| |
| |||||||
Log-Analyse und Auswertung: Verdacht auf einen VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.07.2015, 22:28
| #1 |
 |  Verdacht auf einen Virus Hallo. Habe heute eine Virenmeldung von G Data bekommen. Habe natürlich G Data erstmal durchlaufen lassen und auch einen Virus gefunden, G Data konnte den aber irgendwie nicht entfernen. Anschließend habe ich adwcleaner und Malwarebytes drüberlaufen lassen, die haben nichts gefunden. Ich will sichergehen, dass sich kein Virus auf meinem Pc befindet und hoffe ihr könnte mir da helfen. GMER: Konnte ich nicht Scannen wegen einer Fehlermeldung: C:\ Windows\ system32\ \ config\ system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 11.07.2015 Suchlaufzeit: 20:43 Protokolldatei: malwarebytes.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.07.11.03 Rootkit-Datenbank: v2015.07.10.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: User Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 340940 Abgelaufene Zeit: 25 Min., 31 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter Virenprüfung mit G DATA INTERNET SECURITY
Version 25.1.0.4 (16.04.2015)
Virensignaturen vom 11.07.2015
Startzeit: 11.07.2015 18:35:57
Engine(s): Engine A (AVA 25.2469), Engine B (GD 25.5347)
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
RootKits prüfen: Ein
Prüfung der Systembereiche...
Prüfung aller im Speicher befindlichen Prozesse und Verweise im Autostart...
Prüfung auf RootKits...
Prüfung aller lokalen Festplatten...
Analyse vollständig durchgeführt: 11.07.2015 20:41:10
263365 Dateien überprüft
1 infizierte Dateien gefunden
0 verdächtige Dateien gefunden
Objekt: $RON3GK3.scr
Pfad: C:\$Recycle.Bin\S-1-5-21-3928150652-2756980015-3035233101-1000
Status: Virus konnte nicht entfernt werden
Virus: Trojan.MSIL.Crypt.AC (Engine A)
Der Zugriff auf die folgenden Dateien wurde verweigert:
----------------------------------------------------------------
C:\Windows\CSC\v2.0.6\temp\ea-e470ab33-8674-11e0-824d-adb55d1d1283
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTSteam Event Tracing.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat5718f0cf-ceff-11e4-bffb-d0509955f44c.TMContainer00000000000000000001.regtrans-ms
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat5718f0cf-ceff-11e4-bffb-d0509955f44c.TMContainer00000000000000000002.regtrans-ms
C:\Windows\winsxs\Temp\PendingRenames\04717f206fa3d001e90b000058183410.install.ins
C:\Windows\winsxs\Temp\PendingRenames\84e252106fa3d001440b000058183410.install.ins
C:\Windows\winsxs\Temp\PendingRenames\887f8b106fa3d001450b000058183410.install.ins
C:\Windows\winsxs\Temp\PendingRenames\e79888206fa3d001ea0b000058183410.install.ins
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0511520e105d9f961b12ecb5e536210f_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\03cc84904e5f466e37dba0a8954a5935_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\065e0cb2b9bed217c85d0d07862a8b63_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\084c9034a8ba0012e470624916c9dcde_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0e780c930bef085a2202fdb6ee09a81d_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0f020414d7ca279e96bd0969a14f63a2_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0ec3e8bc769bb14a1dae7b101efcbe07_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\105b19841db24ba98fdf784acd603c7b_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\13f193f882eac9dea0217424ad332c0b_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\14d04f1ac14e2299ca8f581d5af20b64_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\15c4009acc1c2d32eb09fc2a4aad5952_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1d81a42ad31d4eacf6d084b7c7994c99_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\12675b74054058b7b9a4bf2b7def7817_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1754446701da5de1508d32b167f6325f_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\11a925468c140724d55d2a29fb485ec5_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1ff0ca0bb2855de41357e9eff2428b5e_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1d832c3625699b18f0ea849c3b206035_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\21a594ddc028f006e89a5504314948ec_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\213358e9f095003dafdeab5b727902ca_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\228fa54bfadc47ef37b0021d70789e76_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\24ce7058b76fb1b73fc4a08584bfe494_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\23d630d48dbb16968fe3306db3dac02f_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\24cf5e445b7ff5ef41f2a988132db7f2_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\28babbb3d75600a91f31fa49a00ecc27_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2648dd723e89629ba592e52a30eac969_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\29b29385fcbf6f32bcb270cccc8c28ef_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\28c5f578c52026335a5efa026ba47055_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2e896cbaec2359ea3e2ddbba6e626179_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2dca701521d8ec5f1d153208c47c4dc8_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\305379a90f6d9a8f035b5192d1dfc0a5_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3392367c34d96f39ccad840dc3baa2e8_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\36752460c788f49c9e92f757555852d8_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2b80a6da0963bacd1c94014b191728ab_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\37464447f33c26c2d7e72a817b9f5602_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\37d939004cc16ac40800ef1550649b94_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\377aca7b8a40562f8ec733f362254f21_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\384b2c48da8bb596930030d51300ff4a_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\381de0d97619dff7ff36269f5038c0b2_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3a7d3d1eea46d9ab35e4f41f4fb9813c_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3b89a59734c88d797daea463804a569b_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3abc1373f5683009d729f85f1f9a4741_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3d5ec99df6fbe8949386dc075ea9dcf9_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3ddf38e7cfcdc28abe18a12246d11bd7_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2fcde2005522bbc385996b09b54a152b_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3ea0fb59996845c60675a8c1d71b1afe_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4064ffb61c3416ab798110d2aa5233fb_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\407cb4e1872250773b9d086646c63509_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\42f1362479f4ea159725d5c433965bd5_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\448ac52b55c5e1bc5852936b2c693f67_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\45704c145db815ca7dbc9499c03febd4_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\463e2765af0ddda366d6f74516be4ced_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3ce7aea06803012aba271bee20fdbd61_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\46af134165054a618357eaca619d9720_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4a63fa633644d1b93028a23a8c22442c_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4951c70a3130357c828fb9f25d88007b_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4a4fc9cf5944fc1678f7f5f210d46998_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4dee07bd266fe9626e1a05ad24799768_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4ddeb9dccd4dba183d3d68488d615ac8_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\51eb8cab2535b93b2721bc77ca5df612_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\50049ec7e37fc2685107c7ff0ed505ac_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5450b6bdbba3eda03070c2346b27c1e7_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\56e7fb18505f6c02b7aeaba4e908138f_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5749c5368780e988dd41f7f426078b3f_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5d5080524c37013d6c2d8e0fda420fdb_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\61f569ba653578116f0efe8cd0fad2e5_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\58bb3073cb256fa186e7794f3c92dbc4_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5b8dadcc7926cdf418f7ae49fb545bfc_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\63a2165f67a56077abee4bf5aa86d33f_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\639578d443e82ddcd61dba8b95614c41_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\667814ee729265cc532de05d87ebc693_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6267e968360d95c58e353f69cb52f4ea_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\66c0bd4c6e37b1a9448fedad1c07b6dc_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\637520283a06afb9256d827862a61b6a_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\69831616c04f38ca6f0c3f01cbafd255_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\69af514cd328da8d1fc375a39bfbfb8f_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6c0efb4780398cb4d107ea2107ce57cc_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b88309b9adaf737802c0870eec03cf7_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\694b44c73b863cb0e70e0fe992835611_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6d2fffe51f273ee64289c7f1e47118c6_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\70bbeb414ff473acd3f0e108329fa8a1_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6effe1d79894a5b58330aeb7f72fa426_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\71ba6186c6d850dfc56362681414339b_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\737b90242d7e862cf7803348bce2a283_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6fb134bdafb9b4343c30d1062516a730_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\73430df74e1753f9382c69959b3352f3_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\72c7212b98298525cc4ca502e674cea2_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\753ea6715965d7eb9ca1672273b1ccf3_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\73b589dd7873725676722a766ada5ee8_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\75e4eb0ec23c4ab2b0950329708a5406_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\78a4f07c484c789933ac71c3a1d7ee91_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\790a143d48091c4600c285215d123069_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7c51e65010b0ca085eb4f60658d8d7f6_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\75bbbceb8240e63978f349719444e422_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7efb811e868b5d6001e8384559dfa6b3_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7f429721b08457fed2534159ea9b0df7_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\75409417e22f7ca57305ad308c408e5a_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\815a83e7a441d6015f5d58432ef669a0_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\79d831b46474d009c2584a492508f0bf_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\82620c6b93527c7b19aa415ce58fdbe5_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\89651c7e23665703511913de4df1e058_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8ad60ef55d074db75725d8bce3fbfd19_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8c84cc5b6c259319a287b0cd02438fee_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\83becd65422f2b2931ed6ac06ad2900b_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8daedf9526c4d067ec43604c7b53d5ea_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8e38f43ac9185c746c13eb0d7feaef7f_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\90002af025e672972302e238f4cb512d_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\96640d1dfe76ec5a6d2dee339ee51a17_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\949f7ba36765dcc40df5961e51484259_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9804ee0a6fff1e47880e62b1d80b8da6_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9c5e40b13f6543130099f6ee293b1458_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\99d1004e3ce760350c98b43dfff63496_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a1263048d63b69c66f42705ae5b244d3_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9782950488dd542bc6450a33e7b15bd1_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\951d1996f5ca63a397af208a64935ccd_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a30e4c5b10318b2feb90d4241a3e0977_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a52e17c4aa6f5225d2526826aadc2c49_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a2f64605c8f4f9798e17b673cd892038_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a7391c9f11de66de4bd97561b1e636b7_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a7c6b6f3f49883f02186f9cecd99e2ce_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a9f358504a4f68a66536ab7a7f23c8de_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a75debf76052488ed7651445512d0c64_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae5979d4b2715ab5ad9960b41b9b8af8_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a558e311985f08106df9655bbc2c8774_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aec7dcbd6ac321e4317b39b44bcd7f94_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b2ab4acf144af832bb9f3bcea24607ff_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\af908b1442d1c408fbed6ce245cec8b3_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b2e3d4881f2b74064596bd09bcda3fe9_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a9194c01af92027e9a2bcba0d40dbb97_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b869f22f9e4a16c1f4787da41a51b0ec_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bac6de7d3609e51a5917da642e1b2940_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b8d6174164b5d9168be70e2b4d1d7a28_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b6a2a8d23de773aa7aad18a84bfcda94_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\be0f740b57e11c625b4c450beb599d77_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c081d046439a5fadccf5777da021ce4c_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\baeb93b80e9fd708f23a5c37983f311b_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c1a377eb2cd601c2f6db74d0167bf69e_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bef834498d15a9f18539bcf5cb187588_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c5ef91f351db2c12fb94e6990582d4d8_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c52a79e1a07ddd4eabfe6ab0b52933ed_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c7b39a9b4b2825c1e383026dd5919092_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cb354c10824b20f54843ae489962fac3_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ce2b52c93f35b0cbc412addbb5c36b46_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ce695602dfaa8fb52f6e8d084218cb69_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cd530d8d0e11df38b788dc794db18978_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d1a116946e1e7ffae84959218525b256_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d6fa12047dcae9a319da5536fe0b0169_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\df0b23e12e28aa41a96210030f9aae8c_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dbf348aa73a76d246af2af15afeb0830_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e2d964f39b06e3b7751658bb4fd83f5c_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e64c0cd63ba28495130839989eb660d7_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e2fc13dcc9292e627270d7dc5b243083_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e9bd41319fd4219226d23a8c756d7f6a_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\efd68761d2ac32d77bf35413ff28a262_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e84b128814f3d319ea3f1d6e06ee8fa5_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f05f0ca8784d5b041053050369ee451a_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ea6d349cc32272e0ef8555343c6f6b6a_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f7714536a38d3c5ae82f5c037af10a5f_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f81b4c9568b362e35146e286b5fe6ee0_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\faca669f34443ca50b4f1d6d5de24684_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f27911f0955b0d32ee385f33429eda7d_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fde59b9783e1273604a3a6c791e6d151_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fdb8ff7476064ef59f4c03ea9ceae141_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\faf8d72b19188ab342cd32f337712084_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f9e2f30e0f27268900ab779cb6739422_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fea16207035f4d88dc242907c4067860_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ff32dbb7763dd91343c6ffff32ff4b29_d0c18e56-ed7f-4366-8d53-6a5dff29f380
C:\System Volume Information\Syscache.hve.LOG1
C:\System Volume Information\Syscache.hve
C:\System Volume Information\MountPointManagerRemoteDatabase
C:\System Volume Information\Syscache.hve.LOG2
C:\System Volume Information\WindowsImageBackup\Catalog\GlobalCatalog
C:\System Volume Information\WindowsImageBackup\Catalog\BackupGlobalCatalog
----------------------------------------------------------------
Die folgenden Dateien sind Passwortgeschützt:
----------------------------------------------------------------
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.version
C:\Program Files (x86)\Zenimax Online\The Elder Scrolls Online EU\depot\depot.version
C:\Program Files (x86)\Zenimax Online\The Elder Scrolls Online EU\game\game_player.version
C:\Program Files (x86)\Zenimax Online\The Elder Scrolls Online EU\vo_de\vo_de.version
----------------------------------------------------------------
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015 Ran by User (administrator) on USER-PC on 11-07-2015 23:04:09 Running from C:\Users\User\Desktop Loaded Profiles: User (Available Profiles: User) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Windows\DAODx.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Program Files\Sades 7.1CH Gaming Headset\CPL\FaceLift_x64.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe () C:\CSL GAMING MOUSE 28696 GAUNTLET\CSLMon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613024 2010-09-27] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-09-27] (Atheros Commnucations) HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Cm6620Sound] => C:\Program Files\Sades 7.1CH Gaming Headset\CPL\FaceLift_x64.exe [2250240 2014-04-11] () HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [CSLgmmouseRun] => C:\CSL GAMING MOUSE 28696 GAUNTLET\CSLmon.exe [3151872 2014-06-05] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation) HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [1855608 2015-02-20] (G DATA Software AG) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Run: [{517CC397-B22F-4593-8DCB-DE72CC541E9A}] => "C:\Users\User\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{517CC397-B22F-4593-8DCB-DE72CC541E9A}" HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Policies\Explorer: [NoDrives] 65536 HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\MountPoints2: {b8054024-cf04-11e4-8edb-d0509955f44c} - F:\pushinst.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-15] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-03-20] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zenimax-Startprogramm.lnk [2015-05-03] ShortcutTarget: Zenimax-Startprogramm.lnk -> C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe (ZeniMax Online Studios) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-09-27] (Atheros Commnucations) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2 Tcpip\..\Interfaces\{12C5CAAE-8B86-4830-8791-C0F8BB7899CF}: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{6C4BD96B-A427-4D85-884C-39D2AB9856B3}: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{BA68CF7B-D366-4CD7-8B2B-FF7373FCD595}: [DhcpNameServer] 192.168.0.1 192.168.0.2 Tcpip\..\Interfaces\{D3BE78AE-491A-4EB0-9B35-2AA566EFA4D5}: [DhcpNameServer] 10.0.0.1 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\175vkymt.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-09] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-09] () FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-20] CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-20] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-20] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-20] CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-20] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-20] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-20] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed] R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2528888 2015-04-16] (G Data Software AG) R2 AVKService; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [965240 2015-02-20] (G Data Software AG) R2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [3672560 2015-04-07] (G Data Software AG) R3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [3193080 2015-02-20] (G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789112 2015-03-04] (G Data Software AG) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-24] (Electronic Arts) S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2014-11-21] (AVM Berlin) R3 CMUAC; C:\Windows\System32\DRIVERS\CMUAC.SYS [390656 2014-01-08] (C-Media Inc.) S3 fwlanusb5_nv2; C:\Windows\System32\DRIVERS\fwlanusb5_nv2.sys [1322824 2014-11-21] (AVM GmbH) R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [150016 2015-06-17] (G Data Software AG) R3 GDKBB; C:\Windows\system32\drivers\GDKBB64.sys [27648 2015-06-17] (G Data Software AG) R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2015-06-17] (G Data Software AG) R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [230400 2015-06-17] (G Data Software AG) R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [75776 2015-06-17] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-06-17] (G Data Software AG) R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2015-07-11] (G Data Software) R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [124928 2015-06-17] (G Data Software AG) R3 L1c; C:\Windows\System32\DRIVERS\l1c51x64.sys [104600 2012-11-19] (Atheros Communications, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-11] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia) S3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation) R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [767648 2014-10-08] (Microsoft Corporation) R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2014-10-08] (Microsoft Corporation) R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2014-10-08] (Microsoft Corporation) R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2014-10-08] (Microsoft Corporation) S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] () S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] () S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] () S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-09-25] (VIA Technologies, Inc.) S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2013-09-25] (VIA Technologies, Inc.) S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [X] S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X] S3 USBMULCD; system32\drivers\CM10664.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-11 23:04 - 2015-07-11 23:04 - 00016632 _____ C:\Users\User\Desktop\FRST.txt 2015-07-11 23:03 - 2015-07-11 23:03 - 00000470 _____ C:\Users\User\Desktop\defogger_disable.log 2015-07-11 23:03 - 2015-07-11 23:03 - 00000000 _____ C:\Users\User\defogger_reenable 2015-07-11 22:54 - 2015-07-11 23:04 - 00000000 ____D C:\FRST 2015-07-11 22:50 - 2015-07-11 22:50 - 02130944 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2015-07-11 22:50 - 2015-07-11 22:50 - 02130944 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2015-07-11 22:50 - 2015-07-11 22:50 - 00380416 _____ C:\Users\User\Downloads\Gmer-19357.exe 2015-07-11 22:50 - 2015-07-11 22:50 - 00380416 _____ C:\Users\User\Desktop\Gmer-19357.exe 2015-07-11 22:50 - 2015-07-11 22:50 - 00050477 _____ C:\Users\User\Downloads\Defogger.exe 2015-07-11 22:50 - 2015-07-11 22:50 - 00050477 _____ C:\Users\User\Desktop\Defogger.exe 2015-07-11 18:35 - 2015-07-11 18:35 - 02248704 _____ C:\Users\User\Downloads\adwcleaner_4.208.exe 2015-07-11 18:35 - 2015-07-11 18:35 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys 2015-07-11 18:35 - 2015-07-11 18:35 - 00018160 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys 2015-07-10 15:37 - 2015-07-10 15:37 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk 2015-07-10 15:37 - 2015-07-10 15:37 - 00000000 __RDC C:\Program Files (x86)\Skype 2015-07-10 15:37 - 2015-07-10 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-07-06 22:39 - 2015-07-06 22:39 - 00000000 ____D C:\Users\User\AppData\Roaming\com.playsaurus.heroclicker 2015-07-01 18:44 - 2015-07-01 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test 2015-07-01 13:57 - 2015-07-01 13:57 - 00000000 ____D C:\Users\User\Tracing 2015-07-01 13:51 - 2015-07-11 22:40 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype 2015-07-01 13:51 - 2015-07-10 15:37 - 00000000 ____D C:\ProgramData\Skype 2015-07-01 13:51 - 2015-07-01 13:51 - 00000000 ____D C:\Users\User\AppData\Local\Skype 2015-06-29 21:04 - 2015-06-30 23:01 - 00000000 ___DC C:\Program Files (x86)\SpeedFan 2015-06-29 21:04 - 2015-06-29 21:04 - 00001019 _____ C:\Users\User\Desktop\SpeedFan.lnk 2015-06-29 21:04 - 2015-06-29 21:04 - 00000045 ____C C:\Windows\SysWOW64\initdebug.nfo 2015-06-26 13:21 - 2015-07-08 08:21 - 00000000 ___DC C:\Program Files (x86)\Diablo III Public Test 2015-06-25 18:56 - 2015-06-25 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft 2015-06-25 18:53 - 2015-07-08 08:19 - 00000000 ___DC C:\Program Files (x86)\World of Warcraft 2015-06-23 21:16 - 2015-06-17 08:03 - 00571024 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2015-06-23 21:13 - 2015-06-17 11:10 - 42729104 _____ C:\Windows\system32\nvcompiler.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 37748880 ____C C:\Windows\SysWOW64\nvcompiler.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 22947144 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 15224784 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 13263056 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 11831856 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-06-23 21:13 - 2015-06-17 11:10 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 02599752 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 01099992 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00982672 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00975176 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00938752 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00408392 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00407296 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00364176 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2015-06-23 21:13 - 2015-06-17 11:10 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00155280 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00128696 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2015-06-17 13:29 - 2015-06-17 13:29 - 00000000 ____D C:\Windows\pss 2015-06-17 12:46 - 2015-06-17 12:46 - 00027648 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBB64.sys 2015-06-17 12:46 - 2015-06-17 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY 2015-06-16 21:16 - 2015-06-17 13:24 - 00075776 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys 2015-06-16 21:16 - 2015-06-17 12:46 - 00001986 _____ C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk 2015-06-16 21:15 - 2015-06-17 12:46 - 00020992 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys 2015-06-16 21:15 - 2015-06-17 12:45 - 00230400 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys 2015-06-16 21:15 - 2015-06-17 12:45 - 00150016 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys 2015-06-16 21:15 - 2015-06-17 12:45 - 00124928 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys 2015-06-16 21:15 - 2015-06-17 12:45 - 00064512 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys 2015-06-16 15:31 - 2015-06-16 15:31 - 00002055 _____ C:\Users\User\Desktop\Sades 7.1CH Gaming Headset.lnk 2015-06-16 15:31 - 2015-06-16 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sades 7.1CH Gaming Headset 2015-06-16 15:31 - 2015-06-16 15:31 - 00000000 ____D C:\ProgramData\FaceLift 2015-06-16 15:30 - 2015-06-16 15:31 - 00179249 _____ C:\Windows\Cm6620.ini.cfl 2015-06-16 15:30 - 2015-06-16 15:30 - 00000000 ___DC C:\Program Files\Sades 7.1CH Gaming Headset 2015-06-16 15:30 - 2013-12-25 09:48 - 00090054 ____N C:\Windows\Install-02.bmp 2015-06-16 15:30 - 2013-12-25 09:48 - 00082478 ____N C:\Windows\Install-01.bmp 2015-06-16 15:19 - 2013-11-12 03:30 - 00831488 ____N C:\Windows\system32\Cmeau6620.exe 2015-06-16 15:15 - 2015-06-16 15:19 - 00000398 _____ C:\Windows\Cm6620.ini.imi 2015-06-16 15:15 - 2014-04-22 13:20 - 00004125 ____N C:\Windows\Cm6620.ini.cfg 2015-06-16 15:15 - 2014-01-08 09:08 - 03019032 _____ (C-Media Electronics Inc.) C:\Windows\system32\CMEffectAPO.dll 2015-06-16 15:15 - 2014-01-08 09:08 - 00390656 _____ (C-Media Inc.) C:\Windows\system32\Drivers\CMUAC.SYS 2015-06-16 15:15 - 2014-01-08 09:08 - 00208896 _____ (C-Media Electronics Inc.) C:\Windows\system32\CMCplExt.dll 2015-06-16 15:10 - 2015-06-16 15:12 - 00010398 _____ C:\Users\User\Documents\Uninstall STAR WARS The Old Republic.log 2015-06-15 12:44 - 2015-05-19 05:29 - 00046768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2015-06-15 12:44 - 2015-05-19 05:14 - 00057520 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2015-06-12 18:10 - 2015-06-12 18:11 - 00000000 ____D C:\Users\User\AppData\Roaming\Curse Advertising 2015-06-12 18:10 - 2015-06-12 18:10 - 00003284 _____ C:\Windows\System32\Tasks\{B17324DF-C246-4C69-AEDC-BFFFE0409E33} 2015-06-12 18:10 - 2015-06-12 18:10 - 00003284 _____ C:\Windows\System32\Tasks\{70315971-B320-49D5-9C2E-376862CACEE0} 2015-06-12 00:28 - 2015-06-12 00:28 - 00000000 ____D C:\Users\User\AppData\Local\GWX ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-11 23:03 - 2009-07-14 06:45 - 00037200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-11 23:03 - 2009-07-14 06:45 - 00037200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-11 23:00 - 2011-05-25 04:18 - 01165327 _____ C:\Windows\WindowsUpdate.log 2015-07-11 22:57 - 2015-03-20 17:04 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-11 22:57 - 2011-06-26 22:08 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini 2015-07-11 22:57 - 2009-07-14 06:51 - 00102922 _____ C:\Windows\setupact.log 2015-07-11 22:56 - 2013-11-28 03:14 - 00000000 ____D C:\ProgramData\NVIDIA 2015-07-11 22:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-11 22:55 - 2013-07-15 12:52 - 00088886 _____ C:\Windows\PFRO.log 2015-07-11 22:52 - 2015-05-18 20:34 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-11 22:30 - 2015-03-21 01:15 - 00000000 ___DC C:\Program Files (x86)\Steam 2015-07-11 22:16 - 2015-03-20 17:05 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-11 21:46 - 2015-03-21 17:55 - 00000000 ____D C:\Users\User\AppData\Local\Battle.net 2015-07-11 21:43 - 2015-03-20 19:00 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-11 21:03 - 2015-05-30 19:29 - 00000000 ____D C:\AdwCleaner 2015-07-09 17:52 - 2015-05-18 20:34 - 00778416 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-09 17:52 - 2015-05-18 20:34 - 00142512 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-09 17:52 - 2015-05-18 20:34 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-08 17:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-07-08 16:36 - 2009-07-14 19:58 - 01833426 _____ C:\Windows\system32\perfh007.dat 2015-07-08 16:36 - 2009-07-14 19:58 - 00501436 _____ C:\Windows\system32\perfc007.dat 2015-07-08 16:36 - 2009-07-14 07:13 - 00006532 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-08 10:40 - 2015-03-25 21:59 - 00000000 ____D C:\Users\User\Documents\My Games 2015-07-08 01:12 - 2015-03-20 16:36 - 00001624 _____ C:\Users\User\Desktop\Passwörter.txt 2015-07-07 18:21 - 2015-03-20 17:06 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-01 20:09 - 2015-03-21 17:56 - 00000000 ___DC C:\Program Files (x86)\Heroes of the Storm 2015-07-01 19:33 - 2015-03-28 17:29 - 00000000 ____D C:\Users\User\Documents\Diablo III 2015-06-29 22:25 - 2015-03-23 17:39 - 00000000 ____D C:\Windows\system32\appmgmt 2015-06-29 22:24 - 2015-05-26 17:43 - 00000000 ____D C:\Users\User\AppData\Local\Deployment 2015-06-29 22:22 - 2015-04-15 16:56 - 00000000 ___DC C:\Program Files\CPUID 2015-06-29 22:22 - 2015-04-15 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2015-06-29 20:44 - 2015-03-21 17:55 - 00000000 ___DC C:\Program Files (x86)\Battle.net 2015-06-29 20:39 - 2012-04-22 04:15 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore 2015-06-26 15:46 - 2015-03-20 19:00 - 00001114 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-06-26 15:46 - 2015-03-20 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-26 15:46 - 2015-03-20 18:59 - 00000000 ___DC C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-06-26 05:43 - 2015-03-20 23:30 - 00001389 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2015-06-26 05:43 - 2013-11-28 03:11 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2015-06-24 20:39 - 2015-03-21 01:14 - 00000000 ___DC C:\Program Files (x86)\Origin 2015-06-24 20:39 - 2015-03-21 01:14 - 00000000 ____D C:\ProgramData\Origin 2015-06-24 20:32 - 2015-04-23 12:49 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-06-24 13:36 - 2015-03-20 23:30 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2015-06-24 13:36 - 2015-03-20 23:30 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2015-06-24 13:36 - 2015-03-20 23:30 - 01320120 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2015-06-24 13:36 - 2015-03-20 23:30 - 01316000 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2015-06-23 21:16 - 2015-03-20 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-06-23 21:13 - 2015-05-27 20:29 - 00000000 ____D C:\ProgramData\boost_interprocess 2015-06-23 13:30 - 2014-03-24 21:13 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-06-18 20:51 - 2015-03-21 16:01 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps 2015-06-18 08:41 - 2015-03-20 18:59 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-18 08:41 - 2015-03-20 18:59 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-18 08:41 - 2015-03-20 18:59 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-17 13:43 - 2013-11-20 14:53 - 00000000 ____D C:\Users\User\Desktop\Virenscanner (bitte installieren!) 2015-06-17 12:45 - 2015-03-20 16:44 - 00014202 _____ C:\Windows\DPINST.LOG 2015-06-17 11:10 - 2015-04-15 14:29 - 00030966 _____ C:\Windows\system32\nvinfo.pb 2015-06-17 11:10 - 2015-03-20 23:39 - 02997544 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2015-06-17 11:10 - 2015-03-20 23:39 - 01567576 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2015-06-17 11:10 - 2015-03-02 14:24 - 17724600 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2015-06-17 11:10 - 2015-03-02 14:24 - 12855416 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2015-06-17 11:10 - 2015-03-02 14:24 - 03395648 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2015-06-17 08:48 - 2013-11-28 03:11 - 06873232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-06-17 08:48 - 2013-11-28 03:11 - 03492168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2015-06-17 08:48 - 2013-11-28 03:11 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-06-17 08:48 - 2013-11-28 03:11 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-06-17 08:48 - 2013-11-28 03:11 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-06-17 08:48 - 2013-11-28 03:11 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-06-17 00:39 - 2015-03-20 15:09 - 00000000 ____D C:\ProgramData\G Data 2015-06-16 21:15 - 2015-03-20 16:45 - 00001558 _____ C:\Users\User\AppData\Roaming\gdscan.log 2015-06-16 21:14 - 2015-03-20 16:43 - 00000000 ___DC C:\Program Files (x86)\G DATA 2015-06-16 21:07 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\SysWOW64\Setup 2015-06-16 21:07 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\SysWOW64\oobe 2015-06-16 21:07 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\SysWOW64\MUI 2015-06-16 21:07 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\SysWOW64\com 2015-06-16 15:31 - 2011-05-25 04:25 - 00000000 __HDC C:\Program Files (x86)\InstallShield Installation Information 2015-06-16 15:30 - 2015-03-20 19:17 - 00000267 _____ C:\Windows\system\Dlap.pfx 2015-06-16 15:15 - 2015-03-20 19:17 - 00000000 ____D C:\Windows\system 2015-06-16 15:15 - 2014-04-22 13:20 - 00000347 _____ C:\Windows\system\Cm6620.ini 2015-06-16 15:10 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-06-15 18:46 - 2015-04-15 14:28 - 00000000 __SHD C:\Users\User\AppData\Local\EmieUserList 2015-06-15 18:46 - 2015-04-15 14:28 - 00000000 __SHD C:\Users\User\AppData\Local\EmieSiteList 2015-06-15 18:46 - 2015-04-15 14:28 - 00000000 __SHD C:\Users\User\AppData\Local\EmieBrowserModeList 2015-06-13 13:40 - 2009-07-14 05:20 - 00000000 __RSD C:\Windows\Media 2015-06-12 18:11 - 2015-05-03 23:38 - 00000000 ____D C:\Users\User\Documents\Elder Scrolls Online 2015-06-12 16:47 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2015-06-12 14:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\L2Schemas ==================== Files in the root of some directories ======= 2015-03-20 16:46 - 2015-03-20 16:46 - 0000000 _____ () C:\Users\User\AppData\Roaming\gdfw.log 2015-03-20 16:45 - 2015-06-16 21:15 - 0001558 _____ () C:\Users\User\AppData\Roaming\gdscan.log 2015-04-03 14:16 - 2015-04-03 14:16 - 0007597 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== C:\Users\User\AppData\Local\Temp\BRSVC_567219_hlp.exe C:\Users\User\AppData\Local\Temp\nvStInst.exe C:\Users\User\AppData\Local\Temp\sfamcc00001.dll C:\Users\User\AppData\Local\Temp\sfextra.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-08 17:00 ==================== End of log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-07-2015
Ran by User at 2015-07-11 23:05:11
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3928150652-2756980015-3035233101-500 - Administrator - Disabled)
Gast (S-1-5-21-3928150652-2756980015-3035233101-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3928150652-2756980015-3035233101-1002 - Limited - Enabled)
User (S-1-5-21-3928150652-2756980015-3035233101-1000 - Administrator - Enabled) => C:\Users\User
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G*DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.34 - Atheros Communications)
Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version: - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CSL GAMING MOUSE 28696 GAUNTLET version 1.1 (HKLM-x32\...\{8535AC82-EF2B-4F52-AE12-582BC5116AD0}_is1) (Version: 1.1 - CSL)
Defiance (HKLM-x32\...\Steam App 224600) (Version: - Trion Worlds, Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version: - Blizzard Entertainment)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version: - Splash Damage®)
Elite Dangerous Launcher version 0.4.2649.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.2649.0 - Frontier Developments)
Free YouTube to MP3 Converter version 3.12.59.415 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.415 - DVDVideoSoft Ltd.)
G DATA INTERNET SECURITY (HKLM-x32\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.4 - G DATA Software AG)
Games of Glory (HKLM-x32\...\Steam App 342150) (Version: - Lightbulb Crew)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2219 - Intel Corporation)
ITE Infrared Transceiver (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version: - Tripwire Interactive)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.6129.5001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MURDERED: SOUL SUSPECT™ (HKLM-x32\...\Steam App 233290) (Version: - Airtight Games)
MyDriveConnect 4.0.2.2123 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.2.2123 - TomTom)
Nether (HKLM-x32\...\Steam App 247730) (Version: - Phosphor Games)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Grafiktreiber 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Platform (x32 Version: 1.40 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Sades 7.1CH Gaming Headset (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006620}) (Version: 1.00.0010 - SHENZHEN SADES DIGITAL TECHNOLOGY CO.,LTD)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.10.1 - Electronic Arts)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
WildStar (HKLM-x32\...\WildStar) (Version: - NCSOFT)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3928150652-2756980015-3035233101-1000_Classes\CLSID\{3b3b3eb7-9bb7-4043-9ece-e5fb09300f47}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
==================== Restore Points =========================
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {048DC8E2-22CB-45F9-82B7-5561E0D8BCB2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-20] (Google Inc.)
Task: {21B1F005-8405-484C-A734-BAFA294ED322} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {2379BF55-7CB9-451D-B5A2-376F79EC35A2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09] (Adobe Systems Incorporated)
Task: {62278054-8DC9-4992-953C-E7E334CFF429} - System32\Tasks\{70315971-B320-49D5-9C2E-376862CACEE0} => pcalua.exe -a C:\Users\User\AppData\Local\Temp\VSDAFDF.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe -d C:\Users\User\Downloads -c /lang:enu /passive /norestart
Task: {9D759583-D093-4D62-8787-AA5A33B65F8F} - \ASUS\i-Setup042718 No Task File <==== ATTENTION
Task: {A1093219-40EC-4E2B-A470-ECF151F7B17C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-20] (Google Inc.)
Task: {AF25E5C2-B34B-4C44-9D0F-6DDD1FBE8FF9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {C8770007-1ED8-4174-8D4C-06963E97BD41} - System32\Tasks\{B17324DF-C246-4C69-AEDC-BFFFE0409E33} => pcalua.exe -a C:\Users\User\AppData\Local\Temp\VSD2617.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe -d C:\Users\User\Downloads -c /lang:enu /passive /norestart
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2009-03-30 08:32 - 2009-03-30 08:32 - 00032768 ____R () C:\Windows\DAODx.exe
2015-06-16 15:30 - 2014-04-11 06:31 - 02250240 ____C () C:\Program Files\Sades 7.1CH Gaming Headset\CPL\FaceLift_x64.exe
2015-03-20 16:29 - 2014-06-05 18:26 - 03151872 _____ () C:\CSL GAMING MOUSE 28696 GAUNTLET\CSLMon.exe
2015-02-20 05:42 - 2015-02-20 05:42 - 00382072 ____C () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2015-03-31 17:54 - 2015-06-24 13:37 - 00011920 ____C () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-03-20 16:29 - 2014-05-19 20:10 - 00028160 _____ () C:\CSL GAMING MOUSE 28696 GAUNTLET\uiHook.dll
2015-07-07 18:21 - 2015-07-07 05:49 - 01281864 ____C () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-07 18:21 - 2015-07-07 05:49 - 00080712 ____C () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
2015-07-07 18:21 - 2015-07-07 05:49 - 16285512 ____C () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 192.168.0.2
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupreg: MyDriveConnect.exe => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B846F37F-523C-458B-A9B8-D9CDE53152EF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CDA3286E-7ED7-4470-953B-D4A58CBFF090}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3879A32C-1423-4CAC-AF33-4134169A73B7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{BD1C8FB0-042F-48E5-AF7C-7E1DE9DF8F6F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{183C04B3-DF62-4397-87F5-A937D55E5E8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{62669C57-C9CB-4CFB-93FE-C10C614C3053}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{18537557-9679-4C5D-B1C3-65AA88448AB6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8E197812-38D6-492B-A4E2-5382E50EC1BB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7C86D759-7316-4D85-BE6C-F7774507C78D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FC6E5D4F-6FBC-4777-AF10-A2EE963A8486}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D3B98166-F12C-42B1-A5C9-CC52D3ACDACE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Murdered Soul Suspect\Binaries\Win64\Murdered.exe
FirewallRules: [{CAA3DB06-3A01-4B26-BBF7-296BE3142CD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Murdered Soul Suspect\Binaries\Win64\Murdered.exe
FirewallRules: [{A508DC88-CF8A-4828-B86B-ED8FD76B6CE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3EB66D8C-5C7D-4613-B5B5-480D58A0EB71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A01EF4B5-8600-41D7-9E8E-3A396505902A}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{2F213D3F-84C1-480C-B5B4-655AF3DD50BD}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{2E07D955-CF8E-48A4-BBD6-9F520E641A31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nether\Launcher\Launcher.exe
FirewallRules: [{F2E70280-84DC-4891-9D39-AB7611466F3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nether\Launcher\Launcher.exe
FirewallRules: [{1252028D-990C-428B-8AF4-EBC0CEF8C658}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defiance\Patcher.exe
FirewallRules: [{65E60714-2BD7-40AE-9201-420831C9FB96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defiance\Patcher.exe
FirewallRules: [{6287418B-1DA1-49B8-A342-E23D2D235A04}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{D19F0980-9E79-4597-B51F-A6332C52AD16}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{461EAE58-7335-41D6-B084-17B4CF5679CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{7D461333-53AC-4287-8F8D-C02801981302}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{CD082440-CE45-4994-9FC9-31BAE9CE5F28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\strife\bin\strife.exe
FirewallRules: [{2DB13F91-4747-4C84-A820-42BBAE37F614}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\strife\bin\strife.exe
FirewallRules: [{E1A55684-761D-4B55-BAE9-EDE39C83C196}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{ECCDA553-DF2C-4C0C-93AF-B054166AFBCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{7CB28B7A-34F1-4C15-BBAF-92A1D6961331}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{CF4FFF9E-7D8C-491B-855A-6701A5EE9FCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{C56D392F-E862-4AEA-91DB-507DD254F8B0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F36DAA19-EE23-4B38-A06D-1CB2BEA87854}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{9B91CF23-A2C8-4915-AE49-CF11109671BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{B0081B41-2112-4021-A78E-35DC8A972A87}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A6BFE975-009F-4DD0-954E-722BB5379937}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Games of Glory\GoGClient.exe
FirewallRules: [{3DBB6CD2-D2C9-4345-9F57-2528B8A8DF13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Games of Glory\GoGClient.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/11/2015 11:01:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0x40000015
Fehleroffset: 0x00093534
ID des fehlerhaften Prozesses: 0xd28
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (07/11/2015 10:40:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0x40000015
Fehleroffset: 0x00093534
ID des fehlerhaften Prozesses: 0xcc8
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (07/11/2015 09:42:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0x40000015
Fehleroffset: 0x00093534
ID des fehlerhaften Prozesses: 0xf28
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (07/11/2015 12:32:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0x40000015
Fehleroffset: 0x00093534
ID des fehlerhaften Prozesses: 0xd30
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (07/10/2015 10:10:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004c19c
ID des fehlerhaften Prozesses: 0x954
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (07/10/2015 05:31:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0x40000015
Fehleroffset: 0x00093534
ID des fehlerhaften Prozesses: 0xed0
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (07/09/2015 11:56:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0x40000015
Fehleroffset: 0x00093534
ID des fehlerhaften Prozesses: 0xc54
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (07/08/2015 04:36:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (07/08/2015 04:36:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (07/08/2015 04:36:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
System errors:
=============
Error: (07/11/2015 11:01:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/11/2015 10:58:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UimBus
Uim_DEVIM
Uim_IM
Error: (07/11/2015 10:40:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/11/2015 10:37:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UimBus
Uim_DEVIM
Uim_IM
Error: (07/11/2015 10:36:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/11/2015 10:36:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.
Error: (07/11/2015 08:48:40 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (07/11/2015 08:24:25 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (07/11/2015 09:42:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/11/2015 09:38:58 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UimBus
Uim_DEVIM
Uim_IM
Microsoft Office:
=========================
Error: (07/11/2015 11:01:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a824000001500093534d2801d0bc1c3a70f69aC:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exe0e197868-2810-11e5-bbb3-d0509955f44c
Error: (07/11/2015 10:40:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a824000001500093534cc801d0bc194d9f3149C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exe209cf1a7-280d-11e5-9f82-d0509955f44c
Error: (07/11/2015 09:42:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a824000001500093534f2801d0bbac94b87555C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exe6d12f80d-27a0-11e5-bfc2-d0509955f44c
Error: (07/11/2015 12:32:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a824000001500093534d3001d0bb5facfcd507C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exe882c2d3c-2753-11e5-84e1-d0509955f44c
Error: (07/10/2015 10:10:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82c00000050004c19c95401d0bae73a8c1bebC:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exe0efa619f-26db-11e5-9eec-d0509955f44c
Error: (07/10/2015 05:31:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a824000001500093534ed001d0bac04e73470cC:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exe2dc22206-26b4-11e5-9746-d0509955f44c
Error: (07/09/2015 11:56:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a824000001500093534c5401d0ba2cf07f6ab1C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exec2473e95-2620-11e5-9059-d0509955f44c
Error: (07/08/2015 04:36:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (07/08/2015 04:36:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (07/08/2015 04:36:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
CodeIntegrity Errors:
===================================
Date: 2014-03-23 15:30:23.649
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Sftfslh.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-23 15:30:23.555
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Sftfslh.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 37%
Total physical RAM: 8175.24 MB
Available physical RAM: 5095.27 MB
Total Virtual: 16348.68 MB
Available Virtual: 12427.27 MB
==================== Drives ================================
Drive c: (Windows7) (Fixed) (Total:931.41 GB) (Free:617.2 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0DA7C2E8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== End of log ============================
|
|
12.07.2015, 05:04
| #2 |
| /// the machine /// TB-Ausbilder    | Verdacht auf einen Virus Hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
12.07.2015, 19:06
| #3 |
| | Verdacht auf einen VirusCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.07.12.03
rootkit: v2015.07.10.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
User :: USER-PC [administrator]
12.07.2015 19:40:15
mbar-log-2015-07-12 (19-40-15).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 340587
Time elapsed: 18 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
13.07.2015, 09:01
| #4 |
| /// the machine /// TB-Ausbilder | Verdacht auf einen Virus Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.07.2015, 12:19
| #5 |
| | Verdacht auf einen VirusCode:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 13/07/2015 um 13:03:55
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-11.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : User - USER-PC
# Gestarted von : C:\Users\User\Downloads\adwcleaner_4.208.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v
-\\ Google Chrome v43.0.2357.132
*************************
AdwCleaner[R0].txt - [988 Bytes] - [30/05/2015 19:29:35]
AdwCleaner[R10].txt - [1582 Bytes] - [28/06/2015 12:15:06]
AdwCleaner[R11].txt - [1642 Bytes] - [28/06/2015 12:18:59]
AdwCleaner[R12].txt - [1847 Bytes] - [02/07/2015 10:06:41]
AdwCleaner[R13].txt - [1880 Bytes] - [11/07/2015 18:35:20]
AdwCleaner[R14].txt - [1940 Bytes] - [11/07/2015 21:00:52]
AdwCleaner[R15].txt - [2001 Bytes] - [12/07/2015 22:40:37]
AdwCleaner[R16].txt - [2061 Bytes] - [13/07/2015 13:02:58]
AdwCleaner[R1].txt - [1046 Bytes] - [30/05/2015 22:15:21]
AdwCleaner[R2].txt - [993 Bytes] - [30/05/2015 22:21:39]
AdwCleaner[R3].txt - [1138 Bytes] - [31/05/2015 00:33:31]
AdwCleaner[R4].txt - [1355 Bytes] - [12/06/2015 11:47:59]
AdwCleaner[R5].txt - [1410 Bytes] - [12/06/2015 12:01:00]
AdwCleaner[R6].txt - [1469 Bytes] - [12/06/2015 12:24:31]
AdwCleaner[R7].txt - [1528 Bytes] - [12/06/2015 14:12:22]
AdwCleaner[R8].txt - [1587 Bytes] - [12/06/2015 14:45:05]
AdwCleaner[R9].txt - [1522 Bytes] - [16/06/2015 18:22:35]
AdwCleaner[S0].txt - [1059 Bytes] - [30/05/2015 22:17:24]
AdwCleaner[S1].txt - [1152 Bytes] - [31/05/2015 01:46:49]
AdwCleaner[S2].txt - [1646 Bytes] - [12/06/2015 14:46:45]
AdwCleaner[S3].txt - [1701 Bytes] - [28/06/2015 12:19:59]
AdwCleaner[S4].txt - [1860 Bytes] - [02/07/2015 10:33:17]
AdwCleaner[S5].txt - [1980 Bytes] - [13/07/2015 13:03:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [2039 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.6 (07.12.2015:2)
OS: Windows 7 Professional x64
Ran by User on 13.07.2015 at 13:12:53,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3928150652-2756980015-3035233101-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Users\User\appdata\local\google\chrome\user data\default\local storage\hxxp_www.metrolyrics.com_0.localstorage
Successfully deleted: [File] C:\Users\User\appdata\local\google\chrome\user data\default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
~~~ Folders
~~~ Chrome
[C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.07.2015 at 13:16:07,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by User (administrator) on USER-PC on 13-07-2015 13:17:57
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe
(G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613024 2010-09-27] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-09-27] (Atheros Commnucations)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Cm6620Sound] => C:\Program Files\Sades 7.1CH Gaming Headset\CPL\FaceLift_x64.exe [2250240 2014-04-11] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [CSLgmmouseRun] => C:\CSL GAMING MOUSE 28696 GAUNTLET\CSLmon.exe [3151872 2014-06-05] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [1855608 2015-02-20] (G DATA Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Run: [{517CC397-B22F-4593-8DCB-DE72CC541E9A}] => "C:\Users\User\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{517CC397-B22F-4593-8DCB-DE72CC541E9A}"
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Policies\Explorer: [NoDrives] 65536
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\MountPoints2: {b8054024-cf04-11e4-8edb-d0509955f44c} - F:\pushinst.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-15] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-03-20]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zenimax-Startprogramm.lnk [2015-05-03]
ShortcutTarget: Zenimax-Startprogramm.lnk -> C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-09-27] (Atheros Commnucations)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{12C5CAAE-8B86-4830-8791-C0F8BB7899CF}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{6C4BD96B-A427-4D85-884C-39D2AB9856B3}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{BA68CF7B-D366-4CD7-8B2B-FF7373FCD595}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{D3BE78AE-491A-4EB0-9B35-2AA566EFA4D5}: [DhcpNameServer] 10.0.0.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\175vkymt.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-09] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-20]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-20]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-20]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-20]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-20]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-20]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-20]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-20]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed]
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2528888 2015-04-16] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [965240 2015-02-20] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [3672560 2015-04-07] (G Data Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [3193080 2015-02-20] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789112 2015-03-04] (G Data Software AG)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-24] (Electronic Arts)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2014-11-21] (AVM Berlin)
R3 CMUAC; C:\Windows\System32\DRIVERS\CMUAC.SYS [390656 2014-01-08] (C-Media Inc.)
S3 fwlanusb5_nv2; C:\Windows\System32\DRIVERS\fwlanusb5_nv2.sys [1322824 2014-11-21] (AVM GmbH)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [150016 2015-06-17] (G Data Software AG)
R3 GDKBB; C:\Windows\system32\drivers\GDKBB64.sys [27648 2015-06-17] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2015-06-17] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [230400 2015-06-17] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [75776 2015-06-17] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-06-17] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2015-07-11] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [124928 2015-06-17] (G Data Software AG)
R3 L1c; C:\Windows\System32\DRIVERS\l1c51x64.sys [104600 2012-11-19] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-13] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
S3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [767648 2014-10-08] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2014-10-08] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2014-10-08] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2014-10-08] (Microsoft Corporation)
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] ()
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-09-25] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2013-09-25] (VIA Technologies, Inc.)
S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 USBMULCD; system32\drivers\CM10664.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-13 13:17 - 2015-07-13 13:18 - 00014879 _____ C:\Users\User\Downloads\FRST.txt
2015-07-13 13:17 - 2015-07-13 13:17 - 02133504 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-07-13 13:16 - 2015-07-13 13:16 - 00002084 _____ C:\Users\User\Desktop\JRT.txt
2015-07-13 13:11 - 2015-07-13 13:11 - 00000207 _____ C:\Windows\tweaking.com-regbackup-user-pc-windows-7-professional-(64-bit).dat
2015-07-13 13:11 - 2015-07-13 13:11 - 00000000 ____D C:\RegBackup
2015-07-12 19:40 - 2015-07-12 20:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-11 23:03 - 2015-07-11 23:03 - 00000000 _____ C:\Users\User\defogger_reenable
2015-07-11 22:54 - 2015-07-13 13:17 - 00000000 ____D C:\FRST
2015-07-11 18:35 - 2015-07-11 18:35 - 02248704 _____ C:\Users\User\Downloads\adwcleaner_4.208.exe
2015-07-11 18:35 - 2015-07-11 18:35 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2015-07-11 18:35 - 2015-07-11 18:35 - 00018160 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2015-07-10 15:37 - 2015-07-10 15:37 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2015-07-10 15:37 - 2015-07-10 15:37 - 00000000 __RDC C:\Program Files (x86)\Skype
2015-07-10 15:37 - 2015-07-10 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-06 22:39 - 2015-07-06 22:39 - 00000000 ____D C:\Users\User\AppData\Roaming\com.playsaurus.heroclicker
2015-07-01 18:44 - 2015-07-01 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
2015-07-01 13:57 - 2015-07-01 13:57 - 00000000 ____D C:\Users\User\Tracing
2015-07-01 13:51 - 2015-07-11 22:40 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2015-07-01 13:51 - 2015-07-10 15:37 - 00000000 ____D C:\ProgramData\Skype
2015-07-01 13:51 - 2015-07-01 13:51 - 00000000 ____D C:\Users\User\AppData\Local\Skype
2015-06-29 21:04 - 2015-07-12 23:01 - 00000000 ___DC C:\Program Files (x86)\SpeedFan
2015-06-29 21:04 - 2015-06-29 21:04 - 00000045 ____C C:\Windows\SysWOW64\initdebug.nfo
2015-06-26 13:21 - 2015-07-08 08:21 - 00000000 ___DC C:\Program Files (x86)\Diablo III Public Test
2015-06-25 18:56 - 2015-06-25 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2015-06-25 18:53 - 2015-07-08 08:19 - 00000000 ___DC C:\Program Files (x86)\World of Warcraft
2015-06-23 21:16 - 2015-06-17 08:03 - 00571024 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-06-23 21:13 - 2015-06-17 11:10 - 42729104 _____ C:\Windows\system32\nvcompiler.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 37748880 ____C C:\Windows\SysWOW64\nvcompiler.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 22947144 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 15224784 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 13263056 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 11831856 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-23 21:13 - 2015-06-17 11:10 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 02599752 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 01099992 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 00982672 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 00975176 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 00938752 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 00408392 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 00407296 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 00364176 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-06-23 21:13 - 2015-06-17 11:10 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 00155280 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 00128696 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-06-23 21:13 - 2015-06-17 11:10 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-06-17 13:29 - 2015-06-17 13:29 - 00000000 ____D C:\Windows\pss
2015-06-17 12:46 - 2015-06-17 12:46 - 00027648 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBB64.sys
2015-06-17 12:46 - 2015-06-17 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY
2015-06-16 21:16 - 2015-06-17 13:24 - 00075776 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2015-06-16 21:16 - 2015-06-17 12:46 - 00001986 _____ C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2015-06-16 21:15 - 2015-06-17 12:46 - 00020992 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys
2015-06-16 21:15 - 2015-06-17 12:45 - 00230400 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2015-06-16 21:15 - 2015-06-17 12:45 - 00150016 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2015-06-16 21:15 - 2015-06-17 12:45 - 00124928 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2015-06-16 21:15 - 2015-06-17 12:45 - 00064512 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2015-06-16 15:31 - 2015-06-16 15:31 - 00002055 _____ C:\Users\User\Desktop\Sades 7.1CH Gaming Headset.lnk
2015-06-16 15:31 - 2015-06-16 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sades 7.1CH Gaming Headset
2015-06-16 15:31 - 2015-06-16 15:31 - 00000000 ____D C:\ProgramData\FaceLift
2015-06-16 15:30 - 2015-06-16 15:31 - 00179249 _____ C:\Windows\Cm6620.ini.cfl
2015-06-16 15:30 - 2015-06-16 15:30 - 00000000 ___DC C:\Program Files\Sades 7.1CH Gaming Headset
2015-06-16 15:30 - 2013-12-25 09:48 - 00090054 ____N C:\Windows\Install-02.bmp
2015-06-16 15:30 - 2013-12-25 09:48 - 00082478 ____N C:\Windows\Install-01.bmp
2015-06-16 15:19 - 2013-11-12 03:30 - 00831488 ____N C:\Windows\system32\Cmeau6620.exe
2015-06-16 15:15 - 2015-06-16 15:19 - 00000398 _____ C:\Windows\Cm6620.ini.imi
2015-06-16 15:15 - 2014-04-22 13:20 - 00004125 ____N C:\Windows\Cm6620.ini.cfg
2015-06-16 15:15 - 2014-01-08 09:08 - 03019032 _____ (C-Media Electronics Inc.) C:\Windows\system32\CMEffectAPO.dll
2015-06-16 15:15 - 2014-01-08 09:08 - 00390656 _____ (C-Media Inc.) C:\Windows\system32\Drivers\CMUAC.SYS
2015-06-16 15:15 - 2014-01-08 09:08 - 00208896 _____ (C-Media Electronics Inc.) C:\Windows\system32\CMCplExt.dll
2015-06-16 15:10 - 2015-06-16 15:12 - 00010398 _____ C:\Users\User\Documents\Uninstall STAR WARS The Old Republic.log
2015-06-15 12:44 - 2015-05-19 05:29 - 00046768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-06-15 12:44 - 2015-05-19 05:14 - 00057520 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-13 13:17 - 2015-03-20 17:05 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 13:12 - 2009-07-14 06:45 - 00037200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 13:12 - 2009-07-14 06:45 - 00037200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 13:10 - 2011-05-25 04:18 - 01330122 _____ C:\Windows\WindowsUpdate.log
2015-07-13 13:06 - 2015-03-20 17:04 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 13:06 - 2011-06-26 22:08 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-07-13 13:06 - 2009-07-14 06:51 - 00103930 _____ C:\Windows\setupact.log
2015-07-13 13:05 - 2013-11-28 03:14 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-13 13:05 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-13 13:03 - 2015-05-30 19:29 - 00000000 ____D C:\AdwCleaner
2015-07-13 13:00 - 2015-03-21 01:15 - 00000000 ___DC C:\Program Files (x86)\Steam
2015-07-13 12:52 - 2015-05-18 20:34 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-13 03:04 - 2015-03-20 19:00 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-13 00:06 - 2015-03-21 17:55 - 00000000 ____D C:\Users\User\AppData\Local\Battle.net
2015-07-12 23:44 - 2013-07-15 12:52 - 00089456 _____ C:\Windows\PFRO.log
2015-07-12 23:34 - 2015-03-21 17:56 - 00000000 ___DC C:\Program Files (x86)\Heroes of the Storm
2015-07-12 23:22 - 2015-03-21 01:16 - 00000000 ___DC C:\Program Files (x86)\Origin Games
2015-07-12 23:21 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-12 23:20 - 2015-05-03 14:23 - 00000000 ___DC C:\Program Files (x86)\Zenimax Online
2015-07-12 23:20 - 2015-03-28 17:23 - 00000000 __SDC C:\Windows\SysWOW64\GWX
2015-07-12 23:20 - 2015-03-28 17:23 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-12 23:15 - 2015-05-21 23:11 - 00000000 ____D C:\Users\User\AppData\Local\TomTom
2015-07-12 23:15 - 2015-05-21 23:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-07-12 23:08 - 2015-04-15 16:56 - 00000000 ___DC C:\Program Files\CPUID
2015-07-12 23:08 - 2015-04-15 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-07-12 19:38 - 2015-03-20 18:59 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-11 23:10 - 2015-03-20 16:36 - 00001599 _____ C:\Users\User\Desktop\Passwörter.txt
2015-07-09 17:52 - 2015-05-18 20:34 - 00778416 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-09 17:52 - 2015-05-18 20:34 - 00142512 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-09 17:52 - 2015-05-18 20:34 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-08 17:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-08 16:36 - 2009-07-14 19:58 - 01833426 _____ C:\Windows\system32\perfh007.dat
2015-07-08 16:36 - 2009-07-14 19:58 - 00501436 _____ C:\Windows\system32\perfc007.dat
2015-07-08 16:36 - 2009-07-14 07:13 - 00006532 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-08 10:40 - 2015-03-25 21:59 - 00000000 ____D C:\Users\User\Documents\My Games
2015-07-07 18:21 - 2015-03-20 17:06 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-01 19:33 - 2015-03-28 17:29 - 00000000 ____D C:\Users\User\Documents\Diablo III
2015-06-29 22:25 - 2015-03-23 17:39 - 00000000 ____D C:\Windows\system32\appmgmt
2015-06-29 22:24 - 2015-05-26 17:43 - 00000000 ____D C:\Users\User\AppData\Local\Deployment
2015-06-29 20:44 - 2015-03-21 17:55 - 00000000 ___DC C:\Program Files (x86)\Battle.net
2015-06-29 20:39 - 2012-04-22 04:15 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore
2015-06-26 15:46 - 2015-03-20 19:00 - 00001114 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-26 15:46 - 2015-03-20 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-26 15:46 - 2015-03-20 18:59 - 00000000 ___DC C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-06-26 05:43 - 2015-03-20 23:30 - 00001389 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-06-26 05:43 - 2013-11-28 03:11 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-24 20:39 - 2015-03-21 01:14 - 00000000 ___DC C:\Program Files (x86)\Origin
2015-06-24 20:39 - 2015-03-21 01:14 - 00000000 ____D C:\ProgramData\Origin
2015-06-24 20:32 - 2015-04-23 12:49 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-24 13:36 - 2015-03-20 23:30 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-06-24 13:36 - 2015-03-20 23:30 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-06-24 13:36 - 2015-03-20 23:30 - 01320120 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-06-24 13:36 - 2015-03-20 23:30 - 01316000 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-06-23 21:16 - 2015-03-20 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-23 21:13 - 2015-05-27 20:29 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-23 13:30 - 2014-03-24 21:13 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-18 20:51 - 2015-03-21 16:01 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2015-06-18 08:41 - 2015-03-20 18:59 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2015-03-20 18:59 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-17 13:43 - 2013-11-20 14:53 - 00000000 ____D C:\Users\User\Desktop\Virenscanner (bitte installieren!)
2015-06-17 12:45 - 2015-03-20 16:44 - 00014202 _____ C:\Windows\DPINST.LOG
2015-06-17 11:10 - 2015-04-15 14:29 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-06-17 11:10 - 2015-03-20 23:39 - 02997544 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-06-17 11:10 - 2015-03-20 23:39 - 01567576 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-06-17 11:10 - 2015-03-02 14:24 - 17724600 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-06-17 11:10 - 2015-03-02 14:24 - 12855416 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-06-17 11:10 - 2015-03-02 14:24 - 03395648 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-06-17 08:48 - 2013-11-28 03:11 - 06873232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-06-17 08:48 - 2013-11-28 03:11 - 03492168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-06-17 08:48 - 2013-11-28 03:11 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-06-17 08:48 - 2013-11-28 03:11 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-06-17 08:48 - 2013-11-28 03:11 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-06-17 08:48 - 2013-11-28 03:11 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-06-17 00:39 - 2015-03-20 15:09 - 00000000 ____D C:\ProgramData\G Data
2015-06-16 21:15 - 2015-03-20 16:45 - 00001558 _____ C:\Users\User\AppData\Roaming\gdscan.log
2015-06-16 21:14 - 2015-03-20 16:43 - 00000000 ___DC C:\Program Files (x86)\G DATA
2015-06-16 21:07 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\SysWOW64\Setup
2015-06-16 21:07 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\SysWOW64\oobe
2015-06-16 21:07 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\SysWOW64\MUI
2015-06-16 21:07 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\SysWOW64\com
2015-06-16 15:31 - 2011-05-25 04:25 - 00000000 __HDC C:\Program Files (x86)\InstallShield Installation Information
2015-06-16 15:30 - 2015-03-20 19:17 - 00000267 _____ C:\Windows\system\Dlap.pfx
2015-06-16 15:15 - 2015-03-20 19:17 - 00000000 ____D C:\Windows\system
2015-06-16 15:15 - 2014-04-22 13:20 - 00000347 _____ C:\Windows\system\Cm6620.ini
2015-06-15 18:46 - 2015-04-15 14:28 - 00000000 __SHD C:\Users\User\AppData\Local\EmieUserList
2015-06-15 18:46 - 2015-04-15 14:28 - 00000000 __SHD C:\Users\User\AppData\Local\EmieSiteList
2015-06-15 18:46 - 2015-04-15 14:28 - 00000000 __SHD C:\Users\User\AppData\Local\EmieBrowserModeList
2015-06-13 13:40 - 2009-07-14 05:20 - 00000000 __RSD C:\Windows\Media
==================== Files in the root of some directories =======
2015-03-20 16:46 - 2015-03-20 16:46 - 0000000 _____ () C:\Users\User\AppData\Roaming\gdfw.log
2015-03-20 16:45 - 2015-06-16 21:15 - 0001558 _____ () C:\Users\User\AppData\Roaming\gdscan.log
2015-04-03 14:16 - 2015-04-03 14:16 - 0007597 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-08 17:00
==================== End of log ============================
[CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by User at 2015-07-13 13:18:42
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3928150652-2756980015-3035233101-500 - Administrator - Disabled)
Gast (S-1-5-21-3928150652-2756980015-3035233101-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3928150652-2756980015-3035233101-1002 - Limited - Enabled)
User (S-1-5-21-3928150652-2756980015-3035233101-1000 - Administrator - Enabled) => C:\Users\User
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G DATA INTERNET SECURITY (Disabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA INTERNET SECURITY (Disabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G*DATA Personal Firewall (Disabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.34 - Atheros Communications)
Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version: - )
CSL GAMING MOUSE 28696 GAUNTLET version 1.1 (HKLM-x32\...\{8535AC82-EF2B-4F52-AE12-582BC5116AD0}_is1) (Version: 1.1 - CSL)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version: - Blizzard Entertainment)
Free YouTube to MP3 Converter version 3.12.59.415 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.415 - DVDVideoSoft Ltd.)
G DATA INTERNET SECURITY (HKLM-x32\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.4 - G DATA Software AG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2219 - Intel Corporation)
ITE Infrared Transceiver (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version: - Tripwire Interactive)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.6129.5001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Grafiktreiber 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Platform (x32 Version: 1.40 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Sades 7.1CH Gaming Headset (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006620}) (Version: 1.00.0010 - SHENZHEN SADES DIGITAL TECHNOLOGY CO.,LTD)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.10.1 - Electronic Arts)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.)
WildStar (HKLM-x32\...\WildStar) (Version: - NCSOFT)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3928150652-2756980015-3035233101-1000_Classes\CLSID\{3b3b3eb7-9bb7-4043-9ece-e5fb09300f47}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
==================== Restore Points =========================
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {048DC8E2-22CB-45F9-82B7-5561E0D8BCB2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-20] (Google Inc.)
Task: {21B1F005-8405-484C-A734-BAFA294ED322} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {2379BF55-7CB9-451D-B5A2-376F79EC35A2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09] (Adobe Systems Incorporated)
Task: {62278054-8DC9-4992-953C-E7E334CFF429} - System32\Tasks\{70315971-B320-49D5-9C2E-376862CACEE0} => pcalua.exe -a C:\Users\User\AppData\Local\Temp\VSDAFDF.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe -d C:\Users\User\Downloads -c /lang:enu /passive /norestart
Task: {9D759583-D093-4D62-8787-AA5A33B65F8F} - \ASUS\i-Setup042718 No Task File <==== ATTENTION
Task: {A1093219-40EC-4E2B-A470-ECF151F7B17C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-20] (Google Inc.)
Task: {AF25E5C2-B34B-4C44-9D0F-6DDD1FBE8FF9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {C8770007-1ED8-4174-8D4C-06963E97BD41} - System32\Tasks\{B17324DF-C246-4C69-AEDC-BFFFE0409E33} => pcalua.exe -a C:\Users\User\AppData\Local\Temp\VSD2617.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe -d C:\Users\User\Downloads -c /lang:enu /passive /norestart
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-02-20 05:42 - 2015-02-20 05:42 - 00382072 ____C () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2015-07-07 18:21 - 2015-07-07 05:49 - 01281864 ____C () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-07 18:21 - 2015-07-07 05:49 - 00080712 ____C () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 192.168.0.2
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupreg: MyDriveConnect.exe => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B846F37F-523C-458B-A9B8-D9CDE53152EF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CDA3286E-7ED7-4470-953B-D4A58CBFF090}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3879A32C-1423-4CAC-AF33-4134169A73B7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{BD1C8FB0-042F-48E5-AF7C-7E1DE9DF8F6F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{183C04B3-DF62-4397-87F5-A937D55E5E8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{62669C57-C9CB-4CFB-93FE-C10C614C3053}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{18537557-9679-4C5D-B1C3-65AA88448AB6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8E197812-38D6-492B-A4E2-5382E50EC1BB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7C86D759-7316-4D85-BE6C-F7774507C78D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FC6E5D4F-6FBC-4777-AF10-A2EE963A8486}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A01EF4B5-8600-41D7-9E8E-3A396505902A}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{2F213D3F-84C1-480C-B5B4-655AF3DD50BD}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{461EAE58-7335-41D6-B084-17B4CF5679CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{7D461333-53AC-4287-8F8D-C02801981302}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{CD082440-CE45-4994-9FC9-31BAE9CE5F28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\strife\bin\strife.exe
FirewallRules: [{2DB13F91-4747-4C84-A820-42BBAE37F614}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\strife\bin\strife.exe
FirewallRules: [{7CB28B7A-34F1-4C15-BBAF-92A1D6961331}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{CF4FFF9E-7D8C-491B-855A-6701A5EE9FCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{C56D392F-E862-4AEA-91DB-507DD254F8B0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F36DAA19-EE23-4B38-A06D-1CB2BEA87854}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{9B91CF23-A2C8-4915-AE49-CF11109671BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{B0081B41-2112-4021-A78E-35DC8A972A87}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/13/2015 01:10:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0x40000015
Fehleroffset: 0x00093534
ID des fehlerhaften Prozesses: 0xcdc
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (07/13/2015 12:47:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0x40000015
Fehleroffset: 0x00093534
ID des fehlerhaften Prozesses: 0x938
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (07/12/2015 11:50:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0x40000015
Fehleroffset: 0x00093534
ID des fehlerhaften Prozesses: 0xd28
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (07/12/2015 10:59:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0x40000015
Fehleroffset: 0x00093534
ID des fehlerhaften Prozesses: 0xbb0
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (07/12/2015 10:40:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Wow-64.exe, Version 6.2.0.20216 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 17cc
Startzeit: 01d0bce2f735f4e2
Endzeit: 101
Anwendungspfad: C:\Program Files (x86)\World of Warcraft\Wow-64.exe
Berichts-ID: 4bcd9854-28d6-11e5-a310-d0509955f44c
Error: (07/12/2015 09:40:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0x40000015
Fehleroffset: 0x00093534
ID des fehlerhaften Prozesses: 0xc0c
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (07/12/2015 07:12:19 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Fehler beim Lesen aus der Schattenkopie auf einem der zu sichernden Volumes durch die Windows-Sicherung. Prüfen Sie die Ereignisprotokolle auf relevante Fehler. (0x81000037)"
Error: (07/12/2015 07:04:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0x40000015
Fehleroffset: 0x00093534
ID des fehlerhaften Prozesses: 0x95c
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (07/11/2015 11:08:06 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error: (07/11/2015 11:01:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0x40000015
Fehleroffset: 0x00093534
ID des fehlerhaften Prozesses: 0xd28
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
System errors:
=============
Error: (07/13/2015 01:13:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/13/2015 01:13:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/13/2015 01:13:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/13/2015 01:13:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Client Virtualization Handler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/13/2015 01:13:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Service Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/13/2015 01:13:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/13/2015 01:13:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/13/2015 01:13:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/13/2015 01:13:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA GeForce Experience Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/13/2015 01:13:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AtherosSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office:
=========================
Error: (07/13/2015 01:10:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a824000001500093534cdc01d0bd5bf58aedf0C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exec9705293-294f-11e5-b95a-d0509955f44c
Error: (07/13/2015 12:47:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82400000150009353493801d0bd58af545256C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exe80fff74c-294c-11e5-bfc6-d0509955f44c
Error: (07/12/2015 11:50:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a824000001500093534d2801d0bcec2a757a3eC:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exefed67950-28df-11e5-8137-d0509955f44c
Error: (07/12/2015 10:59:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a824000001500093534bb001d0bce4eca85106C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exee40c1344-28d8-11e5-abd7-d0509955f44c
Error: (07/12/2015 10:40:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Wow-64.exe6.2.0.2021617cc01d0bce2f735f4e2101C:\Program Files (x86)\World of Warcraft\Wow-64.exe4bcd9854-28d6-11e5-a310-d0509955f44c
Error: (07/12/2015 09:40:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a824000001500093534c0c01d0bcd9d4253a80C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.execa76ec7b-28cd-11e5-a310-d0509955f44c
Error: (07/12/2015 07:12:19 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Fehler beim Lesen aus der Schattenkopie auf einem der zu sichernden Volumes durch die Windows-Sicherung. Prüfen Sie die Ereignisprotokolle auf relevante Fehler. (0x81000037)
Error: (07/12/2015 07:04:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82400000150009353495c01d0bcc429677a9fC:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exe0506bb2e-28b8-11e5-a416-d0509955f44c
Error: (07/11/2015 11:08:06 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error: (07/11/2015 11:01:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a824000001500093534d2801d0bc1c3a70f69aC:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exe0e197868-2810-11e5-bbb3-d0509955f44c
CodeIntegrity Errors:
===================================
Date: 2014-03-23 15:30:23.649
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Sftfslh.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-23 15:30:23.555
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\Sftfslh.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 26%
Total physical RAM: 8175.24 MB
Available physical RAM: 6028.13 MB
Total Virtual: 16348.68 MB
Available Virtual: 13758.17 MB
==================== Drives ================================
Drive c: (Windows7) (Fixed) (Total:931.41 GB) (Free:679.68 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0DA7C2E8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== End of log ============================
|
|
14.07.2015, 07:02
| #6 |
| /// the machine /// TB-Ausbilder | Verdacht auf einen VirusESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Verdacht auf einen Virus |
|
14.07.2015, 11:10
| #7 |
| | Verdacht auf einen Virus Ich hatte im Prinzip keine Probleme, war mir nur unsicher weil G Data den Virus nicht desinfizieren konnte und wollte einfach sichergehen. LG Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015 Ran by User (administrator) on USER-PC on 14-07-2015 12:02:58 Running from C:\Users\User\Downloads Loaded Profiles: User (Available Profiles: User) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Windows\DAODx.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Program Files\Sades 7.1CH Gaming Headset\CPL\FaceLift_x64.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe () C:\CSL GAMING MOUSE 28696 GAUNTLET\CSLMon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613024 2010-09-27] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-09-27] (Atheros Commnucations) HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Cm6620Sound] => C:\Program Files\Sades 7.1CH Gaming Headset\CPL\FaceLift_x64.exe [2250240 2014-04-11] () HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [CSLgmmouseRun] => C:\CSL GAMING MOUSE 28696 GAUNTLET\CSLmon.exe [3151872 2014-06-05] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation) HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [1855608 2015-02-20] (G DATA Software AG) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Run: [{517CC397-B22F-4593-8DCB-DE72CC541E9A}] => "C:\Users\User\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{517CC397-B22F-4593-8DCB-DE72CC541E9A}" HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\Policies\Explorer: [NoDrives] 65536 HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\...\MountPoints2: {b8054024-cf04-11e4-8edb-d0509955f44c} - F:\pushinst.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-07-15] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-03-20] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zenimax-Startprogramm.lnk [2015-05-03] ShortcutTarget: Zenimax-Startprogramm.lnk -> C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-09-27] (Atheros Commnucations) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2 Tcpip\..\Interfaces\{12C5CAAE-8B86-4830-8791-C0F8BB7899CF}: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{6C4BD96B-A427-4D85-884C-39D2AB9856B3}: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{BA68CF7B-D366-4CD7-8B2B-FF7373FCD595}: [DhcpNameServer] 192.168.0.1 192.168.0.2 Tcpip\..\Interfaces\{D3BE78AE-491A-4EB0-9B35-2AA566EFA4D5}: [DhcpNameServer] 10.0.0.1 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\175vkymt.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-09] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-09] () FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-20] CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-20] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-20] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-20] CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-20] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-20] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-20] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed] R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2528888 2015-04-16] (G Data Software AG) R2 AVKService; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [965240 2015-02-20] (G Data Software AG) R2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [3672560 2015-04-07] (G Data Software AG) R3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [3193080 2015-02-20] (G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789112 2015-03-04] (G Data Software AG) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-24] (Electronic Arts) S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2014-11-21] (AVM Berlin) R3 CMUAC; C:\Windows\System32\DRIVERS\CMUAC.SYS [390656 2014-01-08] (C-Media Inc.) S3 fwlanusb5_nv2; C:\Windows\System32\DRIVERS\fwlanusb5_nv2.sys [1322824 2014-11-21] (AVM GmbH) R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [150016 2015-06-17] (G Data Software AG) R3 GDKBB; C:\Windows\system32\drivers\GDKBB64.sys [27648 2015-06-17] (G Data Software AG) R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2015-06-17] (G Data Software AG) R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [230400 2015-06-17] (G Data Software AG) R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [75776 2015-06-17] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-06-17] (G Data Software AG) R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2015-07-11] (G Data Software) R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [124928 2015-06-17] (G Data Software AG) R3 L1c; C:\Windows\System32\DRIVERS\l1c51x64.sys [104600 2012-11-19] (Atheros Communications, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia) S3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation) R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [767648 2014-10-08] (Microsoft Corporation) R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2014-10-08] (Microsoft Corporation) R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2014-10-08] (Microsoft Corporation) R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2014-10-08] (Microsoft Corporation) S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] () S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] () S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] () S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-09-25] (VIA Technologies, Inc.) S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2013-09-25] (VIA Technologies, Inc.) S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [X] S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X] S3 USBMULCD; system32\drivers\CM10664.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-14 11:57 - 2015-07-14 11:57 - 00852662 _____ C:\Users\User\Downloads\SecurityCheck.exe 2015-07-14 10:04 - 2015-07-14 10:04 - 00000000 ___DC C:\Program Files (x86)\ESET 2015-07-14 10:03 - 2015-07-14 10:03 - 02870984 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_deu.exe 2015-07-13 18:58 - 2015-07-13 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Public Test 2015-07-13 18:56 - 2015-07-13 20:24 - 00000000 ___DC C:\Program Files (x86)\World of Warcraft Public Test 2015-07-13 13:18 - 2015-07-13 13:18 - 00029945 _____ C:\Users\User\Downloads\Addition.txt 2015-07-13 13:17 - 2015-07-14 12:02 - 00016744 _____ C:\Users\User\Downloads\FRST.txt 2015-07-13 13:17 - 2015-07-13 13:17 - 02133504 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2015-07-13 13:11 - 2015-07-13 13:11 - 00000207 _____ C:\Windows\tweaking.com-regbackup-user-pc-windows-7-professional-(64-bit).dat 2015-07-13 13:11 - 2015-07-13 13:11 - 00000000 ____D C:\RegBackup 2015-07-12 19:40 - 2015-07-12 20:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-07-11 23:03 - 2015-07-11 23:03 - 00000000 _____ C:\Users\User\defogger_reenable 2015-07-11 22:54 - 2015-07-14 12:03 - 00000000 ____D C:\FRST 2015-07-11 18:35 - 2015-07-11 18:35 - 02248704 _____ C:\Users\User\Downloads\adwcleaner_4.208.exe 2015-07-11 18:35 - 2015-07-11 18:35 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys 2015-07-11 18:35 - 2015-07-11 18:35 - 00018160 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys 2015-07-10 15:37 - 2015-07-10 15:37 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk 2015-07-10 15:37 - 2015-07-10 15:37 - 00000000 __RDC C:\Program Files (x86)\Skype 2015-07-10 15:37 - 2015-07-10 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-07-06 22:39 - 2015-07-06 22:39 - 00000000 ____D C:\Users\User\AppData\Roaming\com.playsaurus.heroclicker 2015-07-01 18:44 - 2015-07-01 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test 2015-07-01 13:57 - 2015-07-01 13:57 - 00000000 ____D C:\Users\User\Tracing 2015-07-01 13:51 - 2015-07-11 22:40 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype 2015-07-01 13:51 - 2015-07-10 15:37 - 00000000 ____D C:\ProgramData\Skype 2015-07-01 13:51 - 2015-07-01 13:51 - 00000000 ____D C:\Users\User\AppData\Local\Skype 2015-06-29 21:04 - 2015-07-12 23:01 - 00000000 ___DC C:\Program Files (x86)\SpeedFan 2015-06-29 21:04 - 2015-06-29 21:04 - 00000045 ____C C:\Windows\SysWOW64\initdebug.nfo 2015-06-26 13:21 - 2015-07-08 08:21 - 00000000 ___DC C:\Program Files (x86)\Diablo III Public Test 2015-06-25 18:56 - 2015-06-25 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft 2015-06-25 18:53 - 2015-07-08 08:19 - 00000000 ___DC C:\Program Files (x86)\World of Warcraft 2015-06-23 21:16 - 2015-06-17 08:03 - 00571024 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2015-06-23 21:13 - 2015-06-17 11:10 - 42729104 _____ C:\Windows\system32\nvcompiler.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 37748880 ____C C:\Windows\SysWOW64\nvcompiler.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 22947144 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 15224784 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 13263056 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 11831856 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-06-23 21:13 - 2015-06-17 11:10 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 02599752 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 01099992 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00982672 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00975176 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00938752 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00408392 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00407296 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00364176 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2015-06-23 21:13 - 2015-06-17 11:10 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00155280 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00128696 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2015-06-23 21:13 - 2015-06-17 11:10 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2015-06-17 13:29 - 2015-06-17 13:29 - 00000000 ____D C:\Windows\pss 2015-06-17 12:46 - 2015-06-17 12:46 - 00027648 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBB64.sys 2015-06-17 12:46 - 2015-06-17 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY 2015-06-16 21:16 - 2015-06-17 13:24 - 00075776 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys 2015-06-16 21:16 - 2015-06-17 12:46 - 00001986 _____ C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk 2015-06-16 21:15 - 2015-06-17 12:46 - 00020992 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys 2015-06-16 21:15 - 2015-06-17 12:45 - 00230400 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys 2015-06-16 21:15 - 2015-06-17 12:45 - 00150016 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys 2015-06-16 21:15 - 2015-06-17 12:45 - 00124928 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys 2015-06-16 21:15 - 2015-06-17 12:45 - 00064512 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys 2015-06-16 15:31 - 2015-06-16 15:31 - 00002055 _____ C:\Users\User\Desktop\Sades 7.1CH Gaming Headset.lnk 2015-06-16 15:31 - 2015-06-16 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sades 7.1CH Gaming Headset 2015-06-16 15:31 - 2015-06-16 15:31 - 00000000 ____D C:\ProgramData\FaceLift 2015-06-16 15:30 - 2015-06-16 15:31 - 00179249 _____ C:\Windows\Cm6620.ini.cfl 2015-06-16 15:30 - 2015-06-16 15:30 - 00000000 ___DC C:\Program Files\Sades 7.1CH Gaming Headset 2015-06-16 15:30 - 2013-12-25 09:48 - 00090054 ____N C:\Windows\Install-02.bmp 2015-06-16 15:30 - 2013-12-25 09:48 - 00082478 ____N C:\Windows\Install-01.bmp 2015-06-16 15:19 - 2013-11-12 03:30 - 00831488 ____N C:\Windows\system32\Cmeau6620.exe 2015-06-16 15:15 - 2015-06-16 15:19 - 00000398 _____ C:\Windows\Cm6620.ini.imi 2015-06-16 15:15 - 2014-04-22 13:20 - 00004125 ____N C:\Windows\Cm6620.ini.cfg 2015-06-16 15:15 - 2014-01-08 09:08 - 03019032 _____ (C-Media Electronics Inc.) C:\Windows\system32\CMEffectAPO.dll 2015-06-16 15:15 - 2014-01-08 09:08 - 00390656 _____ (C-Media Inc.) C:\Windows\system32\Drivers\CMUAC.SYS 2015-06-16 15:15 - 2014-01-08 09:08 - 00208896 _____ (C-Media Electronics Inc.) C:\Windows\system32\CMCplExt.dll 2015-06-16 15:10 - 2015-06-16 15:12 - 00010398 _____ C:\Users\User\Documents\Uninstall STAR WARS The Old Republic.log 2015-06-15 12:44 - 2015-05-19 05:29 - 00046768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2015-06-15 12:44 - 2015-05-19 05:14 - 00057520 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-14 11:52 - 2015-05-18 20:34 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-14 11:16 - 2015-03-20 17:05 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-14 10:49 - 2015-03-20 19:00 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-14 10:45 - 2011-05-25 04:18 - 01396480 _____ C:\Windows\WindowsUpdate.log 2015-07-14 10:16 - 2015-03-20 17:04 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-14 10:04 - 2009-07-14 06:45 - 00037200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-14 10:04 - 2009-07-14 06:45 - 00037200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-14 09:55 - 2011-06-26 22:08 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini 2015-07-14 09:55 - 2009-07-14 06:51 - 00104098 _____ C:\Windows\setupact.log 2015-07-14 09:54 - 2013-11-28 03:14 - 00000000 ____D C:\ProgramData\NVIDIA 2015-07-14 09:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-14 00:47 - 2015-03-21 01:15 - 00000000 ___DC C:\Program Files (x86)\Steam 2015-07-13 23:47 - 2015-03-21 17:55 - 00000000 ____D C:\Users\User\AppData\Local\Battle.net 2015-07-13 13:03 - 2015-05-30 19:29 - 00000000 ____D C:\AdwCleaner 2015-07-12 23:44 - 2013-07-15 12:52 - 00089456 _____ C:\Windows\PFRO.log 2015-07-12 23:34 - 2015-03-21 17:56 - 00000000 ___DC C:\Program Files (x86)\Heroes of the Storm 2015-07-12 23:22 - 2015-03-21 01:16 - 00000000 ___DC C:\Program Files (x86)\Origin Games 2015-07-12 23:21 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-07-12 23:20 - 2015-05-03 14:23 - 00000000 ___DC C:\Program Files (x86)\Zenimax Online 2015-07-12 23:20 - 2015-03-28 17:23 - 00000000 __SDC C:\Windows\SysWOW64\GWX 2015-07-12 23:20 - 2015-03-28 17:23 - 00000000 ___SD C:\Windows\system32\GWX 2015-07-12 23:15 - 2015-05-21 23:11 - 00000000 ____D C:\Users\User\AppData\Local\TomTom 2015-07-12 23:15 - 2015-05-21 23:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom 2015-07-12 23:08 - 2015-04-15 16:56 - 00000000 ___DC C:\Program Files\CPUID 2015-07-12 23:08 - 2015-04-15 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2015-07-12 19:38 - 2015-03-20 18:59 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-07-11 23:10 - 2015-03-20 16:36 - 00001599 _____ C:\Users\User\Desktop\Passwörter.txt 2015-07-09 17:52 - 2015-05-18 20:34 - 00778416 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-09 17:52 - 2015-05-18 20:34 - 00142512 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-09 17:52 - 2015-05-18 20:34 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-08 17:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-07-08 16:36 - 2009-07-14 19:58 - 01833426 _____ C:\Windows\system32\perfh007.dat 2015-07-08 16:36 - 2009-07-14 19:58 - 00501436 _____ C:\Windows\system32\perfc007.dat 2015-07-08 16:36 - 2009-07-14 07:13 - 00006532 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-08 10:40 - 2015-03-25 21:59 - 00000000 ____D C:\Users\User\Documents\My Games 2015-07-07 18:21 - 2015-03-20 17:06 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-01 19:33 - 2015-03-28 17:29 - 00000000 ____D C:\Users\User\Documents\Diablo III 2015-06-29 22:25 - 2015-03-23 17:39 - 00000000 ____D C:\Windows\system32\appmgmt 2015-06-29 22:24 - 2015-05-26 17:43 - 00000000 ____D C:\Users\User\AppData\Local\Deployment 2015-06-29 20:44 - 2015-03-21 17:55 - 00000000 ___DC C:\Program Files (x86)\Battle.net 2015-06-29 20:39 - 2012-04-22 04:15 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore 2015-06-26 15:46 - 2015-03-20 19:00 - 00001114 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-06-26 15:46 - 2015-03-20 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-26 15:46 - 2015-03-20 18:59 - 00000000 ___DC C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-06-26 05:43 - 2015-03-20 23:30 - 00001389 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2015-06-26 05:43 - 2013-11-28 03:11 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2015-06-24 20:39 - 2015-03-21 01:14 - 00000000 ___DC C:\Program Files (x86)\Origin 2015-06-24 20:39 - 2015-03-21 01:14 - 00000000 ____D C:\ProgramData\Origin 2015-06-24 20:32 - 2015-04-23 12:49 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-06-24 13:36 - 2015-03-20 23:30 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2015-06-24 13:36 - 2015-03-20 23:30 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2015-06-24 13:36 - 2015-03-20 23:30 - 01320120 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2015-06-24 13:36 - 2015-03-20 23:30 - 01316000 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2015-06-23 21:16 - 2015-03-20 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-06-23 21:13 - 2015-05-27 20:29 - 00000000 ____D C:\ProgramData\boost_interprocess 2015-06-23 13:30 - 2014-03-24 21:13 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-06-18 20:51 - 2015-03-21 16:01 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps 2015-06-18 08:41 - 2015-03-20 18:59 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-18 08:41 - 2015-03-20 18:59 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-17 13:43 - 2013-11-20 14:53 - 00000000 ____D C:\Users\User\Desktop\Virenscanner (bitte installieren!) 2015-06-17 12:45 - 2015-03-20 16:44 - 00014202 _____ C:\Windows\DPINST.LOG 2015-06-17 11:10 - 2015-04-15 14:29 - 00030966 _____ C:\Windows\system32\nvinfo.pb 2015-06-17 11:10 - 2015-03-20 23:39 - 02997544 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2015-06-17 11:10 - 2015-03-20 23:39 - 01567576 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2015-06-17 11:10 - 2015-03-02 14:24 - 17724600 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2015-06-17 11:10 - 2015-03-02 14:24 - 12855416 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2015-06-17 11:10 - 2015-03-02 14:24 - 03395648 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2015-06-17 08:48 - 2013-11-28 03:11 - 06873232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-06-17 08:48 - 2013-11-28 03:11 - 03492168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2015-06-17 08:48 - 2013-11-28 03:11 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-06-17 08:48 - 2013-11-28 03:11 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-06-17 08:48 - 2013-11-28 03:11 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-06-17 08:48 - 2013-11-28 03:11 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-06-17 00:39 - 2015-03-20 15:09 - 00000000 ____D C:\ProgramData\G Data 2015-06-16 21:15 - 2015-03-20 16:45 - 00001558 _____ C:\Users\User\AppData\Roaming\gdscan.log 2015-06-16 21:14 - 2015-03-20 16:43 - 00000000 ___DC C:\Program Files (x86)\G DATA 2015-06-16 21:07 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\SysWOW64\Setup 2015-06-16 21:07 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\SysWOW64\oobe 2015-06-16 21:07 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\SysWOW64\MUI 2015-06-16 21:07 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\SysWOW64\com 2015-06-16 15:31 - 2011-05-25 04:25 - 00000000 __HDC C:\Program Files (x86)\InstallShield Installation Information 2015-06-16 15:30 - 2015-03-20 19:17 - 00000267 _____ C:\Windows\system\Dlap.pfx 2015-06-16 15:15 - 2015-03-20 19:17 - 00000000 ____D C:\Windows\system 2015-06-16 15:15 - 2014-04-22 13:20 - 00000347 _____ C:\Windows\system\Cm6620.ini 2015-06-15 18:46 - 2015-04-15 14:28 - 00000000 __SHD C:\Users\User\AppData\Local\EmieUserList 2015-06-15 18:46 - 2015-04-15 14:28 - 00000000 __SHD C:\Users\User\AppData\Local\EmieSiteList 2015-06-15 18:46 - 2015-04-15 14:28 - 00000000 __SHD C:\Users\User\AppData\Local\EmieBrowserModeList ==================== Files in the root of some directories ======= 2015-03-20 16:46 - 2015-03-20 16:46 - 0000000 _____ () C:\Users\User\AppData\Roaming\gdfw.log 2015-03-20 16:45 - 2015-06-16 21:15 - 0001558 _____ () C:\Users\User\AppData\Roaming\gdscan.log 2015-04-03 14:16 - 2015-04-03 14:16 - 0007597 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== C:\Users\User\AppData\Local\Temp\Quarantine.exe C:\Users\User\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-08 17:00 ==================== End of log ============================ Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6e053d669d37de478e29b0b3331c0e62
# end=init
# utc_time=2015-07-14 08:05:01
# local_time=2015-07-14 10:05:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24785
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6e053d669d37de478e29b0b3331c0e62
# end=updated
# utc_time=2015-07-14 08:06:59
# local_time=2015-07-14 10:06:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=6e053d669d37de478e29b0b3331c0e62
# engine=24785
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-14 09:47:32
# local_time=2015-07-14 11:47:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='G DATA INTERNET SECURITY'
# compatibility_mode=4112 16777213 100 100 6768 12469524 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 80861 188497102 0 0
# scanned=195296
# found=0
# cleaned=0
# scan_time=6032
Code:
ATTFilter Results of screen317's Security Check version 1.004 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` G DATA INTERNET SECURITY Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.10004) Java 8 Update 45 Adobe Flash Player 17.0.0.191 Flash Player out of Date! Google Chrome (43.0.2357.130) Google Chrome (43.0.2357.132) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe G DATA InternetSecurity Firewall GDFirewallTray.exe G DATA InternetSecurity Firewall GDFwSvcx64.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
15.07.2015, 08:22
| #8 |
| /// the machine /// TB-Ausbilder | Verdacht auf einen Virus Flash Player updaten.  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Verdacht auf einen Virus |
| adware, browser, converter, cpu-z, defender, fehlermeldung, festplatte, flash player, google, helper, installation, internet, mozilla, mp3, nodrives, performance, prozess, registry, rundll, scan, services.exe, software, svchost.exe, system, usb, virus, windows |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
