| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Gdata geht auf 100% PC friert für Minuten einWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.07.2015, 21:06
| #1 |
| |  Gdata geht auf 100% PC friert für Minuten ein ... und es geht erstmal gar nichts mehr. Fangen wir mal von vorne an. Hallo Forum, ich bin neu hier und ich bin mir nicht Sicher ob ich Software auf dem Rechner drauf habe die nichts zu suchen hat oder mein Antivirenprogramm einfach nur beschi** ist oder ob ich dank der ganzen Sicherheitsprogs und Scanner die ich drüber laufen hab lassen, irgendetwas zerschossen habe. Ich nutze meinen Computer neben Privat, auch für mein Kleingewerbe und noch habe ich leider nicht die mittel für eine eigene IT, aber ich Arbeite weiter daran und ich würde mich sehr freuen wen ich euch dennoch meines Problemes annehmt. Ich möchte wen möglich als Nutzer von Internet via FUnk eine Neuinstalation ersparen, zumindest bis Win 10 da ist. Dennoch wurmt es mich das mein PC immer wieder vorübergehend für paar Sekunden bis Minuten (hab noch nie nachgezählt "einfriert" wen ich den Browser nutze und mein GDIS wiedermal auf 100% irgendetwas macht. Ich möchte einfach gewissheit habe und die bösen Geister aus meinen Kopf und damit auch aus meinen Computer verbannen. Tja, irgendwie hat alles mit dem wechsel meines Virenprogrammes begonnen. Ich brauchte für mein neugekauftes Notebook, wo keine so rießigen Probleme mit dem Gdata auftreten, einen Virenscanner. Kasperski wirkte als Software vom "bösen Russen", irgenwie (vielleicht ungerechtfertigt) unsympatisch. Ich entschied mich für eine Doppellizens "german sicherheit" zum Preis von einer, da ich auch auf meinen Hauptrechner den Scanner, Bitdefender auch langsam ersetzen musste. und vielleicht war es ein Fehler zu denken, zwei Fliegen mit der Doppellizenz schlagen zu können. Genz genau lässt sich zumindest ein Virus/Trojaner auch nicht ausschließen. Zumindest gab es anfangs ein paar Meldungen. Vermutlich nur Fehlalarme. Aber es lief halt auch nie so wirklich Rund. Schon am Anfang gab es immer wieder Aussetzter beim Surfen. Aber halt auch Alarme von IS. Gefolgt von einer Keylogger warnung die in verbindung mit meinen damaligen Logitechtreiber und Hardwarestand, nach Deinstalation der Software verschwunden, aber auch einer Warnung das eine Viren-Signatur oder gar die Engine-B nicht gestartet werden konnte. Ich habe darauf hin nach dem fehler geschaut, sehr viele Scanner und Cleaner installiert und laufen lassen und Gdata auch des öfteren Deinstalliert und wieder neu installiert. Mit der Deinstallation der Logitechsoftware waren die Warnung erstmal weg und alles deutet auf einen fehl Alarm hin. Dennoch ist mir mulmig dabei, da sich ja gerne Trojaner auch in Treiber oder Systemdateine verstecken sollen. Und GData zieht halt immer wieder extrem viel Leistung und scheint in eine schleife zu kommen wo gar nichts mehr geht. Ich hatte zwischenzeitlich wegen der Keylogger Warnung, alle möglichen Scanner drauf. Aber bis auf ein paar dutzend der üblichen ad und Spysoftware, die meisten wurden von Spybot gefunden, zwei von Malwarebyte, wurde nichts gefunden. Nur Gdata findet immer irgendetwas etwas im Browser. Wenn man bei einem Freeze reset drückt, bringt nach dem hochfahren das virensignatur b nicht geladen werden konnte und ich doch bitte ein signaturupdate machen soll. Ich habe schon alle möglichen Virenprogramme trüber laufen lassen, allso genau schon den ersten Punkt habe ich falsch gemacht. Es läuft auch alles Stabil, nur der Aussetzer den der Browser manchmal hat nervt und ich will halt die Ursache finden oder zumindest Schadsoftware ausschließen können. Auch letztens hat Gdate irgendetwas gefunden und aufgrund von Bössartigen verhaltens inin Quarantäne gesteckt. Was genau kann ich nicht sagen. Irgendetwas in der registri und in chrome. Bin mir aber nicht im klaren wie ich das hier einbinden kann. Ach, auch das einsenden von diesen fällen zu Gdata scheint nicht zu funktionieren, was nicht gerade verdauungsfördernd ist. Wie kann man den den Screenshoot hier einbinden? Und schon mal danke für eure Hilfe, logfiles folgen.... FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Lynx (administrator) on BÜRO1 on 14-07-2015 22:17:51
Running from C:\Users\Lynx\Downloads
Loaded Profiles: Lynx (Available Profiles: Lynx & asdf & GameOne & Administrator)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\System\HsMgr64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(G DATA Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(G DATA Software AG) C:\Program Files (x86)\G Data\InternetSecurity\GUI\GDSC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2012-09-28] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2012-09-28] ()
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6714472 2015-04-20] (SoftPerfect Research)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1864312 2015-06-16] (G DATA Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-07-06] (Glarysoft Ltd)
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: G - "G:\StarCraft II Setup.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {020a0173-84af-11e4-8121-f3961ac82c14} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {04e691fc-8044-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {04e69238-8044-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {04e69306-8044-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {04e69add-8044-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {0e809422-7b9e-11e4-8115-f77993d69a7e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {1402e90a-1006-11e5-81ff-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {1402e936-1006-11e5-81ff-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {1402e961-1006-11e5-81ff-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {1c9b5243-81c9-11e4-811e-a171e9ee8aa0} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {2024620d-7c54-11e4-8117-8a2dc101f76e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {2bb89a14-8961-11e4-812a-82be54052a10} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {41642107-f681-11e4-81c6-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {42bb8f9b-0820-11e5-81ee-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {5425a063-d06f-11e2-be96-962745884476} - "G:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {5681dade-8754-11e4-8125-e4c02fffe7b6} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {602ed588-2080-11e5-821a-bc5ff49b57b2} - "G:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {61795401-b66d-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {71e31c43-89a4-11e4-812b-98c65f152381} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {760bc187-b8cb-11e4-816f-c4355dd57672} - "I:\autorun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {7f78bb87-7ea4-11e4-8119-bb79d2cffb58} - "I:\autorun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {7f78bbca-7ea4-11e4-8119-bb79d2cffb58} - "I:\autorun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {8a7c7d08-a273-11e4-8148-f5a56fa14f71} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {8a7c7d74-a273-11e4-8148-f5a56fa14f71} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {9244bd9c-fcb4-11e4-81de-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {a1dc5abc-7e18-11e4-8118-aeb9a153bd8e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {a21fd9b2-b48e-11e4-815d-9eafbcb2d3b9} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {a21fd9da-b48e-11e4-815d-9eafbcb2d3b9} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {a28a761e-10c5-11e5-8200-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {ae18e9a0-a357-11e4-8149-97076599412e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {ae18eafe-a357-11e4-8149-97076599412e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {aeecd083-88ee-11e4-8129-806c020fe1a9} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b63bf765-07dc-11e5-81ed-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b63bf7a2-07dc-11e5-81ed-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b63bf7ce-07dc-11e5-81ed-bc5ff49b57b2} - "I:\autorun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b63bf7fe-07dc-11e5-81ed-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b84604c1-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b84604f6-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b8460559-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b8460946-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b84609bd-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {bf3cdaa7-814f-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {c00238a7-27fd-11e5-822a-bc5ff49b57b2} - "G:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce05f25-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce067e0-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce0681a-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce06850-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce06881-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce068ba-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce068f0-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce06936-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce069a2-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {d627b92c-1b09-11e5-8211-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {dcfa1ee0-1203-11e5-8203-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {dfd179af-0a91-11e5-81f2-bc5ff49b57b2} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {e1765eec-7926-11e4-8112-b126ba4a7607} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {e1765f1c-7926-11e4-8112-b126ba4a7607} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {e176669c-7926-11e4-8112-b126ba4a7607} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {e728a784-85c2-11e4-8123-cd986dcb0dac} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {f2ac2242-26cb-11e5-8229-bc5ff49b57b2} - "G:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {f6308941-b6c5-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe"
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {fabed4b4-829b-11e4-811f-8a75175685a0} - "F:\AutoRun.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
BootExecute: autocheck autochk *
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://expertzone.microsoft.com/Home.aspx
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://google.de/
https://googlemail.com/
https://meine.deutsche-bank.de/trxm/db/
https://easybill.de/
hxxp://promotionbasis.de/
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3171061452-4263852144-1531571965-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-23] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4284259D-18DF-4D86-ACE1-40E748E2D1BD}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{C7B339BB-30C0-448F-824F-F56A70FCDF7C}: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602
FF SelectedSearchEngine:
FF Homepage: https://mail.google.com/mail/u/0/?shva=1#inbox
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-3171061452-4263852144-1531571965-1001: SkypeForBusinessPlugin-15.8 -> C:\Users\Lynx\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.369\npGatewayNpapi.dll [2015-04-20] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3171061452-4263852144-1531571965-1001: SkypeForBusinessPlugin64-15.8 -> C:\Users\Lynx\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.369\npGatewayNpapi-x64.dll [2015-04-20] (Microsoft Corporation)
FF Extension: Ghostery - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\firefox@ghostery.com.xpi [2015-04-14]
FF Extension: Shoptimate - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\support@shoptimate.com.xpi [2015-01-25]
FF Extension: PAYBACK Internet Assistent fuer Firefox - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\toolbar-ff@payback.de.xpi [2015-03-29]
FF Extension: Youtube and more - Easy Video Downloader - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\vdpure@link64.xpi [2015-02-04]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2015-01-24]
FF Extension: Adblock Plus - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-25]
FF Extension: DownThemAll! - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-01-25]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-06-08]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
Chrome:
=======
CHR Profile: C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-05-09]
CHR Extension: (SoundCloud Downloader) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjckonbgbnaihkahaolpfjpllplfifjo [2015-01-24]
CHR Extension: (Adblock Plus) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-02]
CHR Extension: (Video Downloader professional) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-05-14]
CHR Extension: (Porsche) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg [2015-05-15]
CHR Extension: (ScriptBlock) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2015-05-14]
CHR Extension: (FoxyDeal) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jelbcgibfifpplacnbbflieigmcbpkec [2015-05-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (SoundCloud Downloader Free) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci [2015-01-24]
CHR Extension: (Flashcontrol) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-05-14]
CHR Extension: (Ghostery) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-05-14]
CHR Extension: (GetThemAll Video Downloader) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2015-05-14]
CHR Extension: (Google Wallet) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR HKLM-x32\...\Chrome\Extension: [Lynx] - No Path Or update_url value
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2558072 2015-06-19] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [966776 2015-06-16] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [3711712 2015-06-16] (G Data Software AG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3202368 2015-06-19] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789624 2015-06-16] (G Data Software AG)
R2 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [138272 2014-09-05] ()
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [219680 2014-09-05] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-06] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-10] ()
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 cmudaxp; C:\Windows\system32\drivers\cmudaxp.sys [2733568 2012-09-28] (C-Media Inc)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [158720 2015-07-14] (G Data Software AG)
S0 GDElam; C:\Windows\System32\DRIVERS\GDElam.sys [117904 2015-01-08] (G Data Software AG)
R3 GDKBB; C:\WINDOWS\system32\drivers\GDKBB64.sys [27648 2015-05-14] (G Data Software AG)
R1 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt64.sys [20992 2015-05-14] (G Data Software AG)
R1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [230912 2015-07-14] (G Data Software AG)
R3 GDPkIcpt; C:\WINDOWS\system32\drivers\PktIcpt.sys [91648 2015-07-14] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [68608 2015-07-14] (G Data Software AG)
R1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [106272 2015-05-17] (G Data Software)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2015-07-09] (Glarysoft Ltd)
R1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [125952 2015-07-14] (G Data Software AG)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated) [File not signed]
S1 mbmiodrvr; C:\Windows\syswow64\mbmiodrvr.sys [4608 2004-04-10] (cansoft@livewiredev.com) [File not signed]
S3 MEMSWEEP2; C:\WINDOWS\system32\3FF2.tmp [6144 2009-06-18] (Sophos Plc) [File not signed]
R1 networx; C:\Windows\System32\drivers\networx.sys [60736 2015-03-17] (NetFilterSDK.com)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-14 22:17 - 2015-07-14 22:18 - 00029334 _____ C:\Users\Lynx\Downloads\FRST.txt
2015-07-14 22:16 - 2015-07-14 22:17 - 00000000 ____D C:\FRST
2015-07-14 22:16 - 2015-07-14 22:16 - 02133504 _____ (Farbar) C:\Users\Lynx\Downloads\FRST64.exe
2015-07-14 22:16 - 2015-07-14 22:16 - 00000470 _____ C:\Users\Lynx\Downloads\defogger_disable.log
2015-07-14 22:16 - 2015-07-14 22:16 - 00000000 _____ C:\Users\Lynx\defogger_reenable
2015-07-14 22:15 - 2015-07-14 22:15 - 00050477 _____ C:\Users\Lynx\Downloads\Defogger.exe
2015-07-14 14:56 - 2015-07-14 14:56 - 00003840 _____ C:\WINDOWS\DPINST.LOG
2015-07-14 14:56 - 2015-07-14 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY
2015-07-14 14:55 - 2015-07-14 14:55 - 00000000 _____ C:\Users\Lynx\Desktop\Neues Textdokument (3).txt
2015-07-10 22:20 - 2015-07-10 22:22 - 133389698 _____ C:\Users\Lynx\Downloads\Latex-Orgie - GUTERPORNCOM.flv
2015-07-10 08:47 - 2015-07-10 08:48 - 08765440 _____ C:\Users\Lynx\Downloads\SkypeForBusinessPlugin (1).msi
2015-07-09 23:59 - 2015-07-10 00:11 - 102040672 _____ C:\Users\Lynx\Downloads\Katie Jordin Latex Sex - Fetisch sex video - Tube8com.mp4
2015-07-09 23:57 - 2015-07-10 00:03 - 55641385 _____ C:\Users\Lynx\Downloads\Fetish latex and boots fuck - Hardcore sex video - Tube8com.mp4
2015-07-09 23:55 - 2015-07-10 00:00 - 45240671 _____ C:\Users\Lynx\Downloads\Latex Maid Fucked - Hardcore sex video - Tube8com.mp4
2015-07-09 20:56 - 2015-07-09 20:56 - 00000000 _____ C:\Recovery.txt
2015-07-09 19:25 - 2015-06-09 22:57 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150709-192501.backup
2015-07-09 19:22 - 2015-07-14 20:52 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-07-09 19:22 - 2015-07-09 19:22 - 00020160 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUBootStartup.sys
2015-07-09 19:22 - 2015-07-09 19:22 - 00003306 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5
2015-07-09 19:22 - 2015-07-09 19:22 - 00002964 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
2015-07-09 19:22 - 2015-07-09 19:22 - 00001108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-07-09 19:22 - 2015-07-09 19:22 - 00001096 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-07-09 19:22 - 2015-07-09 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2015-07-09 19:21 - 2015-07-09 19:21 - 15201344 _____ C:\Users\Lynx\Downloads\gu5setup (2).exe
2015-07-09 19:20 - 2015-07-09 19:21 - 15201344 _____ C:\Users\Lynx\Downloads\gu5setup (1).exe
2015-07-09 19:16 - 2015-05-09 22:44 - 00004299 _____ C:\Quarantine.lst
2015-07-09 18:35 - 2015-07-09 18:35 - 00000598 _____ C:\Users\Lynx\Desktop\Start Emsisoft Emergency Kit.lnk
2015-07-09 18:33 - 2015-07-09 00:14 - 00136456 _____ (Emsisoft GmbH) C:\WINDOWS\system32\Drivers\epp64.sys
2015-07-09 18:25 - 2015-07-09 18:32 - 160550488 _____ C:\Users\Lynx\Downloads\EmsisoftEmergencyKit.exe
2015-07-08 15:53 - 2015-07-08 15:53 - 00131174 _____ C:\Users\Lynx\Downloads\Promoter_Personalbogen_Vorlage.pptx
2015-07-07 23:04 - 2011-05-31 18:11 - 00415744 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbwwan.sys
2015-07-07 23:04 - 2011-05-03 16:42 - 00222464 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys
2015-07-07 23:04 - 2011-02-25 19:02 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys
2015-07-07 23:04 - 2011-01-30 19:20 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juwwanecm.sys
2015-07-07 23:04 - 2011-01-30 19:19 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys
2015-07-07 23:04 - 2011-01-30 19:19 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys
2015-07-07 23:04 - 2011-01-30 19:19 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys
2015-07-07 23:04 - 2010-10-08 17:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys
2015-07-07 23:04 - 2010-09-26 19:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys
2015-07-07 23:04 - 2010-08-06 08:43 - 01001472 _____ (DiBcom SA) C:\WINDOWS\system32\Drivers\mod7700.sys
2015-07-07 23:04 - 2010-07-27 10:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys
2015-07-07 23:04 - 2010-03-20 13:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys
2015-07-03 09:33 - 2015-05-07 19:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-03 09:33 - 2015-05-07 18:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-03 09:32 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-03 09:32 - 2015-05-12 02:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-07-03 09:32 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-03 09:32 - 2015-05-07 19:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-03 09:32 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-03 09:32 - 2015-05-07 18:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-03 09:32 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-03 09:32 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-03 09:32 - 2015-05-03 17:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-03 09:32 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-03 09:32 - 2015-05-03 16:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-03 09:32 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-03 09:32 - 2015-05-03 16:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-03 09:32 - 2015-05-03 16:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-03 09:32 - 2015-05-03 02:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-03 09:32 - 2015-05-02 01:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-03 09:32 - 2015-05-01 03:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-07-03 09:32 - 2015-05-01 03:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-07-03 09:32 - 2015-05-01 03:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-07-03 09:32 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-03 09:32 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-03 09:32 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-03 09:32 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-03 09:32 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-03 09:32 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-03 01:15 - 2015-07-03 01:15 - 00000000 ____D C:\Users\Lynx\Documents\The Witcher
2015-07-03 01:15 - 2015-07-03 01:15 - 00000000 ____D C:\Users\Lynx\AppData\Local\The Witcher
2015-07-03 01:09 - 2015-07-03 01:09 - 00018435 _____ C:\WINDOWS\DirectX.log
2015-07-03 01:07 - 2015-07-03 01:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher Enhanced Edition
2015-07-03 00:56 - 2015-07-03 01:07 - 00000000 ____D C:\Program Files (x86)\The Witcher Enhanced Edition
2015-07-03 00:56 - 2015-07-03 01:06 - 00000000 ____D C:\Users\Public\Documents\The Witcher
2015-07-02 17:25 - 2015-07-02 17:27 - 00000000 ____D C:\Users\Lynx\Downloads\Sound Cloud
2015-07-01 14:38 - 2015-07-01 14:43 - 45827960 _____ C:\Users\Lynx\Downloads\Rich Bitch Sucking Off The Poor Bell-boy movie (Danny D Rebecca Moore Cathy Heaven) MILF Fox.mp4
2015-07-01 14:36 - 2015-07-01 14:43 - 45180522 _____ C:\Users\Lynx\Downloads\Great Looking Nurse Likes Hard Dicks movie (Jayden Jaymes) MILF Fox.mp4
2015-06-27 22:50 - 2015-06-27 22:51 - 04343907 _____ C:\Users\Lynx\Downloads\TV-20150627-2107-0201.websm.h264.mp4
2015-06-27 22:45 - 2015-06-27 22:45 - 11207009 _____ C:\Users\Lynx\Downloads\TV-20150627-2142-2801.websm.h264.mp4
2015-06-24 13:10 - 2015-06-24 13:10 - 00009336 ____N (G*DATA Software AG) C:\WINDOWS\SysWOW64\GdScrSv.de.dll
2015-06-24 12:06 - 2015-06-24 12:06 - 02230392 ____N (G Data Software AG) C:\WINDOWS\SysWOW64\GdScrSv.scr
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-14 22:16 - 2014-11-28 21:01 - 00000000 ____D C:\Users\Lynx
2015-07-14 22:15 - 2014-03-29 09:28 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-14 22:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-14 21:41 - 2013-05-01 03:13 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 21:12 - 2015-05-17 20:47 - 01735652 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-14 20:57 - 2014-09-24 08:16 - 01870968 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-14 20:57 - 2014-09-24 07:43 - 00799712 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-14 20:57 - 2014-09-24 07:43 - 00174252 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-14 20:57 - 2013-03-26 22:58 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3171061452-4263852144-1531571965-1001
2015-07-14 20:51 - 2015-05-17 18:49 - 00091579 _____ C:\WINDOWS\setupact.log
2015-07-14 20:51 - 2015-01-06 18:51 - 00000000 __RDO C:\Users\Lynx\OneDrive
2015-07-14 20:51 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-14 20:51 - 2013-05-01 03:13 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-14 19:15 - 2014-03-29 09:28 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-14 15:02 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-14 14:57 - 2013-08-22 15:25 - 01572864 ___SH C:\WINDOWS\system32\config\BBI
2015-07-14 14:56 - 2015-05-14 23:31 - 00230912 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\MiniIcpt.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00158720 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\GDBehave.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00125952 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\HookCentre.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00091648 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\PktIcpt.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00068608 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\gdwfpcd64.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00001998 _____ C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2015-07-14 14:56 - 2015-05-14 23:31 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2015-07-14 14:56 - 2015-04-11 23:47 - 00000000 ____D C:\ProgramData\G Data
2015-07-14 14:56 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\tracing
2015-07-12 13:32 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-12 13:22 - 2013-03-26 22:50 - 00000000 ____D C:\Users\Lynx\AppData\Local\Packages
2015-07-09 19:56 - 2015-05-18 09:18 - 00007782 _____ C:\WINDOWS\PFRO.log
2015-07-09 19:56 - 2013-12-19 02:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-09 19:31 - 2015-05-10 12:38 - 00000000 ____D C:\ProgramData\GlarySoft
2015-07-09 19:27 - 2014-04-02 00:12 - 00000085 _____ C:\WINDOWS\wininit.ini
2015-07-09 19:22 - 2015-05-10 11:56 - 00000000 ____D C:\Users\Lynx\AppData\Roaming\GlarySoft
2015-07-09 18:27 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-04 20:53 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-03 09:49 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-03 09:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-03 09:34 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-02 17:48 - 2015-04-15 13:21 - 00000000 ____D C:\Users\Lynx\AppData\Roaming\foobar2000
2015-06-28 13:52 - 2015-04-04 21:50 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-21 15:37 - 2015-02-14 22:15 - 00000000 ____D C:\Users\Lynx\AppData\Local\Battle.net
2015-06-20 05:02 - 2014-09-24 09:43 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-20 05:02 - 2014-09-24 09:43 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-04-11 23:48 - 2015-04-11 23:48 - 0000000 _____ () C:\Users\Lynx\AppData\Roaming\gdfw.log
2015-04-11 23:48 - 2015-05-14 23:31 - 0001558 _____ () C:\Users\Lynx\AppData\Roaming\gdscan.log
2013-12-19 01:44 - 2013-12-19 11:58 - 0007605 _____ () C:\Users\Lynx\AppData\Local\Resmon.ResmonCfg
2014-04-02 00:21 - 2014-04-02 00:21 - 0645567 _____ () C:\ProgramData\1396390413.bdinstall.bin
2015-04-11 21:09 - 2015-04-11 21:09 - 0259014 _____ () C:\ProgramData\1428779286.bdinstall.bin
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-14 16:47
==================== End of log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:16 on 14/07/2015 (Lynx)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Lynx at 2015-07-14 22:18:20
Running from C:\Users\Lynx\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3171061452-4263852144-1531571965-500 - Administrator - Enabled) => C:\Users\Administrator
asdf (S-1-5-21-3171061452-4263852144-1531571965-1011 - Administrator - Enabled) => C:\Users\asdf
GameOne (S-1-5-21-3171061452-4263852144-1531571965-1012 - Administrator - Enabled) => C:\Users\GameOne
Gast (S-1-5-21-3171061452-4263852144-1531571965-501 - Limited - Enabled)
Lynx (S-1-5-21-3171061452-4263852144-1531571965-1001 - Administrator - Enabled) => C:\Users\Lynx
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G DATA INTERNET SECURITY (Disabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: G DATA INTERNET SECURITY (Disabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G*DATA Personal Firewall (Disabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{C27EF409-FB69-451F-B996-DC853C25FCA2}) (Version: 1.4 - Eyeo GmbH)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F5B2C61F-1C10-FD9B-C29C-D8B88C9849CF}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
ASUS Xonar DG Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008788}) (Version: 1.00.0003 - ASUSTeK Computer Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.3825 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BF4 Settings Editor (HKLM\...\{EF4C9459-47DE-4FCD-B9E0-CEB5BA03FC64}) (Version: 1.1 - Realmware)
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.62.0000 - 2K Games)
Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)
Brother MFL-Pro Suite DCP-7040 (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Darksiders (HKLM-x32\...\Steam App 50620) (Version: - Vigil Games)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Exact Audio Copy 1.0beta6 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta6 - Andre Wiethoff)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
G DATA INTERNET SECURITY (HKLM-x32\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.6 - G DATA Software AG)
Glary Utilities 5.29 (HKLM-x32\...\Glary Utilities 5) (Version: 5.29.0.49 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 32.610.28.00.06 - Huawei Technologies Co.,Ltd)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mobile Connection Manager (HKLM-x32\...\o2DE) (Version: - Mobile Connection Manager)
MobileWiFi (HKLM-x32\...\MobileWiFi) (Version: TOOL-ConnLaucher_WIN1.09.02.00 - Huawei Technologies Co.,Ltd)
Motherboard Monitor 5 (HKLM-x32\...\Motherboard Monitor 5_is1) (Version: 5 - Alexander van Kaam)
NetWorx 5.3.5 (HKLM\...\NetWorx_is1) (Version: - Softperfect Research)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Sigma Data Center 4.0 (HKLM-x32\...\Sigma Data Center4.0) (Version: 4.0 - Sigma Elektro GmbH)
Sins of a Solar Empire®: Rebellion (HKLM-x32\...\Steam App 204880) (Version: - Ironclad Games)
Skype for Business Web App Plug-in (HKLM-x32\...\{5EEFC600-CE9E-4DCE-862A-E7D4A9C7B568}) (Version: 15.8.20020.369 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Witcher Enhanced Edition Version 1.6 (HKLM-x32\...\The Witcher Enhanced Edition_is1) (Version: 1.6 - CD Projekt RED)
Thrustmaster FFB Driver (HKLM-x32\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 2.FFD.2009 - Thrustmaster)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - SIGMA Elektro GmbH (usbser) Ports (04/27/2012 5.1.2600.5512) (HKLM\...\72BE00E857D6F4F2018C51300C130B652C40D203) (Version: 04/27/2012 5.1.2600.5512 - SIGMA Elektro GmbH)
Windows-Treiberpaket - SIGMA Elektro GmbH (usbser) Ports (04/27/2012 5.1.2600.5512) (HKLM\...\A4116E16EA28F359FEA424C9A3780F9D6A08961B) (Version: 04/27/2012 5.1.2600.5512 - SIGMA Elektro GmbH)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.25_TME - ZTE Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3171061452-4263852144-1531571965-1001_Classes\CLSID\{1542FC7D-8D51-43D5-B757-67C763F27BF4}\localserver32 -> C:\Users\Lynx\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.369\GatewayVersion-x64.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3171061452-4263852144-1531571965-1001_Classes\CLSID\{7ECF6F97-B4F3-4168-9835-F59C06D7875F}\InprocServer32 -> C:\Users\Lynx\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.369\GatewayActiveX-x64.dll (Microsoft Corporation)
==================== Restore Points =========================
18-06-2015 10:02:38 Geplanter Prüfpunkt
28-06-2015 15:13:41 Geplanter Prüfpunkt
03-07-2015 01:08:03 DirectX wurde installiert
09-07-2015 19:15:18 Removed Dual-Core Optimizer
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 07:26 - 2015-07-09 19:25 - 00000938 ____R C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0333FDCB-AA26-4F55-AA9C-CCE310750266} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-07-06] (Glarysoft Ltd)
Task: {0AB1A48C-3664-4127-B5CE-8386A0A9D5AB} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {5451D4B3-B4B8-42CE-9BEC-2DFCCC37CE06} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01] (Google Inc.)
Task: {677ACAC3-8332-4008-BF3C-04091672F5A2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {9DF37369-510C-4774-9C84-8E9F2CDA14E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {A5E40770-25C2-42EC-89C4-AD182E37DD51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01] (Google Inc.)
Task: {BC81D61C-F774-4254-B8A4-E82CAEB7D2A2} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-07-06] (Glarysoft Ltd)
Task: {DE1ED4F7-59B1-4436-819D-A7615A96A27B} - System32\Tasks\Core Temp Autostart Lynx => C:\Users\Lynx\Desktop\Tool\test\Coretemp\Core Temp.exe
Task: {E2685575-9DD3-48AE-8CCF-BF3F39419233} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-09-07 14:47 - 2014-09-05 09:40 - 00138272 _____ () C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
2014-09-07 14:47 - 2014-09-05 09:40 - 00219680 _____ () C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-11-06 14:03 - 2014-08-10 11:40 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-06-16 11:17 - 2015-06-16 11:17 - 00382584 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2013-03-26 23:33 - 2012-09-28 10:10 - 00200704 _____ () C:\Windows\SysWOW64\HsMgr.exe
2013-03-26 23:33 - 2012-09-28 10:10 - 00282112 _____ () C:\Windows\System\HsMgr64.exe
2015-06-05 20:57 - 2015-04-20 11:12 - 00790016 _____ () C:\Program Files\NetWorx\sqlite.dll
2015-06-05 20:57 - 2015-03-17 14:00 - 00160064 _____ () C:\Program Files\NetWorx\nfapi.dll
2013-04-02 14:14 - 2012-09-25 11:26 - 01163264 _____ () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
2014-04-15 22:28 - 2014-04-15 22:28 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-12-18 10:35 - 2014-09-28 18:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2015-07-06 08:27 - 2015-07-06 08:27 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2013-11-26 11:50 - 2012-09-28 10:10 - 00143360 ____N () C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll
2015-07-14 16:41 - 2015-07-13 23:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 16:41 - 2015-07-13 23:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
2013-04-02 14:13 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Lynx\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lynx\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\surface.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: SafeBox => 2
MSCONFIG\Services: UPDATESRV => 2
MSCONFIG\Services: VSSERV => 2
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{DBE0F4F0-F77D-4D85-9622-DEC53250D5CE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{9458107B-DA9C-46E1-910F-1BFB56DAC150}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{29CA44B7-E8C0-4DF7-8E4F-E1F3DBE297B9}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{7ABD0489-2CF2-44F5-96AD-BB6B31861520}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{8CC8CB97-9A52-4FE6-B217-647C70F8798C}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{7BACBBC6-3C95-4AF3-9747-059B5213E0E0}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{BC60BA31-2B2B-4478-9723-17F0FB2895EF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{99108D1E-CE15-415B-88A9-5289B25A2164}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D9AA73A4-BB09-4E57-964D-DCA7BFA38E3A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9B8C1D7C-A51E-479C-92DB-08796857EC03}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{288C92FF-5A29-4058-9182-4C5B74848720}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{B0695EC9-E741-437E-A8F7-00BB43090A62}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{611D58D1-7819-4724-97ED-C0581D48374D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{EA363283-5449-4781-B955-2C99EAA14D0C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{0AC24DBD-C0B6-4B7E-A03B-D6BDD28ED963}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{73DB0B9A-8698-40BD-9D39-F6719EF741E2}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{35ADF468-3DC0-4452-B2B0-763D264E2627}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [UDP Query User{26A70BBB-D016-412A-8646-3F458CDAF839}C:\program files (x86)\guild wars 2\gw2.exe] => (Block) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{F461AC8F-406C-4EC7-8E8C-D8E2BC6F877A}C:\program files (x86)\guild wars 2\gw2.exe] => (Block) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{CE542427-DE7B-43C1-AA5B-7ADAA3CBD98E}C:\program files (x86)\guild wars 2\gw2.tmp] => (Block) C:\program files (x86)\guild wars 2\gw2.tmp
FirewallRules: [TCP Query User{8C0EE13B-C9A1-4B57-9984-490A70778786}C:\program files (x86)\guild wars 2\gw2.tmp] => (Block) C:\program files (x86)\guild wars 2\gw2.tmp
FirewallRules: [{2050AAF9-ABCF-4F2C-9CB6-099556BF0126}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{1AA99CEB-4983-4477-B285-D7CF6D02A654}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{A92185F9-3B5C-4A2B-BCF3-2F81AD335F85}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{E58863C2-A668-4C65-B16D-B8B7CE39EB7F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [TCP Query User{D8CB9252-7FA6-40B8-8243-7D3F006A36C5}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{41B1F62B-CFE2-4634-945B-4FA5C7CCEF33}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{BD3327D6-9A8B-4653-890F-0271C9F507CB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CBE646C9-66A7-4973-B252-DDD4E35AC527}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{4291A19C-4A97-4F5B-9304-F79AE04E5906}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BD5A82C1-93BD-40D7-B8FC-702B8F9E232E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A01E36C6-62E8-4950-9213-E112614EA1CA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2770E487-4C59-4520-9F4A-497182DCAC23}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2C1E8A4A-77B0-4826-AE75-C8B877899670}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{B68883A5-6184-423A-AC0F-3D66D3960E72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{A98AF0D8-2BB3-4D80-ADCF-21A953F2CE8A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Darksiders\DarksidersPC.exe
FirewallRules: [{0543D67D-2A0E-479C-A52D-7CE1E01A8F4F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Darksiders\DarksidersPC.exe
FirewallRules: [TCP Query User{A3047585-CFFA-4D53-A5F9-A3502207B1D1}C:\users\lynx\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.351\pluginhost.exe] => (Allow) C:\users\lynx\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.351\pluginhost.exe
FirewallRules: [UDP Query User{6C0906B5-5D4F-4E36-91F1-29C3BD261706}C:\users\lynx\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.351\pluginhost.exe] => (Allow) C:\users\lynx\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.351\pluginhost.exe
FirewallRules: [{A52DD8D9-70CA-4C98-B61D-2657D3B25D21}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{7EE71D7A-B81C-4915-A013-DA64D6198830}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{59696D70-2F61-4978-9C8A-ADDE9EE90DE0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{EA62C5D5-69C6-4497-956A-76B267D9116E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{B9079510-5B2F-4182-8AAE-12CD76B8EEED}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{B2273F9C-BFB6-4D14-AE3E-9B00F4937129}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/14/2015 04:47:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (07/14/2015 12:24:23 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (07/14/2015 11:28:11 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (07/13/2015 11:50:21 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (07/12/2015 01:27:20 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (07/12/2015 10:34:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003d85e
ID des fehlerhaften Prozesses: 0x1c5c
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5
Error: (07/12/2015 10:29:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AVKTray.exe, Version: 25.1.15062.313, Zeitstempel: 0x54f534d0
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0236002a
ID des fehlerhaften Prozesses: 0x988
Startzeit der fehlerhaften Anwendung: 0xAVKTray.exe0
Pfad der fehlerhaften Anwendung: AVKTray.exe1
Pfad des fehlerhaften Moduls: AVKTray.exe2
Berichtskennung: AVKTray.exe3
Vollständiger Name des fehlerhaften Pakets: AVKTray.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AVKTray.exe5
Error: (07/12/2015 09:23:32 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (07/11/2015 10:21:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (07/11/2015 12:04:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 378
Startzeit: 01d0bad95952bec1
Endzeit: 0
Anwendungspfad: C:\WINDOWS\Explorer.EXE
Berichts-ID: 9f3a878f-274f-11e5-8229-bc5ff49b57b2
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
System errors:
=============
Error: (07/14/2015 08:51:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/14/2015 08:51:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst InstallDriver Table Manager erreicht.
Error: (07/14/2015 08:51:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/14/2015 08:51:05 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Error: (07/14/2015 08:51:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 14.07.2015 um 20:49:20 unerwartet heruntergefahren.
Error: (07/14/2015 02:58:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/14/2015 02:58:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst InstallDriver Table Manager erreicht.
Error: (07/14/2015 02:58:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/14/2015 02:58:02 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Error: (07/14/2015 12:09:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office:
=========================
Error: (07/14/2015 04:47:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)
Error: (07/14/2015 12:24:23 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)
Error: (07/14/2015 11:28:11 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)
Error: (07/13/2015 11:50:21 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)
Error: (07/12/2015 01:27:20 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)
Error: (07/12/2015 10:34:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85e1c5c01d0bc7cedd331acC:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dllc9f8cae3-2870-11e5-822b-bc5ff49b57b2
Error: (07/12/2015 10:29:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AVKTray.exe25.1.15062.31354f534d0unknown0.0.0.000000000c00000050236002a98801d0bc655e322fdaC:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exeunknown2c399a69-2870-11e5-822b-bc5ff49b57b2
Error: (07/12/2015 09:23:32 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)
Error: (07/11/2015 10:21:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)
Error: (07/11/2015 12:04:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.1766737801d0bad95952bec10C:\WINDOWS\Explorer.EXE9f3a878f-274f-11e5-8229-bc5ff49b57b2
CodeIntegrity Errors:
===================================
Date: 2015-07-14 20:50:58.160
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-07-14 14:57:56.456
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-07-14 12:08:29.425
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-07-14 11:11:32.722
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-07-13 11:28:03.831
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-07-12 13:06:22.503
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-07-12 07:40:58.768
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-07-11 20:51:07.299
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-07-10 08:22:06.769
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-07-09 20:04:52.113
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 36%
Total physical RAM: 8162.86 MB
Available physical RAM: 5218.23 MB
Total Virtual: 12762.86 MB
Available Virtual: 8558.76 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:209.34 GB) (Free:52.23 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:185.53 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:465.76 GB) (Free:214.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive g: (MobileWiFi) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive i: () (Removable) (Total:7.53 GB) (Free:7.25 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E1CD7899)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=209.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: C2C51141)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 047C8D10)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End of log ============================
GMER Musste ich im abgesicherten Modus ausführen, da er sonst immer abgestürzt ist. Code:
ATTFilter 5GMER Logfile: Lynx Geändert von lynx007 (14.07.2015 um 22:02 Uhr) |
| Themen zu Gdata geht auf 100% PC friert für Minuten ein |
| 100%, bitdefender, browser, computer, cpu-z, defender, fehler, forum, freeze, friert, gdata, internet, keylogger, launch, neu, nicht geladen, notebook, programm, reset, scan, sekunden, senden, software, suche, treiber, warnung, win 10, wurm |
Baum-Darstellung