Not Active) - (Size=25 GB) - (Type=1C) Partition 2: (Active) - (Size=95.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=118.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 698.6 GB) (Disk ID: BBC58B91) Partition 1: (Not Active) - (Size=349.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=349.3 GB) - (Type=07 NTFS) ==================== End Of Log ============================ lg Marcel M. |
14.04.2015, 16:48 | #2 |
/// the machine /// TB-Ausbilder | Windows 7: Ungültiges Bild (error) VC32LO hi,
__________________Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ |
14.04.2015, 18:47 | #3 |
| Windows 7: Ungültiges Bild (error) VC32LO Stand:
__________________- Ask Toolbar konnte Ich entfernen - Avira SearchFree... konnte Ich nicht finden im Revo - Bei Search Protect musste ich laut Revo meinen Rechner neustarten, was ich getan habe, um die letzten Dateien zu löschen. Nach dem Neustart war Search Protect immer noch zu finden. Ich wiederholte diesen Vorgang nochma, erfolgslos. - Ich startet ComboFix, das Programm löschte Search Protect (Stand im Fenster) und wollte dannach meinen Rechner neustarten, ich musste entscheiden vorm Neustart ob ich ein Windows- und Software Backup machen will, da ich es nicht besser wusste, klickte ich für beides Nein. -PC Startete Neu und blieb stehen bei Bitte Warten... (war ich zu voreilig?) Ich beendete ComboFix mit (X) schließen und war dann aufm Desktop. -Die ganzen Fenster mit dem Fehler VC32LO.. musste ich wieder wegklicken. ComboFix Log Code:
ATTFilter ComboFix 15-04-09.01 - Marci 14.04.2015 18:13:43.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8169.4949 [GMT 2:00] ausgeführt von:: C:\Users\Marci\Desktop\ComboFix.exe AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} EDIT: erneuerter Stand: - Ich habe die Windows Firewall, Avira und Netzwerkverbindungen deaktiviert, und dann nochmals ComboFix durchlaufen lassen und siehe da, es klappte auf anhieb. - Windows startete und es konnte eine Logdatei erstellt werden, Log.txt öffnete sich automatische nach dem ComboFix fertig war. Der Ordner C:/ComboFix, wo ich eigentlich die ComboFix.txt finden sollte, ist jedoch kompett leer. Zusätzlich befindet sich jetzt auf allen Festplatten ein Ordner namens '$RECYCLE.BIN' (jedoch auch leer) - Beim Windowsstart keine nervigen VC32LO.. Fenster mehr. LOG.txt Code:
ATTFilter ComboFix 15-04-09.01 - Marci 14.04.2015 19:30:57.3.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8169.5937 [GMT 2:00] ausgeführt von:: c:\users\Marci\Desktop\ComboFix.exe AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\SearchProtect c:\program files (x86)\SearchProtect\Main\bin\sptool.dll_1429018265562 c:\program files (x86)\SearchProtect\Main\bin\uninstall.exe c:\program files (x86)\SearchProtect\Main\bin\uninstall.pun c:\program files (x86)\SearchProtect\Main\rep\cfi.bin c:\program files (x86)\SearchProtect\Main\rep\edk.bin c:\program files (x86)\SearchProtect\Main\rep\pni.bin c:\program files (x86)\SearchProtect\Main\rep\SystemRepository.dat c:\program files (x86)\SearchProtect\Main\rep\trn.bin c:\program files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe c:\program files (x86)\SearchProtect\SearchProtect\bin\RN32.dll c:\program files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe c:\program files (x86)\SearchProtect\SearchProtect\bin\VC32.dll c:\program files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll c:\program files (x86)\SearchProtect\SearchProtect\bin\VC64.dll c:\program files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll c:\program files (x86)\SearchProtect\UI\bin\cltmngui.exe c:\program files (x86)\SearchProtect\UI\dialogs\Consent\consent.css c:\program files (x86)\SearchProtect\UI\dialogs\Consent\consent.html c:\program files (x86)\SearchProtect\UI\dialogs\Consent\consent.js c:\program files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\text-field.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\v.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\x.png c:\program files (x86)\SearchProtect\UI\dialogs\libs\defaults.js c:\program files (x86)\SearchProtect\UI\dialogs\libs\DialogAPI.js c:\program files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js c:\program files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js c:\program files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js c:\program files (x86)\SearchProtect\UI\dialogs\libs\main.js c:\program files (x86)\SearchProtect\UI\dialogs\protection\defaults.js c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.css c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.html c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.js c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js c:\program files (x86)\SearchProtect\UI\dialogs\settings.html c:\program files (x86)\SearchProtect\UI\dialogs\settings\defaults.js c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.css c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.html c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.js c:\program files (x86)\SearchProtect\UI\dialogs\style.css c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js c:\users\Marci\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll . ---- Vorheriger Suchlauf ------- . c:\users\Marci\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_CltMngSvc -------\Service_CltMngSvc . . ((((((((((((((((((((((( Dateien erstellt von 2015-03-14 bis 2015-04-14 )))))))))))))))))))))))))))))) . . 2015-04-14 17:34 . 2015-04-14 17:34 -------- d-----w- c:\users\postgres\AppData\Local\temp 2015-04-14 15:54 . 2015-04-14 15:54 -------- d-----w- c:\program files (x86)\VS Revo Group 2015-04-14 14:44 . 2015-04-14 14:46 -------- d-----w- C:\FRST 2015-04-14 13:31 . 2015-04-14 13:31 -------- d-----w- c:\users\Marci\AppData\Local\avaavaevy 2015-04-14 13:30 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7262C7FB-66CB-4862-86EC-C8B9706F7CBB}\mpengine.dll 2015-04-05 01:00 . 2015-04-05 01:00 -------- d-s---w- c:\windows\SysWow64\GWX 2015-04-05 01:00 . 2015-04-05 01:00 -------- d-s---w- c:\windows\system32\GWX 2015-03-26 14:08 . 2015-03-26 14:08 -------- d-----w- c:\users\Marci\AppData\Local\Bohemia_Interactive 2015-03-26 14:08 . 2015-04-09 17:47 -------- d-----w- c:\users\Marci\AppData\Local\Arma 3 Launcher 2015-03-25 15:10 . 2015-03-11 04:06 677888 ----a-w- c:\windows\system32\generaltel.dll 2015-03-25 15:10 . 2015-03-11 04:06 760832 ----a-w- c:\windows\system32\invagent.dll 2015-03-25 15:10 . 2015-03-11 04:06 943616 ----a-w- c:\windows\system32\appraiser.dll 2015-03-25 15:10 . 2015-03-11 04:05 30720 ----a-w- c:\windows\system32\acmigration.dll 2015-03-25 15:10 . 2015-03-11 04:02 1107456 ----a-w- c:\windows\system32\aeinv.dll 2015-03-25 15:10 . 2015-03-11 04:06 414720 ----a-w- c:\windows\system32\devinv.dll 2015-03-25 15:10 . 2015-03-11 04:05 227328 ----a-w- c:\windows\system32\aepdu.dll 2015-03-25 15:10 . 2015-03-11 04:05 192000 ----a-w- c:\windows\system32\aepic.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-04-14 17:26 . 2013-10-31 16:41 380 ----a-w- c:\users\Marci\AppData\Roaming\sp_data.sys 2015-04-12 08:34 . 2015-04-14 13:31 223504 ----a-w- c:\windows\apppatch\nbin\VC32Loader.dll 2015-04-12 08:34 . 2015-04-12 08:34 263952 ----a-w- c:\windows\apppatch\AppPatch64\VCLdr64.dll 2015-03-11 18:53 . 2012-04-07 12:36 122905848 ----a-w- c:\windows\system32\MRT.exe 2015-03-10 16:38 . 2013-08-16 09:03 44088 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2015-03-10 16:38 . 2013-08-16 09:03 132120 ----a-w- c:\windows\system32\drivers\avipbb.sys 2015-03-10 16:38 . 2013-08-16 09:03 128536 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2015-03-06 05:56 . 2015-03-11 15:07 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2015-03-06 05:56 . 2015-03-11 15:07 155576 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2015-03-06 05:42 . 2015-03-11 15:07 210944 ----a-w- c:\windows\system32\wdigest.dll 2015-03-06 05:42 . 2015-03-11 15:07 86528 ----a-w- c:\windows\system32\TSpkg.dll 2015-03-06 05:42 . 2015-03-11 15:07 29184 ----a-w- c:\windows\system32\sspisrv.dll 2015-03-06 05:42 . 2015-03-11 15:07 136192 ----a-w- c:\windows\system32\sspicli.dll 2015-03-06 05:42 . 2015-03-11 15:07 341504 ----a-w- c:\windows\system32\schannel.dll 2015-03-06 05:42 . 2015-03-11 15:07 28160 ----a-w- c:\windows\system32\secur32.dll 2015-03-06 05:42 . 2015-03-11 15:07 314880 ----a-w- c:\windows\system32\msv1_0.dll 2015-03-06 05:42 . 2015-03-11 15:07 309760 ----a-w- c:\windows\system32\ncrypt.dll 2015-03-06 05:42 . 2015-03-11 15:07 728064 ----a-w- c:\windows\system32\kerberos.dll 2015-03-06 05:42 . 2015-03-11 15:07 1461760 ----a-w- c:\windows\system32\lsasrv.dll 2015-03-06 05:42 . 2015-03-11 15:07 22016 ----a-w- c:\windows\system32\credssp.dll 2015-03-06 05:41 . 2015-03-11 15:07 31232 ----a-w- c:\windows\system32\lsass.exe 2015-03-06 05:41 . 2015-03-11 15:07 64000 ----a-w- c:\windows\system32\auditpol.exe 2015-03-06 05:39 . 2015-03-11 15:07 60416 ----a-w- c:\windows\system32\msobjs.dll 2015-03-06 05:38 . 2015-03-11 15:07 146432 ----a-w- c:\windows\system32\msaudite.dll 2015-03-06 05:36 . 2015-03-11 15:07 686080 ----a-w- c:\windows\system32\adtschema.dll 2015-03-06 05:10 . 2015-03-11 15:07 172032 ----a-w- c:\windows\SysWow64\wdigest.dll 2015-03-06 05:10 . 2015-03-11 15:07 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll 2015-03-06 05:10 . 2015-03-11 15:07 248832 ----a-w- c:\windows\SysWow64\schannel.dll 2015-03-06 05:10 . 2015-03-11 15:07 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2015-03-06 05:10 . 2015-03-11 15:07 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll 2015-03-06 05:10 . 2015-03-11 15:07 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll 2015-03-06 05:10 . 2015-03-11 15:07 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2015-03-06 05:10 . 2015-03-11 15:07 17408 ----a-w- c:\windows\SysWow64\credssp.dll 2015-03-06 05:09 . 2015-03-11 15:07 50176 ----a-w- c:\windows\SysWow64\auditpol.exe 2015-03-06 05:09 . 2015-03-11 15:07 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2015-03-06 05:07 . 2015-03-11 15:07 60416 ----a-w- c:\windows\SysWow64\msobjs.dll 2015-03-06 05:07 . 2015-03-11 15:07 146432 ----a-w- c:\windows\SysWow64\msaudite.dll 2015-03-06 05:06 . 2015-03-11 15:07 686080 ----a-w- c:\windows\SysWow64\adtschema.dll 2015-02-26 03:25 . 2015-03-11 15:07 3204096 ----a-w- c:\windows\system32\win32k.sys 2015-02-24 03:17 . 2012-02-08 16:48 295552 ------w- c:\windows\system32\MpSigStub.exe 2015-02-24 03:15 . 2015-03-11 15:07 389800 ----a-w- c:\windows\system32\iedkcs32.dll 2015-02-21 01:16 . 2015-03-11 15:07 25021440 ----a-w- c:\windows\system32\mshtml.dll 2015-02-20 23:58 . 2015-03-11 15:07 92160 ----a-w- c:\windows\system32\mshtmled.dll 2015-02-20 04:41 . 2015-03-11 15:07 41984 ----a-w- c:\windows\system32\lpk.dll 2015-02-20 04:40 . 2015-03-11 15:07 100864 ----a-w- c:\windows\system32\fontsub.dll 2015-02-20 04:40 . 2015-03-11 15:07 14336 ----a-w- c:\windows\system32\dciman32.dll 2015-02-20 04:40 . 2015-03-11 15:07 46080 ----a-w- c:\windows\system32\atmlib.dll 2015-02-20 04:13 . 2015-03-11 15:07 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2015-02-20 04:13 . 2015-03-11 15:07 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2015-02-20 04:13 . 2015-03-11 15:07 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2015-02-20 04:12 . 2015-03-11 15:07 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2015-02-20 03:29 . 2015-03-11 15:07 372224 ----a-w- c:\windows\system32\atmfd.dll 2015-02-20 03:09 . 2015-03-11 15:07 299008 ----a-w- c:\windows\SysWow64\atmfd.dll 2015-02-20 03:06 . 2015-03-11 15:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2015-02-20 03:05 . 2015-03-11 15:07 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2015-02-20 02:50 . 2015-03-11 15:07 66560 ----a-w- c:\windows\system32\iesetup.dll 2015-02-20 02:49 . 2015-03-11 15:07 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2015-02-20 02:49 . 2015-03-11 15:07 584192 ----a-w- c:\windows\system32\vbscript.dll 2015-02-20 02:48 . 2015-03-11 15:07 2886144 ----a-w- c:\windows\system32\iertutil.dll 2015-02-20 02:47 . 2015-03-11 15:07 88064 ----a-w- c:\windows\system32\MshtmlDac.dll 2015-02-20 02:41 . 2015-03-11 15:07 54784 ----a-w- c:\windows\system32\jsproxy.dll 2015-02-20 02:40 . 2015-03-11 15:07 34304 ----a-w- c:\windows\system32\iernonce.dll 2015-02-20 02:36 . 2015-03-11 15:07 633856 ----a-w- c:\windows\system32\ieui.dll 2015-02-20 02:35 . 2015-03-11 15:07 144384 ----a-w- c:\windows\system32\ieUnatt.exe 2015-02-20 02:35 . 2015-03-11 15:07 114688 ----a-w- c:\windows\system32\ieetwcollector.exe 2015-02-20 02:34 . 2015-03-11 15:07 814080 ----a-w- c:\windows\system32\jscript9diag.dll 2015-02-20 02:32 . 2015-03-11 15:07 6035456 ----a-w- c:\windows\system32\jscript9.dll 2015-02-20 02:26 . 2015-03-11 15:07 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2015-02-20 02:22 . 2015-03-11 15:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2015-02-20 02:22 . 2015-03-11 15:07 490496 ----a-w- c:\windows\system32\dxtmsft.dll 2015-02-20 02:13 . 2015-03-11 15:07 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2015-02-20 02:09 . 2015-03-11 15:07 503296 ----a-w- c:\windows\SysWow64\vbscript.dll 2015-02-20 02:08 . 2015-03-11 15:07 62464 ----a-w- c:\windows\SysWow64\iesetup.dll 2015-02-20 02:08 . 2015-03-11 15:07 199680 ----a-w- c:\windows\system32\msrating.dll 2015-02-20 02:08 . 2015-03-11 15:07 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2015-02-20 02:06 . 2015-03-11 15:07 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2015-02-20 02:05 . 2015-03-11 15:07 316928 ----a-w- c:\windows\system32\dxtrans.dll 2015-02-20 01:56 . 2015-03-11 15:07 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2015-02-20 01:56 . 2015-03-11 15:07 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2015-02-20 01:49 . 2015-03-11 15:07 718848 ----a-w- c:\windows\system32\ie4uinit.exe 2015-02-20 01:49 . 2015-03-11 15:07 801280 ----a-w- c:\windows\system32\msfeeds.dll 2015-02-20 01:47 . 2015-03-11 15:07 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll 2015-02-20 01:46 . 2015-03-11 15:07 2125824 ----a-w- c:\windows\system32\inetcpl.cpl 2015-02-20 01:43 . 2015-03-11 15:07 14398976 ----a-w- c:\windows\system32\ieframe.dll 2015-02-20 01:41 . 2015-03-11 15:07 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2015-02-20 01:30 . 2015-03-11 15:07 4300288 ----a-w- c:\windows\SysWow64\jscript9.dll 2015-02-20 01:28 . 2015-03-11 15:07 2358784 ----a-w- c:\windows\system32\wininet.dll 2015-02-20 01:24 . 2015-03-11 15:07 2052608 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2015-02-20 01:23 . 2015-03-11 15:07 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2015-02-20 01:16 . 2015-03-11 15:07 1548288 ----a-w- c:\windows\system32\urlmon.dll 2015-02-20 01:03 . 2015-03-11 15:07 800768 ----a-w- c:\windows\system32\ieapfltr.dll 2015-02-20 01:01 . 2015-03-11 15:07 1888256 ----a-w- c:\windows\SysWow64\wininet.dll 2015-02-13 05:22 . 2015-03-11 15:07 14177280 ----a-w- c:\windows\system32\shell32.dll 2015-02-05 21:01 . 2015-02-11 11:30 969872 ----a-w- c:\windows\system32\NvIFR64.dll 2015-02-05 21:01 . 2015-02-11 11:30 943760 ----a-w- c:\windows\system32\NvFBC64.dll 2015-02-05 21:01 . 2015-02-11 11:30 929936 ----a-w- c:\windows\SysWow64\NvIFR.dll 2015-02-05 21:01 . 2015-02-11 11:30 908104 ----a-w- c:\windows\SysWow64\NvFBC.dll 2015-02-05 21:01 . 2015-02-11 11:30 3610768 ----a-w- c:\windows\system32\nvcuvid.dll 2015-02-05 21:01 . 2015-02-11 11:30 3247248 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2015-02-05 21:01 . 2015-02-11 11:30 32106640 ----a-w- c:\windows\system32\nvoglv64.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2015-02-11 01:12 152544 ----a-w- c:\users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2015-02-11 01:12 152544 ----a-w- c:\users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2015-02-11 01:12 152544 ----a-w- c:\users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2015-04-13 2889408] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720] "Spotify Web Helper"="c:\users\Marci\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-04-14 2018360] "Spotify"="c:\users\Marci\AppData\Roaming\Spotify\Spotify.exe" [2015-04-14 7112248] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-10-19 3331312] "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-12-19 3058304] "THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-03-17 909312] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2011-04-01 84464] "VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-04-08 45448] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-20 107816] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720] "DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2012-01-14 248832] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-06 102568] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072] "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616] "FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2012-07-19 48128] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-04-07 726320] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-01 152392] "Tarantula"="c:\program files (x86)\Razer\Tarantula\razerhid.exe" [2007-05-07 159744] "PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2013-06-18 112424] "DT BEN"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2013-11-12 122384] "Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-11-20 126200] . c:\users\Marci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Marci\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-4-2 43382072] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-10-19 549040] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x] R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x] R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x] R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys;c:\windows\SYSNATIVE\DRIVERS\ESLvnic.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x] R3 SPPD;SPPD;c:\windows\system32\drivers\SPPD.sys;c:\windows\SYSNATIVE\drivers\SPPD.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys;c:\windows\SYSNATIVE\drivers\ESLWireACD.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x] S2 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [x] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x] S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x] S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x] S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w;c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe;c:\expressgateutil\VAWinService.exe [x] S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys;c:\windows\SYSNATIVE\drivers\danew.sys [x] S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x] S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x] S3 TarFltr;Razer Tarantula USB Keyboard;c:\windows\system32\drivers\UsbFltr.sys;c:\windows\SYSNATIVE\drivers\UsbFltr.sys [x] S3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2015-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-23 14:45] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2015-02-11 01:12 185824 ----a-w- c:\users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2015-02-11 01:12 185824 ----a-w- c:\users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2015-02-11 01:12 185824 ----a-w- c:\users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2015-02-11 01:12 185824 ----a-w- c:\users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552] "IntelTBRunOnce"="wscript.exe" [2013-10-12 168960] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE mDefault_Search_URL = https://safesearch.avira.com/ mDefault_Page_URL = https://safesearch.avira.com/ mStart Page = https://safesearch.avira.com/ mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = https://safesearch.avira.com/ uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\ FF - prefs.js: browser.search.selectedEngine - Trovi FF - prefs.js: browser.startup.homepage - hxxps://www.youtube.com/ FF - ExtSQL: !HIDDEN! 2013-01-19 13:24; firejump@firejump.net; c:\users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\extensions\firejump@firejump.net FF - user.js: extensions.zonealarm.hpOld0 - hxxp://www.youtube.com/ FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=f60c5738ab20483ca9db24efbf9139dc&tu=11Jiy00F01D13P0&sku=&tstsId=&ver=&&q= FF - user.js: extensions.zonealarm.id - 008edbb00000000000005404a64be8ae FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84} FF - user.js: extensions.zonealarm.instlDay - 16270 FF - user.js: extensions.zonealarm.vrsn - 1.8.29.17 FF - user.js: extensions.zonealarm.vrsni - 1.8.29.17 FF - user.js: extensions.zonealarm.vrsnTs - 1.8.29.1714:06 FF - user.js: extensions.zonealarm.prtnrId - checkpoint FF - user.js: extensions.zonealarm.prdct - zonealarm FF - user.js: extensions.zonealarm.aflt - 5066 FF - user.js: extensions.zonealarm.smplGrp - NewUSR FF - user.js: extensions.zonealarm.tlbrId - HFA5 FF - user.js: extensions.zonealarm.instlRef - ZLN124008307648528-5066 FF - user.js: extensions.zonealarm.dfltLng - DE FF - user.js: extensions.zonealarm.excTlbr - false FF - user.js: extensions.zonealarm.ffxUnstlRst - false FF - user.js: extensions.zonealarm.admin - false FF - user.js: extensions.zonealarm.autoRvrt - false FF - user.js: extensions.zonealarm.rvrt - false FF - user.js: extensions.zonealarm.hmpg - true FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=DE&gu=f60c5738ab20483ca9db24efbf9139dc&tu=11Jiy00F01D13P0&sku=&tstsId=&ver=& FF - user.js: extensions.zonealarm.dfltSrch - true FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=DE&gu=f60c5738ab20483ca9db24efbf9139dc&tu=11Jiy00F01D13P0&sku=&tstsId=&ver=&&q= FF - user.js: extensions.zonealarm.dnsErr - true FF - user.js: extensions.zonealarm.newTab - true FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=DE&gu=f60c5738ab20483ca9db24efbf9139dc&tu=11Jiy00F01D13P0&sku=&tstsId=&ver=& . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-PriceMeterW - c:\users\Marci\AppData\Local\PriceMeter\pricemeterw.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe AddRemove-BattlEye for A2 - e:\steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe AddRemove-Guild Wars 2 - c:\program files (x86)\Guild Wars 2\Gw2.exe AddRemove-HoldemManager2 - c:\program files (x86)\Holdem Manager 2\UninstallHoldemManager.exe AddRemove-PokerRoom Home Game Organizer - c:\program files (x86)\PokerRoom Home Game Organizer\PokerRoom Home Game Organizer.exe AddRemove-PunkBusterSvc - c:\program files (x86)\Origin Games\BFH Beta\pbsvc.exe AddRemove-SearchProtect - c:\progra~2\SearchProtect\Main\bin\uninstall.exe AddRemove-{E31045B4-9DB5-44DF-9EBD-BD4CFDE640FD}_is1 - c:\program files (x86)\DayZLauncher\unins000.exe AddRemove-TeamSpeak 3 Client - c:\users\Marci\AppData\Local\TeamSpeak 3 Client\uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4] "ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4] "ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.16" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*] "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe c:\program files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe c:\windows\SysWOW64\PnkBstrA.exe c:\postgresql\bin\pg_ctl.exe c:\postgresql\bin\postgres.exe c:\postgresql\bin\postgres.exe c:\postgresql\bin\postgres.exe c:\postgresql\bin\postgres.exe c:\postgresql\bin\postgres.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe . ************************************************************************** . Zeit der Fertigstellung: 2015-04-14 19:36:45 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2015-04-14 17:36 . Vor Suchlauf: 14 Verzeichnis(se), 15.892.910.080 Bytes frei Nach Suchlauf: 21 Verzeichnis(se), 15.692.406.784 Bytes frei . - - End Of File - - 8F2C209C52DA03BAB51F6EBA99463E05 |
15.04.2015, 09:44 | #4 |
/// the machine /// TB-Ausbilder | Windows 7: Ungültiges Bild (error) VC32LO Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.04.2015, 15:38 | #5 |
| neuerstand Hey, alles gekappt soweit. Außer das ich jetzt schon 2x probiert habe diese Nachricht zu schreiben und 2x ein Bluescreen bekommen habe (Shut Down..) Und dann startete der Rechner neu. Hier die Log's: mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 15.04.2015 Suchlauf-Zeit: 16:09:19 Logdatei: mbam.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.04.15.05 Rootkit Datenbank: v2015.03.31.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Marci Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 376553 Verstrichene Zeit: 7 Min, 7 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 66 PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickCtrl.9, In Quarantäne, [edf468043b4f5cda406eaa59ec180af6], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine, In Quarantäne, [41a0402cd7b3b482f0be34cfa85cf10f], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0, In Quarantäne, [8a574824f9915fd765497c8727ddfb05], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.Update3WebControl.3, In Quarantäne, [36ab7eee117978bec8e5729108fcfe02], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync, In Quarantäne, [ba27f973d7b396a0e6c836cd47bd51af], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0, In Quarantäne, [479aee7e2367cb6bbfefe023867e51af], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass, In Quarantäne, [4b96c5a7beccae88822ce61d91735aa6], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass.1, In Quarantäne, [439eec802367b680b7f7ba49d3314bb5], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass, In Quarantäne, [10d1dd8fe6a49f97595515ee669ea55b], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass.1, In Quarantäne, [627fcf9d840630066a440af90400a65a], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine, In Quarantäne, [d8095517aedc94a2dcd2c83b16eeba46], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0, In Quarantäne, [eaf7fb7192f865d1c7e7ed16c83c3dc3], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine, In Quarantäne, [3ba64e1e632787af1e90fb08040052ae], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [1dc4511be1a914220ca2d92a8b79629e], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [4c958fdd97f368cebfef976c4db7e51b], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [dc0586e6f09aae88bfefa75cdd27d828], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc, In Quarantäne, [d90880ec3555a195b5f9ca3958ac35cb], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [a1400864632776c0525ce91a25df38c8], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher, In Quarantäne, [13ce85e7008a77bfffaf9f64040011ef], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0, In Quarantäne, [9b46ef7dcebcf34300ae57acbc48c838], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService, In Quarantäne, [ca177cf0068492a47f2f748f36cef010], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0, In Quarantäne, [598895d7eb9f7db999151de6907426da], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine, In Quarantäne, [27ba58144248f2443c72ae556e967b85], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0, In Quarantäne, [3aa7bbb16f1bf93de5c936cda06440c0], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback, In Quarantäne, [27ba511b4b3fa195426c1ae9d72def11], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [934e125a4b3f5bdb5b53ac57fc0858a8], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc, In Quarantäne, [70710d5f068483b3bef0dc276d9730d0], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0, In Quarantäne, [df02402c2b5fa3939f0f3bc853b13dc3], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [bd24511b78121125d3f672d6a85dd32d], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantäne, [06dbcaa2cac02e08e4e4bc8c2adbc53b], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPlyLive, In Quarantäne, [36ab303c8ffb8da9a094899e08fdb947], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\PriceMeterLiveUpdate, In Quarantäne, [0ad7620a99f19d99d9cc22afc241c040], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickCtrl.9, In Quarantäne, [954ce7858efc59dd961812f13ec6e41c], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine, In Quarantäne, [13ce6ffde0aa033303ab20e31fe532ce], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0, In Quarantäne, [cb168fdde1a957dfdcd2d72cdd271ee2], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.Update3WebControl.3, In Quarantäne, [7f6290dca6e41026f1bcdf24e024f709], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync, In Quarantäne, [08d9e884a1e9a78fbcf2b0530ff5867a], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0, In Quarantäne, [a23f5c10b4d66dc9dcd2eb18e51fed13], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass, In Quarantäne, [c918323ab1d91e188925758ed62ea15f], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass.1, In Quarantäne, [9948600c17731026911d2cd75aaa5ea2], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass, In Quarantäne, [fae7ec8067231a1cc8e6f60dd0343dc3], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass.1, In Quarantäne, [b72a89e30d7d1a1c812d22e131d3e51b], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine, In Quarantäne, [bf22ee7e7e0cc96d4a64e61dd52fa55b], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0, In Quarantäne, [02df26461773d95d2f7f1ce76e966d93], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine, In Quarantäne, [c51ce08c1b6f290d446a57ac1be950b0], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [39a83f2dc5c5a98db4fa18ebaa5a3dc3], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [944d4d1f206a3afcaa0463a0f90bec14], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [8c55ea82f694ee489b13f31012f27e82], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc, In Quarantäne, [a63b93d9b3d7c96d218d33d02dd7c43c], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [e5fcb7b53d4d2313109e1fe43aca946c], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher, In Quarantäne, [a43d204c4f3bcb6b4569eb18f2123ec2], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0, In Quarantäne, [4a97c2aa8703c175614db74ca85c52ae], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService, In Quarantäne, [548dacc02b5f66d0703e946f32d2768a], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0, In Quarantäne, [a53c9ad24c3e0a2cdcd2f310eb199c64], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine, In Quarantäne, [34ad0369b1d91b1b8c220ff45ba96b95], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0, In Quarantäne, [d50cc7a5008ad3634a64966d35cf5aa6], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback, In Quarantäne, [637e74f8c5c566d02c8235ce8282a759], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [8f52d993216916208529ae556c9858a8], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc, In Quarantäne, [bb263636a3e7320468465ea51ee67c84], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0, In Quarantäne, [19c8bbb12a6084b22a8412f1b153d729], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3, In Quarantäne, [7d640e5eb8d26bcbc7dbeee34bb8738d], PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9, In Quarantäne, [954c6a02276370c6f1b18a4724dff808], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, In Quarantäne, [d50c6606e2a8142280925a96ca3927d9], PUP.Optional.ConduitSearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, In Quarantäne, [e6fb432995f53501f3fea37f32d3b24e], PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, In Quarantäne, [8d54c8a4d0ba91a58d7bca2014efa858], PUP.Optional.PriceMeter.A, HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\SOFTWARE\PriceMeterLiveUpdate, In Quarantäne, [647d0c6037532b0badf63a976d9645bb], Registrierungswerte: 2 PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, In Quarantäne, [d50c6606e2a8142280925a96ca3927d9] PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\Windows\system32\drivers\SPPD.sys, In Quarantäne, [8d54c8a4d0ba91a58d7bca2014efa858] Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 31 PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, In Quarantäne, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, In Quarantäne, [b72a591308823105b9167bb4d03558a8], PUP.Optional.OpenCandy, C:\Users\Marci\AppData\Roaming\OpenCandy, In Quarantäne, [ce130a621c6ea98d12a58cff93708878], PUP.Optional.OpenCandy, C:\Users\Marci\AppData\Roaming\OpenCandy\11AC8811E8004DCE80F4F8C20B1EB4E9, In Quarantäne, [ce130a621c6ea98d12a58cff93708878], PUP.Optional.OpenCandy, C:\Users\Marci\AppData\Roaming\OpenCandy\28D2FCFF79724676AA8606BD38564B8A, In Quarantäne, [ce130a621c6ea98d12a58cff93708878], PUP.Optional.OpenCandy, C:\Users\Marci\AppData\Roaming\OpenCandy\99281525AD9E4D849AC86A80E0941081, In Quarantäne, [ce130a621c6ea98d12a58cff93708878], PUP.Optional.SearchProtect.A, C:\Users\Marci\AppData\Local\SearchProtect, Löschen bei Neustart, [20c15418890141f5f8c87528f80b33cd], PUP.Optional.SearchProtect.A, C:\Users\Marci\AppData\Local\SearchProtect\SearchProtect, Löschen bei Neustart, [20c15418890141f5f8c87528f80b33cd], PUP.Optional.SearchProtect.A, C:\Users\Marci\AppData\Local\SearchProtect\SearchProtect\rep, Löschen bei Neustart, [20c15418890141f5f8c87528f80b33cd], PUP.Optional.SearchProtect.A, C:\Users\Marci\AppData\Local\SearchProtect\SearchProtect\STG, In Quarantäne, [20c15418890141f5f8c87528f80b33cd], PUP.Optional.SearchProtect.A, C:\Users\Marci\AppData\Local\SearchProtect\UI, Löschen bei Neustart, [20c15418890141f5f8c87528f80b33cd], PUP.Optional.SearchProtect.A, C:\Users\Marci\AppData\Local\SearchProtect\UI\rep, Löschen bei Neustart, [20c15418890141f5f8c87528f80b33cd], PUP.Optional.PriceMeter.A, C:\Users\Marci\AppData\Local\PriceMeterLiveUpdate, In Quarantäne, [e10075f7deac6dc97383555f4fb411ef], PUP.Optional.PriceMeter.A, C:\Users\Marci\AppData\Local\PriceMeterLiveUpdate\CrashReports, In Quarantäne, [e10075f7deac6dc97383555f4fb411ef], PUP.Optional.SearchProtect.A, C:\Users\Marci\AppData\Local\avaavaevy, In Quarantäne, [15cc1a5219712f07dc384e6c03005aa6], Dateien: 106 PUP.Optional.PriceMeter.A, C:\Users\Marci\AppData\Roaming\OpenCandy\99281525AD9E4D849AC86A80E0941081\pm.exe, In Quarantäne, [667b77f584065adc306ddebbc0418d73], PUP.Optional.SearchProtect, C:\Users\Marci\AppData\Local\avaavaevy\avaavaevy.exe, In Quarantäne, [10d12547fb8f1a1ce66550cc36cc1fe1], PUP.Optional.SearchProtect.A, C:\Users\Marci\AppData\Local\avaavaevy\pbqrmvbub, In Quarantäne, [09d8c3a954365adc48055766669bfe02], PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\VCLdr64.dll, Löschen bei Neustart, [717091db5634cf671e2f10ad649d9c64], PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\nbin\VC32Loader.dll, Löschen bei Neustart, [01e01d4fb9d160d608454d70d130e818], PUP.Optional.SearchProtect.A, C:\Windows\System32\Tasks\avaavaevy, In Quarantäne, [cb164b21b2d886b0deb16e5ae91af010], PUP.Optional.PriceMeter.A, C:\Windows\System32\Tasks\pricemeterdownloader, In Quarantäne, [3aa7d696c6c4231300bd10dcd3302fd1], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, In Quarantäne, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\cfi.bin, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\edk.bin, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\pni.bin, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\trn.bin, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.css, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.html, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.js, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\DialogAPI.js, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, Löschen bei Neustart, [b72a591308823105b9167bb4d03558a8], PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Löschen bei Neustart, [26bbe983e4a665d1d5f71a2e9273e818], PUP.Optional.OpenCandy, C:\Users\Marci\AppData\Roaming\OpenCandy\11AC8811E8004DCE80F4F8C20B1EB4E9\TuneUp2014GER15day-de-DE-p4v1.exe, In Quarantäne, [ce130a621c6ea98d12a58cff93708878], PUP.Optional.OpenCandy, C:\Users\Marci\AppData\Roaming\OpenCandy\28D2FCFF79724676AA8606BD38564B8A\zafwSetupWeb_131_211_000.exe, In Quarantäne, [ce130a621c6ea98d12a58cff93708878], PUP.Optional.SearchProtect.A, C:\Users\Marci\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Löschen bei Neustart, [20c15418890141f5f8c87528f80b33cd], PUP.Optional.SearchProtect.A, C:\Users\Marci\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, Löschen bei Neustart, [20c15418890141f5f8c87528f80b33cd], PUP.Optional.SearchProtect.A, C:\Users\Marci\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, Löschen bei Neustart, [20c15418890141f5f8c87528f80b33cd], PUP.Optional.SearchProtect.A, C:\Users\Marci\AppData\Local\avaavaevy\bahvxfk, In Quarantäne, [15cc1a5219712f07dc384e6c03005aa6], PUP.Optional.SearchProtect.A, C:\Users\Marci\AppData\Local\avaavaevy\mkfvxfk, In Quarantäne, [15cc1a5219712f07dc384e6c03005aa6], PUP.Optional.SearchProtect.A, C:\Users\Marci\AppData\Local\avaavaevy\pvpqbjobmlpfqlovvawq, In Quarantäne, [15cc1a5219712f07dc384e6c03005aa6], PUP.Optional.SearchProtect.A, C:\Users\Marci\AppData\Local\avaavaevy\qokvxfk, In Quarantäne, [15cc1a5219712f07dc384e6c03005aa6], PUP.Optional.SearchProtect.A, C:\Users\Marci\AppData\Local\avaavaevy\rfobmlpfqlovvawq, In Quarantäne, [15cc1a5219712f07dc384e6c03005aa6], PUP.Optional.SearchProtect.A, C:\Users\Marci\AppData\Local\avaavaevy\rpboobmlpfqlovvawq, In Quarantäne, [15cc1a5219712f07dc384e6c03005aa6], PUP.Optional.SearchProtect.A, C:\Users\Marci\AppData\Local\avaavaevy\ycfvxfk, In Quarantäne, [15cc1a5219712f07dc384e6c03005aa6], PUP.Optional.Trovi.A, C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3330189&octid=EB_ORIGINAL_CTID&ISID=MF4EF329C-1A7D-4430-935B-4B54A32A05A3&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SPE57B27DA-DF99-47DB-9243-3EB2C46653C2");), Ersetzt,[01e0006c4c3e1d19778f241e35d18e72] PUP.Optional.Trovi.C, C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.selectedEngine", "Trovi");), Ersetzt,[9849204cb4d67db93f8403419b6b2cd4] Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.201 - Bericht erstellt 15/04/2015 um 16:26:06 # Aktualisiert 08/04/2015 von Xplode # Datenbank : 2015-04-08.1 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64) # Benutzername : Marci - ASUSG74 # Gestarted von : C:\Users\Marci\Desktop\AdwCleaner_4.201.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Anti-phishing Domain Advisor Ordner Gelöscht : C:\ProgramData\PriceMeterLiveUpdate Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect Ordner Gelöscht : C:\Users\Marci\AppData\Local\blekkotb Ordner Gelöscht : C:\Users\Marci\AppData\Roaming\DesktopIconForAmazon [!] Ordner Gelöscht : C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\Extensions\extension@preispilot.com.xpi Ordner Gelöscht : C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\Extensions\firejump@firejump.net Datei Gelöscht : C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\Extensions\extension@preispilot.com.xpi Datei Gelöscht : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb Datei Gelöscht : C:\Windows\System32\drivers\SPPD.sys Datei Gelöscht : C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\user.js ***** [ Geplante Tasks ] ***** Task Gelöscht : pricemeterdownloader ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [extension@preispilot.com] Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [firejump@firejump.net] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1 Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{45F8961E-1314-421E-9F00-BDDE18CF8EA0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D1C6444C-CC06-4060-A486-736DEAFD9C16} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F509ADC2-B40E-470F-A7B7-45191486B5CB} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89449F37-4AB2-46ED-A566-BB3A7797701B} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D} Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F9A7C24B-42F9-4910-AF51-F43B0FC69209} Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\blekkotb Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM Schlüssel Gelöscht : HKU\.DEFAULT\Software\AskToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17689 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] -\\ Mozilla Firefox v37.0.1 (x86 de) [0lxcl8t7.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3330189&octid=EB_ORIGINAL_CTID&ISID=MF4EF329C-1A7D-4430-935B-4B54A32A05A3&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SPE57B27DA-DF99-47D[...] [0lxcl8t7.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Trovi"); [0lxcl8t7.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.zonealarm.hmpgUrl", "hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=DE&gu=f60c5738ab20483ca9db24efbf9139dc&tu=11Jiy00F01D13P0&sku=&tstsId=&ver=&"); [0lxcl8t7.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.zonealarm.kw_url", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=DE&gu=f60c5738ab20483ca9db24efbf9139dc&tu=11Jiy00F01D13P0&sku=&tstsId=&ver=&&q="); [0lxcl8t7.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.zonealarm.newTabUrl", "hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=DE&gu=f60c5738ab20483ca9db24efbf9139dc&tu=11Jiy00F01D13P0&sku=&tstsId=&ver=&"); [0lxcl8t7.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=f60c5738ab20483ca9db24efbf9139dc&tu=11Jiy00F01D13P0&sku=&tstsId=&ver=&&q="); ************************* AdwCleaner[R0].txt - [8522 Bytes] - [15/04/2015 16:24:07] AdwCleaner[S0].txt - [7898 Bytes] - [15/04/2015 16:26:06] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7957 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.5.4 (04.13.2015:1) OS: Windows 7 Home Premium x64 Ran by Marci on 15.04.2015 at 16:28:54,90 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\classes\typelib\{006ad7b2-968a-11de-88c9-5bde55d89593} ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin Successfully deleted: [Empty Folder] C:\Users\Marci\appdata\local\{7AEDE242-576D-4A19-9B72-B8CA0A1FC3CD} Successfully deleted: [Empty Folder] C:\Users\Marci\appdata\local\{A6B65DD2-5530-476A-B8B0-23D6A44FF61A} ~~~ FireFox Successfully deleted the following from C:\Users\Marci\AppData\Roaming\mozilla\firefox\profiles\0lxcl8t7.default\prefs.js user_pref(extensions.zonealarm.hmpgUrl, hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=DE&gu=f60c5738ab20483ca9db24efbf9139dc&tu=11Jiy00F01D13P0&sku=&tstsId=&ver=&); user_pref(extensions.zonealarm.kw_url, hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=DE&gu=f60c5738ab20483ca9db24efbf9139dc&tu=11Jiy00F01D13P0&sku=&tstsId=&ver=&& user_pref(extensions.zonealarm.newTabUrl, hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=DE&gu=f60c5738ab20483ca9db24efbf9139dc&tu=11Jiy00F01D13P0&sku=&tstsId=&ver=&); user_pref(extensions.zonealarm.tlbrSrchUrl, hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=f60c5738ab20483ca9db24efbf9139dc&tu=11Jiy00F01D13P0&sku=&ts Emptied folder: C:\Users\Marci\AppData\Roaming\mozilla\firefox\profiles\0lxcl8t7.default\minidumps [104 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 15.04.2015 at 16:30:53,77 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 02 Ran by Marci (administrator) on ASUSG74 on 15-04-2015 16:32:31 Running from C:\Users\Marci\Desktop Loaded Profiles: Marci (Available profiles: Marci) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2869008 2012-01-26] (Synaptics Incorporated) HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [100112 2012-01-26] (Synaptics Incorporated) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2011-10-19] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme) HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2011-12-20] (ASUS) HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909312 2011-03-17] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe [84464 2011-04-01] () HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-04-08] () HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [DeathAdder] => C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [248832 2012-01-14] () HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-06] (ASUS) HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [48128 2012-07-19] (Windows (R) Win 7 DDK provider) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) HKLM-x32\...\Run: [Tarantula] => C:\Program Files (x86)\Razer\Tarantula\razerhid.exe [159744 2007-05-07] (Razer USA Ltd.) HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [112424 2013-06-18] () HKLM-x32\...\Run: [DT BEN] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [122384 2013-11-12] (Portrait Displays, Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-06] (Acresso Corporation) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Run: [Spotify Web Helper] => C:\Users\Marci\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-14] (Spotify Ltd) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Run: [Spotify] => C:\Users\Marci\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-14] (Spotify Ltd) Startup: C:\Users\Marci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-03-22] (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-03-22] (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default FF Homepage: https://www.youtube.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] () FF Plugin-x32: @esn/esnlaunch,version=1.116.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.122.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.138.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-03-22] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation) FF Plugin HKU\S-1-5-21-1586699263-1730969920-3125584917-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-11-25] () FF Extension: Segurança do navegador Avira - C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\Extensions\abs@avira.com [2015-03-31] FF Extension: Battlefield Heroes Updater - C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\Extensions\battlefieldheroespatcher@ea.com [2012-10-01] FF Extension: MEGA - C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\Extensions\firefox@mega.co.nz.xpi [2014-12-20] FF Extension: Adblock Plus - C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-10] FF HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG) S2 AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [113840 2010-07-27] () [File not signed] S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed] S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed] S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [817536 2015-01-27] () S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-12-20] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-12-20] (Creative Labs) [File not signed] S2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2013-11-12] (Portrait Displays, Inc.) S2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2013-06-11] () S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-25] (Electronic Arts) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-18] () S2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2011-01-28] (PostgreSQL Global Development Group) [File not signed] S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-03-26] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-01-30] (ASUSTek Computer Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG) S3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [25528 2012-01-24] (Turtle Entertainment GmbH) R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [184968 2013-12-22] (<Turtle Entertainment>) R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [76584 2012-07-19] (Fresco Logic) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-01-26] (Synaptics Incorporated) R3 TarFltr; C:\Windows\System32\drivers\UsbFltr.sys [49664 2007-04-11] (Razer USA Ltd.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 16:31 - 2015-04-15 16:31 - 00000000 ____D () C:\Users\Marci\Desktop\FRST-OlderVersion 2015-04-15 16:30 - 2015-04-15 16:30 - 00001975 _____ () C:\Users\Marci\Desktop\JRT.txt 2015-04-15 16:28 - 2015-04-15 16:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ASUSG74-Windows-7-Home-Premium-(64-bit).dat 2015-04-15 16:28 - 2015-04-15 16:28 - 00000000 ____D () C:\RegBackup 2015-04-15 16:22 - 2015-04-15 16:26 - 00000000 ____D () C:\AdwCleaner 2015-04-15 16:21 - 2015-04-15 16:21 - 00033022 _____ () C:\Users\Marci\Desktop\mbam.txt 2015-04-15 16:08 - 2015-04-15 16:20 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-15 16:08 - 2015-04-15 16:08 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-04-15 16:08 - 2015-04-15 16:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-04-15 16:08 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-15 16:08 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-15 16:08 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-04-15 16:07 - 2015-04-15 16:07 - 02687136 _____ (Thisisu) C:\Users\Marci\Desktop\JRT.exe 2015-04-15 16:06 - 2015-04-15 16:07 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Marci\Desktop\mbam-setup-2.1.4.1018.exe 2015-04-15 16:06 - 2015-04-15 16:06 - 02217984 _____ () C:\Users\Marci\Desktop\AdwCleaner_4.201.exe 2015-04-14 19:36 - 2015-04-14 19:36 - 00046876 _____ () C:\ComboFix.txt 2015-04-14 19:30 - 2015-04-14 19:36 - 00000000 ____D () C:\ComboFix 2015-04-14 18:12 - 2015-04-14 19:36 - 00000000 ____D () C:\Qoobox 2015-04-14 18:12 - 2015-04-14 19:35 - 00000000 ____D () C:\Windows\erdnt 2015-04-14 18:12 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-04-14 18:12 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-04-14 18:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-04-14 18:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-04-14 18:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-04-14 18:12 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-04-14 18:12 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-04-14 18:12 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-04-14 18:09 - 2015-04-14 18:11 - 05617275 ____R (Swearware) C:\Users\Marci\Desktop\ComboFix.exe 2015-04-14 17:54 - 2015-04-14 17:54 - 00001270 _____ () C:\Users\Marci\Desktop\Revo Uninstaller.lnk 2015-04-14 17:54 - 2015-04-14 17:54 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-04-14 17:53 - 2015-04-14 17:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Marci\Desktop\revosetup95.exe 2015-04-14 16:45 - 2015-04-15 16:32 - 00021978 _____ () C:\Users\Marci\Desktop\FRST.txt 2015-04-14 16:45 - 2015-04-14 16:46 - 00053843 _____ () C:\Users\Marci\Desktop\Addition.txt 2015-04-14 16:44 - 2015-04-15 16:32 - 00000000 ____D () C:\FRST 2015-04-14 16:42 - 2015-04-15 16:31 - 02097152 _____ (Farbar) C:\Users\Marci\Desktop\FRST64.exe 2015-04-05 11:31 - 2015-04-05 11:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX 2015-03-26 16:08 - 2015-04-09 19:47 - 00000000 ____D () C:\Users\Marci\AppData\Local\Arma 3 Launcher 2015-03-26 16:08 - 2015-03-26 16:08 - 00000000 ____D () C:\Users\Marci\AppData\Local\Bohemia_Interactive 2015-03-25 17:10 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-03-25 17:10 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-03-25 17:10 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-03-25 17:10 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-03-25 17:10 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-03-25 17:10 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-03-25 17:10 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-03-25 17:10 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 16:30 - 2011-12-20 01:03 - 01176913 _____ () C:\Windows\WindowsUpdate.log 2015-04-15 16:29 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-15 16:29 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-15 16:27 - 2014-03-18 21:44 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-04-15 16:27 - 2014-01-30 19:04 - 00000000 ____D () C:\Users\Marci\AppData\Local\Spotify 2015-04-15 16:27 - 2013-12-08 13:33 - 00000000 ____D () C:\Users\Marci\AppData\Local\CrashDumps 2015-04-15 16:27 - 2012-09-23 23:01 - 00000000 ___RD () C:\Users\Marci\Dropbox 2015-04-15 16:27 - 2012-09-23 22:59 - 00000000 ____D () C:\Users\Marci\AppData\Roaming\Dropbox 2015-04-15 16:26 - 2014-01-30 19:02 - 00000000 ____D () C:\Users\Marci\AppData\Roaming\Spotify 2015-04-15 16:26 - 2013-10-31 18:41 - 00000380 _____ () C:\Users\Marci\AppData\Roaming\sp_data.sys 2015-04-15 16:26 - 2011-10-19 05:20 - 00637616 _____ () C:\Windows\PFRO.log 2015-04-15 16:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-15 16:26 - 2009-07-14 06:51 - 00352750 _____ () C:\Windows\setupact.log 2015-04-15 16:25 - 2011-02-19 06:24 - 00711530 _____ () C:\Windows\system32\perfh007.dat 2015-04-15 16:25 - 2011-02-19 06:24 - 00153720 _____ () C:\Windows\system32\perfc007.dat 2015-04-15 16:25 - 2009-07-14 07:13 - 01652988 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-14 19:45 - 2013-03-23 15:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-14 19:34 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2015-04-14 19:07 - 2009-07-14 04:34 - 86507520 _____ () C:\Windows\system32\config\SOFTWARE.bak 2015-04-14 19:07 - 2009-07-14 04:34 - 23592960 _____ () C:\Windows\system32\config\SYSTEM.bak 2015-04-14 19:07 - 2009-07-14 04:34 - 00946176 _____ () C:\Windows\system32\config\DEFAULT.bak 2015-04-14 19:07 - 2009-07-14 04:34 - 00061440 _____ () C:\Windows\system32\config\SAM.bak 2015-04-14 19:07 - 2009-07-14 04:34 - 00032768 _____ () C:\Windows\system32\config\SECURITY.bak 2015-04-14 18:18 - 2009-07-14 04:34 - 137101312 _____ () C:\Windows\system32\config\components.bak 2015-04-14 18:04 - 2014-01-30 19:04 - 00001808 _____ () C:\Users\Marci\Desktop\Spotify.lnk 2015-04-14 18:04 - 2014-01-30 19:04 - 00001794 _____ () C:\Users\Marci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-04-14 18:03 - 2012-03-01 23:02 - 00000000 ____D () C:\Users\Marci\AppData\Roaming\TS3Client 2015-04-14 17:17 - 2014-03-24 18:52 - 00000000 ____D () C:\Users\Marci\AppData\Local\Arma 3 2015-04-12 12:57 - 2012-09-23 22:59 - 00000000 ____D () C:\Users\Marci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-04-08 15:36 - 2012-05-08 16:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-07 15:45 - 2013-08-16 11:08 - 00000000 ____D () C:\Users\Marci\AppData\Roaming\Avira 2015-03-26 16:06 - 2014-12-11 15:18 - 00000000 ____D () C:\Windows\system32\appraiser 2015-03-26 16:06 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-03-25 17:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF ==================== Files in the root of some directories ======= 2012-03-04 16:37 - 2012-01-24 14:50 - 0168864 _____ () C:\Program Files\Common Files\WireHelpSvc.exe 2014-05-11 20:52 - 2014-05-11 20:52 - 0000282 _____ () C:\Users\Marci\AppData\Roaming\BreakingPoint_Login.ini 2014-05-10 23:03 - 2014-05-11 20:54 - 0001301 _____ () C:\Users\Marci\AppData\Roaming\BreakingPoint_Options.ini 2013-10-31 18:41 - 2015-04-15 16:26 - 0000380 _____ () C:\Users\Marci\AppData\Roaming\sp_data.sys 2014-02-26 18:41 - 2014-11-19 18:37 - 0007623 _____ () C:\Users\Marci\AppData\Local\Resmon.ResmonCfg 2011-10-19 06:26 - 2010-10-06 18:45 - 0131984 _____ () C:\ProgramData\FullRemove.exe 2011-12-20 01:18 - 2011-12-20 01:18 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2011-12-20 01:17 - 2011-12-20 01:17 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-12-20 01:17 - 2011-12-20 01:17 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some content of TEMP: ==================== C:\Users\Marci\AppData\Local\Temp\avgnt.exe C:\Users\Marci\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnpl75u.dll C:\Users\Marci\AppData\Local\Temp\Quarantine.exe C:\Users\Marci\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-14 07:47 ==================== End Of Log ============================ addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 02 Ran by Marci at 2015-04-15 16:32:50 Running from C:\Users\Marci\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\uTorrent) (Version: 3.4.2.38397 - BitTorrent Inc.) A3Launcher version 0.0.0.9 (HKLM-x32\...\{E31045B4-9DB5-9EBD-44DF-BD4CFDE640DF}_is1) (Version: 0.0.0.9 - Maca134) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead Beta (Obsolete) (HKLM-x32\...\Steam App 219540) (Version: - ) Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive) Assassin's Creed(R) III v1.03 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.03 - Ubisoft) ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS) ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0013 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.2 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.0 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0040 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.8 - ASUS) ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS) ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.) AsusScr_G74 Series_ENG (HKLM-x32\...\AsusScr_G74 Series_ENG) (Version: 1.0.0001 - ASUS) AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.7.142 - ASUSTEK) Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS) Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.4.0.0 - Electronic Arts) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts) Battlefield 4™ Beta (HKLM-x32\...\{CFAB3721-549D-4827-A4E8-7F90192114AB}) (Version: 1.0.0.0 - Electronic Arts) Battlefield™ Hardline Beta (HKLM-x32\...\{599276A7-F45D-40B1-A0B6-CF132A1CAD49}) (Version: 1.0.0.5 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - ) Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.) CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) DayZ Commander (HKLM-x32\...\{7B2CA5E9-763C-4FCE-81EE-13E81ABFE908}) (Version: 0.92.115 - Dotjosh Studios) DayZLauncher version 0.0.0.7 (HKLM-x32\...\{E31045B4-9DB5-44DF-9EBD-BD4CFDE640FD}_is1) (Version: 0.0.0.7 - Maca134) Deadtime Stories (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}) (Version: - Oberon Media) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version: - Blizzard Entertainment) Die Siedler 7 (HKLM-x32\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden Display Pilot (HKLM-x32\...\{6DD25D67-4339-47A1-950E-EEFC321CBB24}) (Version: 2.11.002 - Portrait Displays, Inc.) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Dropbox (HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.) Dying Light (HKLM-x32\...\Steam App 239140) (Version: - Techland) ESL Wire 1.17.3 (HKLM\...\ESL Wire_is1) (Version: - Turtle Entertainment GmbH) ExpressGateCloud (HKLM-x32\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 2.6.27.160 - VideACE Co.) ExpressGateCloud (x32 Version: 2.6.27.160 - VideACE Co.) Hidden Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.04 - Ubisoft) Farm Frenzy 3 - Madagascar (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119205603}) (Version: - Oberon Media) Free YouTube to MP3 Converter version 3.12.42.716 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.42.716 - DVDVideoSoft Ltd.) Fresco Logic USB3.0 Host Controller (HKLM\...\{FFF6BB59-380A-4338-AEFB-226F511C0713}) (Version: 3.5.73.0 - Fresco Logic Inc.) Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Game Park Console (HKLM-x32\...\Game Park Console) (Version: 1.2.4.431 - Oberon Media Inc.) GameFast.exe (HKLM\...\GameFast_is1) (Version: 1.0.0.1 - ASUSTEK Computer Inc) Go Go Gourmet Chef of the Year (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}) (Version: - Oberon Media) Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto) Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version: - ) iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel) iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.) Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Mahjong Memoirs (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}) (Version: - Oberon Media) Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Medal of Honor™ Warfighter (HKLM-x32\...\{48379835-BF2E-4487-9CB1-D5E654502B53}) (Version: 1.0.0.0 - Electronic Arts) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.2.0.0 - Electronic Arts) Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.) NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.) Pivot Pro Plugin (x32 Version: 9.61.004 - Portrait Displays, Inc.) Hidden Plants vs Zombies (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}) (Version: - Oberon Media) PokerClue (HKLM-x32\...\{4C48700A-1A06-4DB1-A5E5-B25520C1ED54}) (Version: 1.00.0000 - Koreleone | Software) PokerRoom Home Game Organizer (HKLM-x32\...\PokerRoom Home Game Organizer) (Version: - ) PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu) Pokerstartkapital BlindTimer v3.1 (HKLM-x32\...\Pokerstartkapital.info BlindTimer_is1) (Version: - Pokerstartkapital) PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group) Preispilot für Firefox (HKLM-x32\...\{0D8E6567-7082-48DB-A305-293873AC8B39}_is1) (Version: 2.0 - Preispilot) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Razer DeathAdder(TM) Mouse (HKLM-x32\...\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}) (Version: 3.05 - Razer Inc.) Razer Tarantula (HKLM-x32\...\{655B9514-3963-490B-9EE1-431E80444889}) (Version: 5.01 - Razer USA Ltd.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6564 - Realtek Semiconductor Corp.) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Rotation Desktop for G Series.exe (HKLM\...\Rotation Desktop for G Series_is1) (Version: 1.0.0.9 - ASUSTEK Computer Inc) Roxio CinePlayer (HKLM-x32\...\{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}) (Version: 5.8.58232.1 - Roxio) SDK (x32 Version: 2.40.007 - Portrait Displays, Inc.) Hidden SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Stranded Deep (HKLM-x32\...\Steam App 313120) (Version: - Beam Team Games) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.43.0 - Synaptics Incorporated) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) This War of Mine (HKLM-x32\...\Steam App 282070) (Version: - 11 bit studios) THX TruStudio (HKLM-x32\...\{B11AB9C8-18A6-41DC-98B4-4988CC030136}) (Version: 1.03.01 - Creative Technology Limited) Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.0.3 - Electronic Arts) Titanfall™-Beta (HKLM-x32\...\{E933BD1A-9B05-42A3-A1CF-3DA81C72E454}) (Version: 1.0.0.0 - Electronic Arts) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.0 - ASUS) WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH) Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS) World of Goo (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}) (Version: - Oberon Media) WS Launcher (HKLM-x32\...\{575E5E77-2C8E-405F-AB8E-9A7418B704CF}) (Version: 0.0.0.9 - Launcher) Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation) גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation) بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation) معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden 適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 14-04-2015 15:30:23 Windows Update 14-04-2015 17:56:15 Revo Uninstaller's restore point - Ask Toolbar 14-04-2015 17:59:38 Revo Uninstaller's restore point - Search Protect 14-04-2015 18:05:27 Revo Uninstaller's restore point - Search Protect ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-04-14 19:34 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {035A019C-E04E-4CE5-9CBB-F1FC495CE4C9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {24EF5DBE-AFC1-487A-8E23-4E4BD7CB5161} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2012-01-31] (ASUSTek Computer Inc.) Task: {47641524-8A52-40C7-9903-F196D907D01F} - System32\Tasks\{1561C887-2692-4C88-91FD-660A9E6C6495} => pcalua.exe -a "C:\Program Files (x86)\Origin\EAProxyInstaller.exe" -d "C:\Program Files (x86)\Origin" Task: {4A93DE3E-8F60-49FF-915B-8B98A4728A53} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation) Task: {632A08B8-3C81-416E-9F27-410A74A8AAAE} - System32\Tasks\ASUS Patch 10430001 => C:\Windows\AsPatch10430001.exe Task: {6A2F713D-141A-49E4-87F7-DC992D620CC8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {6B3AD26E-6C79-43A9-AF85-D2F6F4255777} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-09-14] (Apple Inc.) Task: {99F6E8DB-5876-4331-8E2B-69BF6244E306} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {A3AA2048-F375-4231-9AED-563AE227C246} - \avaavaevy No Task File <==== ATTENTION Task: {A3DF5189-9B54-4436-B589-97226A2760B2} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-22] (ASUSTek Computer Inc.) Task: {C0BC8FBA-3DEB-4925-AC70-DAB73707D8B6} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-01-09] (ASUSTeK Computer Inc.) Task: {C2EC060E-1E6B-4807-BB4D-3C7D7DD769AE} - System32\Tasks\{7B90BDFD-FF6A-4E49-8237-7CC12D13C132} => pcalua.exe -a "C:\Program Files (x86)\Origin\EAProxyInstaller.exe" -d "C:\Program Files (x86)\Origin" Task: {D882862F-6011-443E-97A8-F4B6451D17B0} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-01-04] (ASUS) Task: {DAC59F23-66F5-441A-AF61-46D6C9344C78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {E7592D61-4BCC-44C2-8FB8-EE2735EF31FB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {F2E8DECD-5F53-444F-A781-F01557BE4B0B} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS) Task: {F79E7FCD-ABB1-4200-A5C3-FEBAD28F056C} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-01-30] (ASUSTek Computer Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============== 2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marci\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-1586699263-1730969920-3125584917-500 - Administrator - Disabled) Gast (S-1-5-21-1586699263-1730969920-3125584917-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-1586699263-1730969920-3125584917-1002 - Limited - Enabled) Marci (S-1-5-21-1586699263-1730969920-3125584917-1000 - Administrator - Enabled) => C:\Users\Marci postgres (S-1-5-21-1586699263-1730969920-3125584917-1006 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Bluetooth Module Description: Bluetooth Module Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Atheros Communications Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (04/15/2015 04:31:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Modules Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz Percentage of memory in use: 30% Total physical RAM: 8169.16 MB Available physical RAM: 5715.38 MB Total Pagefile: 16336.52 MB Available Pagefile: 14051.1 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:95.39 GB) (Free:13.23 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Games) (Fixed) (Total:118.08 GB) (Free:4.32 GB) NTFS Drive e: (Sonstiges) (Fixed) (Total:349.3 GB) (Free:274.56 GB) NTFS Drive f: (SDATA2) (Fixed) (Total:349.33 GB) (Free:123.84 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: E3102A4B) Partition 1: (Not Active) - (Size=25 GB) - (Type=1C) Partition 2: (Active) - (Size=95.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=118.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 698.6 GB) (Disk ID: BBC58B91) Partition 1: (Not Active) - (Size=349.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=349.3 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
15.04.2015, 20:18 | #6 |
/// the machine /// TB-Ausbilder | Windows 7: Ungültiges Bild (error) VC32LO Bitte einen Bericht mit Bluescreenview erstellen: Windows Bluescreen Absturz analysieren und beheben - so geht's - Anleitungen ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Windows 7: Ungültiges Bild (error) VC32LO |
15.04.2015, 20:52 | #7 |
| neuerstandCode:
ATTFilter ================================================== Dump File : 041515-9656-01.dmp Crash Time : 15.04.2015 16:34:12 Bug Check String : KMODE_EXCEPTION_NOT_HANDLED Bug Check Code : 0x0000001e Parameter 1 : 00000000`00000000 Parameter 2 : 00000000`00000000 Parameter 3 : 00000000`00000000 Parameter 4 : 00000000`00000000 Caused By Driver : athrx.sys Caused By Address : athrx.sys+7dfa9 File Description : Product Name : Company : File Version : Processor : x64 Crash Address : ntoskrnl.exe+74e90 Stack Address 1 : Stack Address 2 : Stack Address 3 : Computer Name : Full Path : C:\Windows\Minidump\041515-9656-01.dmp Processors Count : 8 Major Version : 15 Minor Version : 7601 Dump File Size : 368.416 Dump File Time : 15.04.2015 16:34:44 ================================================== ================================================== Dump File : 012115-10561-01.dmp Crash Time : 21.01.2015 18:04:49 Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA Bug Check Code : 0x00000050 Parameter 1 : ffffffff`ff429911 Parameter 2 : 00000000`00000000 Parameter 3 : fffff880`066192e0 Parameter 4 : 00000000`00000002 Caused By Driver : fltmgr.sys Caused By Address : fltmgr.sys+35ceb File Description : Product Name : Company : File Version : Processor : x64 Crash Address : ntoskrnl.exe+76e80 Stack Address 1 : Stack Address 2 : Stack Address 3 : Computer Name : Full Path : C:\Windows\Minidump\012115-10561-01.dmp Processors Count : 8 Major Version : 15 Minor Version : 7601 Dump File Size : 292.712 Dump File Time : 21.01.2015 18:05:22 ================================================== Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=81218e163e627840bc7166e4ecd488de # engine=23399 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-04-15 04:55:31 # local_time=2015-04-15 06:55:31 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 7836 180746781 0 0 # scanned=220531 # found=19 # cleaned=19 # scan_time=1656 sh=9DEF5E3D65404225EC02909B1F201426B1A7B228 ft=1 fh=8b2bbc42cbb403d1 vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir" sh=6E826493D60C3917BABB3D95B0AA367E8991712A ft=1 fh=0341a279d70a75aa vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir" sh=D0D7C464F9B094452AEE4273F4B295EDDA02D19C ft=1 fh=55ec89fd9650db0f vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1422894157764.vir" sh=D0D7C464F9B094452AEE4273F4B295EDDA02D19C ft=1 fh=55ec89fd9650db0f vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1423650641067.vir" sh=46BBA8C1AE634D4F9F254950A86CB05F704ACE33 ft=1 fh=6dfe405d34010908 vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1424070493270.vir" sh=0D0FE5EAD768ACE63EA7A8CE71E0EA79B2B23479 ft=1 fh=33c7f9ce5a28a230 vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1427296224760.vir" sh=1BC2BA11E8D9DFFF477707C793ABD89BF4B68FEE ft=1 fh=3e593d00866d36a6 vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1429018265562.vir" sh=1E6A776EF33296D1103518DEB9F089BC632449C6 ft=1 fh=b918b46fa959d4dd vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir" sh=BD50BAB45180B3D9399A3393459D97F99A1E5FEE ft=1 fh=84e389e7c76eee68 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun.vir" sh=F0CC8954C27C0FBB527768AF4BF6CD5A09307D41 ft=1 fh=c06a50fb38d4834c vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir" sh=BCA7F182073FEBB9355E0F2AD7E8D40907D15BD8 ft=1 fh=e302ed5515b8fbb8 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll.vir" sh=2C1F7F0352CC6FCF18E459685494A36D7F9DBE4D ft=1 fh=47c088a32d41df4d vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe.vir" sh=A9E041EC76E711153117A2B34A68C683ED6D42C7 ft=1 fh=a5c2a664c497cefd vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir" sh=4B1039CA7DBAEF98370766E3F12DD096E1D2633B ft=1 fh=8ee3b6f81d9d7e32 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir" sh=2C5C661298985666E11142F8379A2BD1393CB74B ft=1 fh=3fbe84fda904daa5 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir" sh=9ECAB8A9160B56EF61C35147B1DC19DD44435623 ft=1 fh=e4ea2d9edf8d817c vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir" sh=01B394BFD78AC1A88EF00B03878680F68FDD5291 ft=1 fh=80aefb8aa3c56326 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Marci\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKE2JYA0\OrbiterInstaller[1].exe" sh=97F1FD3EF47ED4A146AD252539F7D11872B1D4F1 ft=1 fh=1cf226db5a49708c vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Marci\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKE2JYA0\Setup[1].exe" sh=ED3463A7DB95D4B0A40B18FF7D4C3A198AFE9C87 ft=1 fh=b73262d5706d13f5 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Marci\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VV67JNLF\Stub[1].exe" Code:
ATTFilter Results of screen317's Security Check version 1.00 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Antivirus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 17 Java version 32-bit out of Date! Adobe Flash Player 16.0.0.305 Flash Player out of Date! Mozilla Firefox (Firefox.) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe windows defender MpCmdRun.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04 Ran by Marci (administrator) on ASUSG74 on 15-04-2015 21:47:29 Running from C:\Users\Marci\Desktop Loaded Profiles: Marci (Available profiles: Marci) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ASUS) C:\Program Files\Asus\P4G\BatteryLife.exe (ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe () C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe () C:\Program Files\EslWire\service\WireHelperSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Spotify Ltd) C:\Users\Marci\AppData\Roaming\Spotify\SpotifyWebHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Dropbox, Inc.) C:\Users\Marci\AppData\Roaming\Dropbox\bin\Dropbox.exe (ASUS) C:\Windows\AsScrPro.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe () C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe () C:\ExpressGateUtil\VAWinAgent.exe () C:\ExpressGateUtil\VAWinService.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Razer Inc.) C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe () C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Razer USA Ltd.) C:\Program Files (x86)\Razer\Tarantula\razerhid.exe (Portrait Displays, Inc) C:\Program Files (x86)\BenQ\Display Pilot\dthtml.exe (Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE () C:\Program Files (x86)\Razer\Tarantula\razertra.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe () C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe () C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (Bohemia Interactive) D:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Bohemia Interactive) D:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe (Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2869008 2012-01-26] (Synaptics Incorporated) HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [100112 2012-01-26] (Synaptics Incorporated) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2011-10-19] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme) HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2011-12-20] (ASUS) HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909312 2011-03-17] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe [84464 2011-04-01] () HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-04-08] () HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [DeathAdder] => C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [248832 2012-01-14] () HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-06] (ASUS) HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [48128 2012-07-19] (Windows (R) Win 7 DDK provider) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) HKLM-x32\...\Run: [Tarantula] => C:\Program Files (x86)\Razer\Tarantula\razerhid.exe [159744 2007-05-07] (Razer USA Ltd.) HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [112424 2013-06-18] () HKLM-x32\...\Run: [DT BEN] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [122384 2013-11-12] (Portrait Displays, Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-06] (Acresso Corporation) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Run: [Spotify Web Helper] => C:\Users\Marci\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-14] (Spotify Ltd) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Run: [Spotify] => C:\Users\Marci\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-14] (Spotify Ltd) Startup: C:\Users\Marci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-03-22] (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-03-22] (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default FF Homepage: https://www.youtube.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] () FF Plugin-x32: @esn/esnlaunch,version=1.116.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.122.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.138.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-03-22] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation) FF Plugin HKU\S-1-5-21-1586699263-1730969920-3125584917-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-11-25] () FF Extension: Segurança do navegador Avira - C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\Extensions\abs@avira.com [2015-03-31] FF Extension: Battlefield Heroes Updater - C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\Extensions\battlefieldheroespatcher@ea.com [2012-10-01] FF Extension: MEGA - C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\Extensions\firefox@mega.co.nz.xpi [2014-12-20] FF Extension: Adblock Plus - C:\Users\Marci\AppData\Roaming\Mozilla\Firefox\Profiles\0lxcl8t7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-10] FF HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG) R2 AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [113840 2010-07-27] () [File not signed] R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed] S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [817536 2015-01-27] () S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-12-20] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-12-20] (Creative Labs) [File not signed] R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2013-11-12] (Portrait Displays, Inc.) R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2013-06-11] () R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-25] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-18] () R2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2011-01-28] (PostgreSQL Global Development Group) [File not signed] R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-03-26] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-01-30] (ASUSTek Computer Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG) S3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [25528 2012-01-24] (Turtle Entertainment GmbH) R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [184968 2013-12-22] (<Turtle Entertainment>) R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [76584 2012-07-19] (Fresco Logic) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-01-26] (Synaptics Incorporated) R3 TarFltr; C:\Windows\System32\drivers\UsbFltr.sys [49664 2007-04-11] (Razer USA Ltd.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 21:47 - 2015-04-15 21:47 - 00027875 _____ () C:\Users\Marci\Desktop\FRST.txt 2015-04-15 21:47 - 2015-04-15 21:47 - 00000000 ____D () C:\Users\Marci\Desktop\FRST-OlderVersion 2015-04-15 21:46 - 2015-04-15 21:46 - 00000891 _____ () C:\Users\Marci\Desktop\checkup.txt 2015-04-15 21:43 - 2015-04-15 21:43 - 00003754 _____ () C:\Users\Marci\Desktop\bluescrenn.txt 2015-04-15 17:49 - 2015-04-15 21:46 - 00000000 ____D () C:\Users\Marci\Desktop\Virus 2015-04-15 16:34 - 2015-04-15 16:34 - 733888429 _____ () C:\Windows\MEMORY.DMP 2015-04-15 16:34 - 2015-04-15 16:34 - 00368416 _____ () C:\Windows\Minidump\041515-9656-01.dmp 2015-04-15 16:28 - 2015-04-15 16:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ASUSG74-Windows-7-Home-Premium-(64-bit).dat 2015-04-15 16:28 - 2015-04-15 16:28 - 00000000 ____D () C:\RegBackup 2015-04-15 16:22 - 2015-04-15 16:26 - 00000000 ____D () C:\AdwCleaner 2015-04-15 16:08 - 2015-04-15 17:34 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-15 16:08 - 2015-04-15 16:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-04-15 16:08 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-15 16:08 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-15 16:08 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-04-14 19:36 - 2015-04-14 19:36 - 00046876 _____ () C:\ComboFix.txt 2015-04-14 19:30 - 2015-04-14 19:36 - 00000000 ____D () C:\ComboFix 2015-04-14 18:12 - 2015-04-14 19:36 - 00000000 ____D () C:\Qoobox 2015-04-14 18:12 - 2015-04-14 19:35 - 00000000 ____D () C:\Windows\erdnt 2015-04-14 18:12 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-04-14 18:12 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-04-14 18:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-04-14 18:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-04-14 18:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-04-14 18:12 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-04-14 18:12 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-04-14 18:12 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-04-14 17:54 - 2015-04-14 17:54 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-04-14 16:44 - 2015-04-15 21:47 - 00000000 ____D () C:\FRST 2015-04-14 16:42 - 2015-04-15 21:47 - 02097664 _____ (Farbar) C:\Users\Marci\Desktop\FRST64.exe 2015-04-05 11:31 - 2015-04-05 11:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX 2015-03-26 16:08 - 2015-04-09 19:47 - 00000000 ____D () C:\Users\Marci\AppData\Local\Arma 3 Launcher 2015-03-26 16:08 - 2015-03-26 16:08 - 00000000 ____D () C:\Users\Marci\AppData\Local\Bohemia_Interactive 2015-03-25 17:10 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-03-25 17:10 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-03-25 17:10 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-03-25 17:10 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-03-25 17:10 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-03-25 17:10 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-03-25 17:10 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-03-25 17:10 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 21:45 - 2013-03-23 15:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-15 21:45 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-15 21:45 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-15 21:26 - 2014-03-24 18:52 - 00000000 ____D () C:\Users\Marci\AppData\Local\Arma 3 2015-04-15 21:26 - 2014-03-18 21:44 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-04-15 21:23 - 2011-12-20 01:03 - 01183011 _____ () C:\Windows\WindowsUpdate.log 2015-04-15 21:12 - 2012-03-01 23:02 - 00000000 ____D () C:\Users\Marci\AppData\Roaming\TS3Client 2015-04-15 19:46 - 2013-03-23 15:44 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-04-15 19:46 - 2013-03-23 15:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-04-15 19:46 - 2012-03-06 02:39 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-04-15 16:41 - 2011-02-19 06:24 - 00711530 _____ () C:\Windows\system32\perfh007.dat 2015-04-15 16:41 - 2011-02-19 06:24 - 00153720 _____ () C:\Windows\system32\perfc007.dat 2015-04-15 16:41 - 2009-07-14 07:13 - 01652988 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-15 16:40 - 2014-01-30 19:04 - 00000000 ____D () C:\Users\Marci\AppData\Local\Spotify 2015-04-15 16:35 - 2013-12-08 13:33 - 00000000 ____D () C:\Users\Marci\AppData\Local\CrashDumps 2015-04-15 16:35 - 2012-09-23 23:01 - 00000000 ___RD () C:\Users\Marci\Dropbox 2015-04-15 16:35 - 2012-09-23 22:59 - 00000000 ____D () C:\Users\Marci\AppData\Roaming\Dropbox 2015-04-15 16:34 - 2015-01-21 18:05 - 00000000 ____D () C:\Windows\Minidump 2015-04-15 16:34 - 2014-01-30 19:02 - 00000000 ____D () C:\Users\Marci\AppData\Roaming\Spotify 2015-04-15 16:34 - 2013-10-31 18:41 - 00000380 _____ () C:\Users\Marci\AppData\Roaming\sp_data.sys 2015-04-15 16:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-15 16:34 - 2009-07-14 06:51 - 00352918 _____ () C:\Windows\setupact.log 2015-04-15 16:26 - 2011-10-19 05:20 - 00637616 _____ () C:\Windows\PFRO.log 2015-04-14 19:34 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2015-04-14 19:07 - 2009-07-14 04:34 - 86507520 _____ () C:\Windows\system32\config\SOFTWARE.bak 2015-04-14 19:07 - 2009-07-14 04:34 - 23592960 _____ () C:\Windows\system32\config\SYSTEM.bak 2015-04-14 19:07 - 2009-07-14 04:34 - 00946176 _____ () C:\Windows\system32\config\DEFAULT.bak 2015-04-14 19:07 - 2009-07-14 04:34 - 00061440 _____ () C:\Windows\system32\config\SAM.bak 2015-04-14 19:07 - 2009-07-14 04:34 - 00032768 _____ () C:\Windows\system32\config\SECURITY.bak 2015-04-14 18:18 - 2009-07-14 04:34 - 137101312 _____ () C:\Windows\system32\config\components.bak 2015-04-14 18:04 - 2014-01-30 19:04 - 00001808 _____ () C:\Users\Marci\Desktop\Spotify.lnk 2015-04-14 18:04 - 2014-01-30 19:04 - 00001794 _____ () C:\Users\Marci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-04-12 12:57 - 2012-09-23 22:59 - 00000000 ____D () C:\Users\Marci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-04-08 15:36 - 2012-05-08 16:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-07 15:45 - 2013-08-16 11:08 - 00000000 ____D () C:\Users\Marci\AppData\Roaming\Avira 2015-03-26 16:06 - 2014-12-11 15:18 - 00000000 ____D () C:\Windows\system32\appraiser 2015-03-26 16:06 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-03-25 17:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF ==================== Files in the root of some directories ======= 2012-03-04 16:37 - 2012-01-24 14:50 - 0168864 _____ () C:\Program Files\Common Files\WireHelpSvc.exe 2014-05-11 20:52 - 2014-05-11 20:52 - 0000282 _____ () C:\Users\Marci\AppData\Roaming\BreakingPoint_Login.ini 2014-05-10 23:03 - 2014-05-11 20:54 - 0001301 _____ () C:\Users\Marci\AppData\Roaming\BreakingPoint_Options.ini 2013-10-31 18:41 - 2015-04-15 16:34 - 0000380 _____ () C:\Users\Marci\AppData\Roaming\sp_data.sys 2014-02-26 18:41 - 2014-11-19 18:37 - 0007623 _____ () C:\Users\Marci\AppData\Local\Resmon.ResmonCfg 2011-10-19 06:26 - 2010-10-06 18:45 - 0131984 _____ () C:\ProgramData\FullRemove.exe 2011-12-20 01:18 - 2011-12-20 01:18 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2011-12-20 01:17 - 2011-12-20 01:17 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-12-20 01:17 - 2011-12-20 01:17 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some content of TEMP: ==================== C:\Users\Marci\AppData\Local\Temp\avgnt.exe C:\Users\Marci\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkpjaan.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-14 07:47 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 04 Ran by Marci at 2015-04-15 21:47:52 Running from C:\Users\Marci\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\uTorrent) (Version: 3.4.2.38397 - BitTorrent Inc.) A3Launcher version 0.0.0.9 (HKLM-x32\...\{E31045B4-9DB5-9EBD-44DF-BD4CFDE640DF}_is1) (Version: 0.0.0.9 - Maca134) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead Beta (Obsolete) (HKLM-x32\...\Steam App 219540) (Version: - ) Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive) Assassin's Creed(R) III v1.03 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.03 - Ubisoft) ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS) ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0013 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.2 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.0 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0040 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.8 - ASUS) ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS) ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.) AsusScr_G74 Series_ENG (HKLM-x32\...\AsusScr_G74 Series_ENG) (Version: 1.0.0001 - ASUS) AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.7.142 - ASUSTEK) Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS) Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.4.0.0 - Electronic Arts) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts) Battlefield 4™ Beta (HKLM-x32\...\{CFAB3721-549D-4827-A4E8-7F90192114AB}) (Version: 1.0.0.0 - Electronic Arts) Battlefield™ Hardline Beta (HKLM-x32\...\{599276A7-F45D-40B1-A0B6-CF132A1CAD49}) (Version: 1.0.0.5 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - ) Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.) CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) DayZ Commander (HKLM-x32\...\{7B2CA5E9-763C-4FCE-81EE-13E81ABFE908}) (Version: 0.92.115 - Dotjosh Studios) DayZLauncher version 0.0.0.7 (HKLM-x32\...\{E31045B4-9DB5-44DF-9EBD-BD4CFDE640FD}_is1) (Version: 0.0.0.7 - Maca134) Deadtime Stories (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}) (Version: - Oberon Media) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version: - Blizzard Entertainment) Die Siedler 7 (HKLM-x32\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden Display Pilot (HKLM-x32\...\{6DD25D67-4339-47A1-950E-EEFC321CBB24}) (Version: 2.11.002 - Portrait Displays, Inc.) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Dropbox (HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.) Dying Light (HKLM-x32\...\Steam App 239140) (Version: - Techland) ESL Wire 1.17.3 (HKLM\...\ESL Wire_is1) (Version: - Turtle Entertainment GmbH) ExpressGateCloud (HKLM-x32\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 2.6.27.160 - VideACE Co.) ExpressGateCloud (x32 Version: 2.6.27.160 - VideACE Co.) Hidden Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.04 - Ubisoft) Farm Frenzy 3 - Madagascar (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119205603}) (Version: - Oberon Media) Free YouTube to MP3 Converter version 3.12.42.716 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.42.716 - DVDVideoSoft Ltd.) Fresco Logic USB3.0 Host Controller (HKLM\...\{FFF6BB59-380A-4338-AEFB-226F511C0713}) (Version: 3.5.73.0 - Fresco Logic Inc.) Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Game Park Console (HKLM-x32\...\Game Park Console) (Version: 1.2.4.431 - Oberon Media Inc.) GameFast.exe (HKLM\...\GameFast_is1) (Version: 1.0.0.1 - ASUSTEK Computer Inc) Go Go Gourmet Chef of the Year (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}) (Version: - Oberon Media) Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto) Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version: - ) iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel) iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.) Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Mahjong Memoirs (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}) (Version: - Oberon Media) Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Medal of Honor™ Warfighter (HKLM-x32\...\{48379835-BF2E-4487-9CB1-D5E654502B53}) (Version: 1.0.0.0 - Electronic Arts) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.2.0.0 - Electronic Arts) Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.) NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.) Pivot Pro Plugin (x32 Version: 9.61.004 - Portrait Displays, Inc.) Hidden Plants vs Zombies (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}) (Version: - Oberon Media) PokerClue (HKLM-x32\...\{4C48700A-1A06-4DB1-A5E5-B25520C1ED54}) (Version: 1.00.0000 - Koreleone | Software) PokerRoom Home Game Organizer (HKLM-x32\...\PokerRoom Home Game Organizer) (Version: - ) PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu) Pokerstartkapital BlindTimer v3.1 (HKLM-x32\...\Pokerstartkapital.info BlindTimer_is1) (Version: - Pokerstartkapital) PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group) Preispilot für Firefox (HKLM-x32\...\{0D8E6567-7082-48DB-A305-293873AC8B39}_is1) (Version: 2.0 - Preispilot) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Razer DeathAdder(TM) Mouse (HKLM-x32\...\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}) (Version: 3.05 - Razer Inc.) Razer Tarantula (HKLM-x32\...\{655B9514-3963-490B-9EE1-431E80444889}) (Version: 5.01 - Razer USA Ltd.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6564 - Realtek Semiconductor Corp.) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Rotation Desktop for G Series.exe (HKLM\...\Rotation Desktop for G Series_is1) (Version: 1.0.0.9 - ASUSTEK Computer Inc) Roxio CinePlayer (HKLM-x32\...\{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}) (Version: 5.8.58232.1 - Roxio) SDK (x32 Version: 2.40.007 - Portrait Displays, Inc.) Hidden SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Stranded Deep (HKLM-x32\...\Steam App 313120) (Version: - Beam Team Games) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.43.0 - Synaptics Incorporated) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) This War of Mine (HKLM-x32\...\Steam App 282070) (Version: - 11 bit studios) THX TruStudio (HKLM-x32\...\{B11AB9C8-18A6-41DC-98B4-4988CC030136}) (Version: 1.03.01 - Creative Technology Limited) Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.0.3 - Electronic Arts) Titanfall™-Beta (HKLM-x32\...\{E933BD1A-9B05-42A3-A1CF-3DA81C72E454}) (Version: 1.0.0.0 - Electronic Arts) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.0 - ASUS) WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH) Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS) World of Goo (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}) (Version: - Oberon Media) WS Launcher (HKLM-x32\...\{575E5E77-2C8E-405F-AB8E-9A7418B704CF}) (Version: 0.0.0.9 - Launcher) Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation) גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation) بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation) معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden 適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586699263-1730969920-3125584917-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marci\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-04-14 19:34 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {035A019C-E04E-4CE5-9CBB-F1FC495CE4C9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {24EF5DBE-AFC1-487A-8E23-4E4BD7CB5161} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2012-01-31] (ASUSTek Computer Inc.) Task: {47641524-8A52-40C7-9903-F196D907D01F} - System32\Tasks\{1561C887-2692-4C88-91FD-660A9E6C6495} => pcalua.exe -a "C:\Program Files (x86)\Origin\EAProxyInstaller.exe" -d "C:\Program Files (x86)\Origin" Task: {4A93DE3E-8F60-49FF-915B-8B98A4728A53} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation) Task: {632A08B8-3C81-416E-9F27-410A74A8AAAE} - System32\Tasks\ASUS Patch 10430001 => C:\Windows\AsPatch10430001.exe Task: {6A2F713D-141A-49E4-87F7-DC992D620CC8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {6B3AD26E-6C79-43A9-AF85-D2F6F4255777} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-09-14] (Apple Inc.) Task: {99F6E8DB-5876-4331-8E2B-69BF6244E306} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {A3AA2048-F375-4231-9AED-563AE227C246} - \avaavaevy No Task File <==== ATTENTION Task: {A3DF5189-9B54-4436-B589-97226A2760B2} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-22] (ASUSTek Computer Inc.) Task: {C0BC8FBA-3DEB-4925-AC70-DAB73707D8B6} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-01-09] (ASUSTeK Computer Inc.) Task: {C2EC060E-1E6B-4807-BB4D-3C7D7DD769AE} - System32\Tasks\{7B90BDFD-FF6A-4E49-8237-7CC12D13C132} => pcalua.exe -a "C:\Program Files (x86)\Origin\EAProxyInstaller.exe" -d "C:\Program Files (x86)\Origin" Task: {D882862F-6011-443E-97A8-F4B6451D17B0} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-01-04] (ASUS) Task: {DAC59F23-66F5-441A-AF61-46D6C9344C78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated) Task: {E7592D61-4BCC-44C2-8FB8-EE2735EF31FB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {F2E8DECD-5F53-444F-A781-F01557BE4B0B} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS) Task: {F79E7FCD-ABB1-4200-A5C3-FEBAD28F056C} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-01-30] (ASUSTek Computer Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============== 2013-10-31 18:39 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-12-04 22:12 - 2013-11-12 12:44 - 00274960 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dthook.dll 2012-02-06 12:35 - 2012-01-09 20:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll 2009-03-02 04:08 - 2009-03-02 04:08 - 00003584 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\LogicNP.PropSheetExtensionHelper_x64.dll 2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2011-12-20 01:13 - 2010-07-27 20:40 - 00113840 _____ () C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe 2013-12-22 16:08 - 2013-06-11 11:52 - 00663056 _____ () C:\Program Files\EslWire\service\WireHelperSvc.exe 2013-12-22 16:08 - 2013-07-09 13:12 - 00214016 _____ () C:\Program Files\EslWire\service\NocIPC64.dll 2011-12-20 01:14 - 2010-06-08 23:23 - 00236544 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL 2012-02-20 12:26 - 2014-06-18 22:24 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2011-04-01 13:23 - 2011-04-01 13:23 - 00084464 _____ () C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe 2011-04-08 07:26 - 2011-04-08 07:26 - 00045448 _____ () C:\ExpressGateUtil\VAWinAgent.exe 2011-03-26 03:55 - 2011-03-26 03:55 - 00091464 _____ () C:\ExpressGateUtil\VAWinService.exe 2012-02-29 21:37 - 2012-01-14 13:56 - 00248832 _____ () C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe 2012-02-29 21:37 - 2011-04-14 12:48 - 01758208 _____ () C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe 2014-11-23 15:03 - 2007-03-05 19:17 - 00143360 _____ () C:\Program Files (x86)\Razer\Tarantula\razertra.exe 2014-12-04 22:12 - 2013-06-18 13:26 - 00677160 _____ () C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe 2014-12-04 22:12 - 2013-06-18 13:26 - 00714024 _____ () C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe 2014-03-16 16:37 - 2014-03-16 16:37 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll 2014-03-16 16:37 - 2014-03-16 16:37 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll 2014-03-16 16:37 - 2014-03-16 16:37 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll 2012-02-15 12:33 - 2014-08-07 17:36 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll 2012-02-15 12:33 - 2014-08-07 17:36 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll 2014-03-16 16:37 - 2014-03-16 16:37 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll 2014-03-16 16:37 - 2014-03-16 16:37 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll 2012-02-15 12:33 - 2014-08-07 17:36 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll 2013-11-07 18:43 - 2014-08-07 17:36 - 00579016 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll 2014-03-16 16:37 - 2014-03-16 16:37 - 00159232 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll 2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2013-01-27 00:32 - 2011-01-28 07:15 - 00172032 _____ () c:\postgreSQL\bin\LIBPQ.dll 2015-04-15 16:34 - 2015-04-15 16:34 - 00043008 _____ () c:\users\marci\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkpjaan.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Marci\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Marci\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Marci\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Marci\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2013-01-27 00:32 - 2009-02-12 21:01 - 00976384 _____ () c:\postgreSQL\bin\libxml2.dll 2013-01-27 00:32 - 2005-07-20 12:48 - 00059904 _____ () c:\postgreSQL\bin\zlib1.dll 2011-03-26 03:55 - 2011-03-26 03:55 - 00157000 _____ () C:\ExpressGateUtil\libexpat.dll 2011-03-26 03:55 - 2011-03-26 03:55 - 00061768 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL 2010-08-20 19:57 - 2010-08-20 19:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2010-08-20 19:57 - 2010-08-20 19:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2012-02-06 19:32 - 2012-02-06 19:32 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll 2012-01-31 09:25 - 2012-01-31 09:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll 2014-12-04 22:12 - 2013-11-12 12:44 - 00187920 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll 2014-03-18 21:50 - 2015-03-10 08:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-01-20 08:31 - 2014-12-02 02:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-01-20 08:31 - 2014-12-02 02:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-01-20 08:31 - 2014-12-02 02:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2014-05-22 16:08 - 2015-04-14 01:44 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll 2014-08-29 15:13 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-08-29 15:13 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2014-08-29 15:13 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-08-29 15:13 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2014-08-29 15:13 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2014-03-18 21:50 - 2015-04-14 01:44 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2014-03-18 21:50 - 2015-02-25 03:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2014-12-18 17:08 - 2015-04-09 18:14 - 00251392 _____ () C:\Program Files (x86)\Steam\steamapps\common\Arma 3\Launcher\SteamLayerWrap.dll 2014-03-18 21:50 - 2015-04-14 01:44 - 00363712 _____ () C:\Program Files (x86)\Steam\steam.dll 2014-03-24 19:23 - 2014-12-18 17:23 - 00597888 _____ () C:\Users\Marci\AppData\Local\Arma 3\BattlEye\BEClient.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1586699263-1730969920-3125584917-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marci\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-1586699263-1730969920-3125584917-500 - Administrator - Disabled) Gast (S-1-5-21-1586699263-1730969920-3125584917-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-1586699263-1730969920-3125584917-1002 - Limited - Enabled) Marci (S-1-5-21-1586699263-1730969920-3125584917-1000 - Administrator - Enabled) => C:\Users\Marci postgres (S-1-5-21-1586699263-1730969920-3125584917-1006 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Bluetooth Module Description: Bluetooth Module Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Atheros Communications Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (04/15/2015 09:46:41 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/15/2015 06:57:34 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/15/2015 06:20:36 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/15/2015 06:20:21 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/15/2015 06:19:08 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/15/2015 04:35:22 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.ServiceHost.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.TypeInitializationException Stapel: bei NLog.Common.InternalLogger.Debug(System.String, System.Object[]) bei NLog.LogFactory.get_Configuration() bei NLog.LogFactory.GetLogger(LoggerCacheKey) bei NLog.LogFactory.GetLogger(System.String) bei NLog.LogManager.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/15/2015 04:35:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.ServiceHost.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.TypeInitializationException Stapel: bei NLog.Common.InternalLogger.Debug(System.String, System.Object[]) bei NLog.LogFactory.get_Configuration() bei NLog.LogFactory.GetLogger(LoggerCacheKey) bei NLog.LogFactory.GetLogger(System.String) bei NLog.LogManager.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/15/2015 04:35:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Avira.OE.Systray.exe, Version: 1.1.27.25537, Zeitstempel: 0x546de872 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86 Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000c42d ID des fehlerhaften Prozesses: 0x12d4 Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Systray.exe0 Pfad der fehlerhaften Anwendung: Avira.OE.Systray.exe1 Pfad des fehlerhaften Moduls: Avira.OE.Systray.exe2 Berichtskennung: Avira.OE.Systray.exe3 Error: (04/15/2015 04:34:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.Systray.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException Stapel: bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef) bei System.Configuration.BaseConfigurationRecord.GetSection(System.String) bei System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String) bei System.Configuration.ConfigurationManager.get_AppSettings() bei Avira.OE.WinCore.OeProductInfo.get_Culture() bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings() bei Avira.OE.Systray.Program.Main(System.String[]) Error: (04/15/2015 04:34:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.ServiceHost.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.TypeInitializationException Stapel: bei NLog.Common.InternalLogger.Debug(System.String, System.Object[]) bei NLog.LogFactory.get_Configuration() bei NLog.LogFactory.GetLogger(LoggerCacheKey) bei NLog.LogFactory.GetLogger(System.String) bei NLog.LogManager.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() System errors: ============= Error: (04/15/2015 04:35:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert. Error: (04/15/2015 04:35:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/15/2015 04:35:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (04/15/2015 04:34:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (04/15/2015 04:34:47 PM) (Source: Service Control Manager) (EventID: 7005) (User: ) Description: Der Aufruf "LoadUserProfile" ist aufgrund folgenden Fehlers fehlgeschlagen: %%3 Error: (04/15/2015 04:34:46 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (04/15/2015 04:34:45 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP041515-9656-01 Error: (04/15/2015 04:34:44 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 15.04.2015 um 16:33:44 unerwartet heruntergefahren. Error: (04/15/2015 04:31:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Modules Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Microsoft Office Sessions: ========================= Error: (04/15/2015 09:46:41 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Marci\Desktop\Virus\esetsmartinstaller_deu.exe Error: (04/15/2015 06:57:34 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (04/15/2015 06:20:36 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Marci\Desktop\esetsmartinstaller_deu.exe Error: (04/15/2015 06:20:21 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Marci\Desktop\esetsmartinstaller_deu.exe Error: (04/15/2015 06:19:08 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Marci\Desktop\esetsmartinstaller_deu.exe Error: (04/15/2015 04:35:22 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.ServiceHost.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.TypeInitializationException Stapel: bei NLog.Common.InternalLogger.Debug(System.String, System.Object[]) bei NLog.LogFactory.get_Configuration() bei NLog.LogFactory.GetLogger(LoggerCacheKey) bei NLog.LogFactory.GetLogger(System.String) bei NLog.LogManager.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/15/2015 04:35:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.ServiceHost.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.TypeInitializationException Stapel: bei NLog.Common.InternalLogger.Debug(System.String, System.Object[]) bei NLog.LogFactory.get_Configuration() bei NLog.LogFactory.GetLogger(LoggerCacheKey) bei NLog.LogFactory.GetLogger(System.String) bei NLog.LogManager.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/15/2015 04:35:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Avira.OE.Systray.exe1.1.27.25537546de872KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d12d401d0778954da4e1cC:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exeC:\Windows\syswow64\KERNELBASE.dll99094360-e37c-11e4-8983-5404a64be8ae Error: (04/15/2015 04:34:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.Systray.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException Stapel: bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef) bei System.Configuration.BaseConfigurationRecord.GetSection(System.String) bei System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String) bei System.Configuration.ConfigurationManager.get_AppSettings() bei Avira.OE.WinCore.OeProductInfo.get_Culture() bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings() bei Avira.OE.Systray.Program.Main(System.String[]) Error: (04/15/2015 04:34:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.ServiceHost.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.TypeInitializationException Stapel: bei NLog.Common.InternalLogger.Debug(System.String, System.Object[]) bei NLog.LogFactory.get_Configuration() bei NLog.LogFactory.GetLogger(LoggerCacheKey) bei NLog.LogFactory.GetLogger(System.String) bei NLog.LogManager.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz Percentage of memory in use: 59% Total physical RAM: 8169.16 MB Available physical RAM: 3316.5 MB Total Pagefile: 16336.52 MB Available Pagefile: 8309.05 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:95.39 GB) (Free:15.54 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Games) (Fixed) (Total:118.08 GB) (Free:3.92 GB) NTFS Drive e: (Sonstiges) (Fixed) (Total:349.3 GB) (Free:274.44 GB) NTFS Drive f: (SDATA2) (Fixed) (Total:349.33 GB) (Free:123.84 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: E3102A4B) Partition 1: (Not Active) - (Size=25 GB) - (Type=1C) Partition 2: (Active) - (Size=95.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=118.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 698.6 GB) (Disk ID: BBC58B91) Partition 1: (Not Active) - (Size=349.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=349.3 GB) - (Type=07 NTFS) ==================== End Of Log ============================ PS: ESET ist von heute nachmittag, dachte mir schon das das kommt |
16.04.2015, 10:48 | #8 |
/// the machine /// TB-Ausbilder | Windows 7: Ungültiges Bild (error) VC32LO Java udn Flash updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {A3AA2048-F375-4231-9AED-563AE227C246} - \avaavaevy No Task File <==== ATTENTION Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Kam der BSOD nochmal?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
16.04.2015, 15:27 | #9 |
| Stand 16.04.15 16:30Uhr Hallo schrauber, Nein kam kein Bluescreen mehr. Hier die Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 04 Ran by Marci at 2015-04-16 16:24:31 Run:1 Running from C:\Users\Marci\Desktop Loaded Profiles: Marci (Available profiles: Marci) Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {A3AA2048-F375-4231-9AED-563AE227C246} - \avaavaevy No Task File <==== ATTENTION Emptytemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3AA2048-F375-4231-9AED-563AE227C246}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3AA2048-F375-4231-9AED-563AE227C246}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaavaevy" => Key deleted successfully. EmptyTemp: => Removed 363 MB temporary data. The system needed a reboot. ==== End of Fixlog 16:24:45 ==== lg Marci |
16.04.2015, 21:31 | #10 |
/// the machine /// TB-Ausbilder | Windows 7: Ungültiges Bild (error) VC32LOCleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung: Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
17.04.2015, 00:28 | #11 |
| Danke, und raus Herzlichen Dank, schrauber. Klasse Arbeit. Spende ist raus. lg Marci |
17.04.2015, 19:35 | #12 |
/// the machine /// TB-Ausbilder | Windows 7: Ungültiges Bild (error) VC32LO Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 7: Ungültiges Bild (error) VC32LO |
antivir, antivirus, avira, bonjour, browser, canon, computer, converter, device driver, error, failed, firefox, flash player, home, homepage, launch, mozilla, mp3, newtab, problem, programm, realtek, registry, rundll, scan, security, starten, svchost.exe, ungültiges bild, vc32lo~1.dll, windows |