| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Festplatte füllt sich selbstständig nach dem Hochfahren, Speicherplatz grundlos auf allen Partitionen immer wieder vollWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.07.2015, 13:20
| #1 |
| |  Festplatte füllt sich selbstständig nach dem Hochfahren, Speicherplatz grundlos auf allen Partitionen immer wieder voll Hallo Trojaner-Board, Meine Festplatte müllt sich automatisch zu. Die letzten Boots war die Partition jedes mal randvoll (4KB platz). Auch habe ich das Gefühl, dass sich C: sowie E: ebenfalls stetig füllen. Ich habe erst immer wieder für Platz gesorgt (Windows-Schattenkopien und Wiederherstellungspunkte bis auf den letzten gelöscht) und einige Daten auf meine externe Festplatte geschoben. So hatte ich beim letzten Boot 22 GB frei auf D:. Beim Herunterfahren hat Windows (7Ultimate 64Bit) Updates installiert und nach dem Boot waren auf D dann nur noch 16GB frei. Ich denke nicht, dass dies die Windows-Updates waren und hab mich sofort hier angemeldet. (Edit: jetzt sind es noch 14 GB) Ich nutze Avast! und immer wieder führe ich Scans mit Malwarebytes aus. Beide lieferten mir bisher keine Ergebnisse. Bemerkenswerterweise hat Avast! beim download die FRST-exe geblockt und gelöscht. Hab es dann deaktiviert für 10 Minuten. Deswegen ist es in den Logs nicht aktiv. Ps.: ich hatte zuvor schon zwei, drei mal Probleme beim Booten. Da hat Windows eine Systemwiederherstellung beim letzten Punkt gemacht und die Kiste startete wieder normal. Kam mir auch schon seltsam vor, aber meine Virenscanner haben nichts verdächtiges aufgespürt. defrogger-Log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:35 on 17/07/2015 (Luke)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Luke (administrator) on PHLOGISTON on 17-07-2015 13:28:42
Running from C:\Users\Luke\Downloads
Loaded Profiles: Luke (Available Profiles: Luke)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Users\Luke\AppData\Local\Amazon Music\Amazon Music Helper.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Spotify Ltd) C:\Users\Luke\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Lifehacker) C:\Program Files (x86)\Belvedere\Belvedere.exe
(Dropbox, Inc.) C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) E:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7284328 2011-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2011-08-29] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-07-14] (LogMeIn Inc.)
HKU\S-1-5-21-1099707059-2751745762-4178213917-1000\...\Run: [Dropbox Update] => C:\Users\Luke\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-1099707059-2751745762-4178213917-1000\...\Run: [Spotify Web Helper] => C:\Users\Luke\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2023480 2015-07-01] (Spotify Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-10-25] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Belvedere.lnk [2015-03-13]
ShortcutTarget: Belvedere.lnk -> C:\Program Files (x86)\Belvedere\Belvedere.exe (Lifehacker)
Startup: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-11-06]
ShortcutTarget: Dropbox.lnk -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-24] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
GroupPolicyScripts: Group Policy detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1099707059-2751745762-4178213917-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-24] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-03] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-24] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-03] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Tcpip\..\Interfaces\{4C35D314-845D-44A2-BDFE-BDD5CBDA6233}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F6226218-F753-4795-86CC-864925D7143F}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\l8mr6434.default-1422489936106
FF DefaultSearchEngine: Ixquick HTTPS - Deutsch
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-1099707059-2751745762-4178213917-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-05-29] (Sony Network Entertainment International LLC)
FF Plugin HKU\S-1-5-21-1099707059-2751745762-4178213917-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-05-04] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\l8mr6434.default-1422489936106\searchplugins\ixquick-https---deutsch.xml [2015-07-14]
FF SearchPlugin: C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\l8mr6434.default-1422489936106\searchplugins\ixquick-https.xml [2015-07-14]
FF SearchPlugin: C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\l8mr6434.default-1422489936106\searchplugins\youtube-videosuche.xml [2015-02-27]
FF Extension: Block site - C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\l8mr6434.default-1422489936106\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-06-15]
FF Extension: Ghostery - C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\l8mr6434.default-1422489936106\Extensions\firefox@ghostery.com.xpi [2015-06-15]
FF Extension: ProxTube - C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\l8mr6434.default-1422489936106\Extensions\ich@maltegoetz.de.xpi [2015-01-29]
FF Extension: FocusBlocker - C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\l8mr6434.default-1422489936106\Extensions\jid1-AI8toZ8WSx5oLA@jetpack.xpi [2015-01-29]
FF Extension: Adblock Plus - C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\l8mr6434.default-1422489936106\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-18]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-24]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-24] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-04-24] (Avast Software)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S3 Cherry Device Interface; C:\Program Files (x86)\Cherry\CDI\cdi.exe [577582 2010-08-25] (ZF Electronics GmbH) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-23] (NVIDIA Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-07-14] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-23] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1001200 2015-07-09] (Overwolf LTD)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-24] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-24] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-24] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-24] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-24] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-24] (Avast Software)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-17 13:28 - 2015-07-17 13:28 - 02133504 _____ (Farbar) C:\Users\Luke\Downloads\FRST64.exe
2015-07-17 13:28 - 2015-07-17 13:28 - 00022344 _____ C:\Users\Luke\Downloads\FRST.txt
2015-07-17 13:28 - 2015-07-17 13:28 - 00000000 ____D C:\FRST
2015-07-17 12:19 - 2015-07-17 12:19 - 06639264 _____ (JAM Software ) C:\Users\Luke\Downloads\TreeSizeFreeSetup.exe
2015-07-17 12:19 - 2015-07-17 12:19 - 00000000 ____D C:\Users\Luke\AppData\Roaming\JAM Software
2015-07-17 12:19 - 2015-07-17 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2015-07-17 12:19 - 2015-07-17 12:19 - 00000000 ____D C:\Program Files (x86)\JAM Software
2015-07-16 15:07 - 2015-07-16 15:07 - 00009897 _____ C:\Users\Luke\Downloads\netgear.txt
2015-07-15 16:31 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 16:31 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 16:31 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 16:31 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 16:31 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 16:31 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 16:31 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 16:31 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 16:31 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 16:30 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 16:30 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 16:30 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 16:30 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 16:30 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 16:30 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 16:30 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 16:30 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 16:30 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 16:30 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 16:30 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 16:30 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 16:29 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 16:29 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 16:29 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 16:29 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 16:29 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 16:29 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 16:29 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 16:29 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 16:29 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 16:29 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 16:29 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 16:29 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 16:29 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 16:29 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 16:29 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 16:29 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 16:29 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 16:29 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 16:29 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 16:29 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 16:29 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 16:29 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 16:29 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 16:29 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 16:29 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 16:29 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 16:29 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 16:29 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 16:28 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 16:28 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 16:28 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 16:28 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 16:28 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 16:28 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 16:28 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 16:28 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 16:28 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 16:28 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 16:28 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 16:28 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 16:28 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 16:28 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 16:28 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 16:28 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 16:26 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 16:26 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 16:25 - 2015-07-03 20:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-15 16:25 - 2015-07-03 20:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 16:25 - 2015-07-03 20:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-15 16:25 - 2015-07-03 20:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-15 16:25 - 2015-07-03 19:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-15 16:25 - 2015-07-03 19:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-15 16:25 - 2015-07-03 19:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-15 16:25 - 2015-07-03 19:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-15 16:25 - 2015-07-03 18:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 16:25 - 2015-07-03 18:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 16:25 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 16:25 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 16:25 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 16:25 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 16:25 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 16:25 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 16:25 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 16:25 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 16:25 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 16:25 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 16:25 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 16:25 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 16:25 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 16:25 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 16:25 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 16:25 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 16:25 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 16:25 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 16:25 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 16:25 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 16:25 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 16:25 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 16:25 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 16:25 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 16:25 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 16:25 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 16:25 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 16:25 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 16:25 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 16:25 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 16:25 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 16:25 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 16:25 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 16:25 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 16:25 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 16:25 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 16:25 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 16:25 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 16:25 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 16:25 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 16:25 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 16:25 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 16:25 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 16:25 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 16:25 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 16:25 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 16:25 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 16:25 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 16:25 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 16:25 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 16:25 - 2015-06-11 19:56 - 01112576 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 16:25 - 2015-06-11 19:16 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-07-15 16:25 - 2015-06-11 19:15 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-07-15 00:17 - 2015-07-15 00:17 - 00002811 _____ C:\Users\Luke\Downloads\Tshut.rar
2015-07-14 22:20 - 2015-07-14 22:20 - 01187520 _____ (Adobe Systems Incorporated) C:\Users\Luke\Downloads\flashplayer18au_ha_install.exe
2015-07-14 19:41 - 2015-07-14 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-07-14 19:41 - 2015-07-14 19:41 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-07-14 19:29 - 2015-07-14 19:29 - 00000087 _____ C:\Users\Luke\Desktop\123 studierne.txt
2015-07-13 18:04 - 2015-07-13 18:04 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Sony Creative Software Inc
2015-07-12 21:17 - 2015-07-12 21:17 - 00000000 ____D C:\Users\Luke\Downloads\Arctic Monkeys - The View From The Afternoon
2015-07-12 12:24 - 2015-07-12 12:24 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-10 22:39 - 2015-07-16 10:42 - 00000000 ____D C:\Users\Luke\Desktop\fat lip
2015-07-09 03:41 - 2015-07-10 16:38 - 00000425 _____ C:\Users\Luke\Desktop\drumcoverlist neu.txt
2015-07-08 18:40 - 2015-07-08 18:40 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-07-08 18:32 - 2015-07-08 18:38 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2015-07-08 18:27 - 2015-07-08 18:27 - 00002102 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-07-07 00:18 - 2015-07-07 00:19 - 00000000 ____D C:\Users\Luke\Downloads\Tool - Right in Two [1080p HD]
2015-07-06 00:18 - 2015-07-07 00:21 - 00000000 ____D C:\Users\Luke\Downloads\DBS 01 Ger Sub
2015-07-04 15:39 - 2015-07-04 19:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-27 14:01 - 2015-06-27 14:06 - 00000000 ____D C:\Users\Luke\Downloads\Enhanced_Environment
2015-06-22 17:23 - 2015-06-22 17:23 - 00000222 _____ C:\Users\Luke\Desktop\Insurgency.url
2015-06-22 16:59 - 2015-06-22 16:59 - 00000221 _____ C:\Users\Luke\Desktop\S.T.A.L.K.E.R. Call of Pripyat.url
2015-06-22 13:22 - 2015-06-22 13:22 - 05847992 _____ C:\Users\Luke\Downloads\LOM_Realtek_W7_A02_Setup-G6XW2_ZPE.exe
2015-06-20 18:38 - 2015-06-20 18:38 - 00319349 _____ C:\Users\Luke\Documents\ts3_clientui-win64-1407159763-2015-06-20 18_38_53.147176.dmp
2015-06-19 12:31 - 2015-06-19 12:31 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-17 16:07 - 2015-06-17 16:07 - 00000852 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-17 13:27 - 2014-10-18 23:41 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-17 13:17 - 2015-01-02 04:00 - 00000000 ____D C:\Users\Luke\AppData\Local\LogMeIn Hamachi
2015-07-17 13:14 - 2015-01-18 23:50 - 00005076 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Phlogiston-Luke Phlogiston
2015-07-17 13:08 - 2015-06-16 19:03 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1099707059-2751745762-4178213917-1000UA.job
2015-07-17 12:54 - 2009-07-14 06:45 - 00020800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-17 12:54 - 2009-07-14 06:45 - 00020800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-17 12:52 - 2014-10-18 20:12 - 01603146 _____ C:\Windows\WindowsUpdate.log
2015-07-17 12:47 - 2014-11-06 22:26 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Dropbox
2015-07-17 12:45 - 2014-10-18 21:01 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-17 12:45 - 2014-10-18 20:27 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-17 12:45 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-17 12:45 - 2009-07-14 06:51 - 00136707 _____ C:\Windows\setupact.log
2015-07-17 12:43 - 2014-11-15 02:21 - 00000000 ____D C:\Users\Luke\AppData\Roaming\AIMP3
2015-07-17 12:25 - 2009-07-14 19:58 - 00699666 _____ C:\Windows\system32\perfh007.dat
2015-07-17 12:25 - 2009-07-14 19:58 - 00149774 _____ C:\Windows\system32\perfc007.dat
2015-07-17 12:25 - 2009-07-14 07:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-16 19:08 - 2015-06-16 19:03 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1099707059-2751745762-4178213917-1000Core.job
2015-07-16 17:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 16:37 - 2015-03-29 14:56 - 00000000 ____D C:\Users\Luke\AppData\Local\Battle.net
2015-07-16 10:42 - 2014-10-25 02:08 - 00000000 ____D C:\Users\Luke\AppData\Roaming\vlc
2015-07-16 10:31 - 2014-10-21 16:46 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-16 10:16 - 2009-07-14 06:45 - 00590128 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-16 04:13 - 2015-06-09 00:44 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 23:16 - 2014-12-14 17:15 - 00000000 ____D C:\Program Files (x86)\Overwolf
2015-07-14 22:21 - 2014-10-18 23:41 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 22:21 - 2014-10-18 23:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 22:21 - 2014-10-18 23:41 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 22:21 - 2014-10-18 23:40 - 00000000 ____D C:\Users\Luke\AppData\Local\Adobe
2015-07-14 11:44 - 2015-01-29 13:38 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-07-13 22:18 - 2015-02-09 23:31 - 00000000 ____D C:\Users\Luke\Documents\_Dokumente Lukas
2015-07-13 19:15 - 2014-10-21 12:45 - 00000000 ____D C:\Users\Luke\AppData\Local\JDownloader v2.0
2015-07-12 19:11 - 2014-10-19 11:40 - 00290850 _____ C:\Windows\PFRO.log
2015-07-08 22:01 - 2015-04-08 00:21 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Sony
2015-07-08 19:02 - 2015-06-14 15:05 - 00000000 ____D C:\Users\Luke\AppData\Roaming\NVIDIA
2015-07-08 18:57 - 2015-04-08 00:23 - 00000000 ____D C:\Users\Luke\AppData\Local\Sony
2015-07-08 18:57 - 2014-10-18 20:18 - 00000000 ____D C:\Users\Luke
2015-07-08 18:41 - 2015-04-08 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-07-08 18:41 - 2015-04-08 00:23 - 00000000 ____D C:\Program Files (x86)\Sony
2015-07-08 18:30 - 2014-10-18 20:22 - 00162282 _____ C:\Windows\DPINST.LOG
2015-07-08 18:26 - 2015-04-08 00:23 - 00000000 ____D C:\ProgramData\Sony
2015-07-08 18:26 - 2014-10-18 20:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-08 17:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-05 09:42 - 2014-10-21 17:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-03 08:43 - 2010-02-10 00:33 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-01 14:22 - 2015-05-25 14:11 - 00000000 ____D C:\Users\Luke\AppData\Local\Spotify
2015-07-01 13:42 - 2015-05-25 14:11 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Spotify
2015-06-27 14:56 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-27 11:37 - 2014-10-18 21:01 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-25 15:33 - 2014-10-18 21:31 - 00177923 _____ C:\Windows\DirectX.log
2015-06-25 00:59 - 2015-01-13 15:42 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-06-25 00:59 - 2014-10-21 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-25 00:59 - 2009-07-14 20:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-25 00:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-06-25 00:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-06-23 13:30 - 2010-02-10 00:35 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-19 12:31 - 2014-10-21 16:45 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
Some files in TEMP:
====================
C:\Users\Luke\AppData\Local\Temp\CM.Launcher.Win.exe
C:\Users\Luke\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpizz98z.dll
C:\Users\Luke\AppData\Local\Temp\KloDeluxeDemo.exe
C:\Users\Luke\AppData\Local\Temp\Newtonsoft.Json.dll
C:\Users\Luke\AppData\Local\Temp\NLog.dll
C:\Users\Luke\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Luke\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Luke\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Luke\AppData\Local\Temp\nvStInst.exe
C:\Users\Luke\AppData\Local\Temp\ose00000.exe
C:\Users\Luke\AppData\Local\Temp\proxy_vole8271648426594794728.dll
C:\Users\Luke\AppData\Local\Temp\sdan.exe
C:\Users\Luke\AppData\Local\Temp\sdapk.exe
C:\Users\Luke\AppData\Local\Temp\sdaspwn.exe
C:\Users\Luke\AppData\Local\Temp\System.Core.dll
C:\Users\Luke\AppData\Local\Temp\System.Xml.Linq.dll
C:\Users\Luke\AppData\Local\Temp\vlc-2.2.1-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-13 03:12
==================== End of log ============================
Addition.txt Log: [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Luke at 2015-07-17 13:29:18
Running from C:\Users\Luke\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1099707059-2751745762-4178213917-500 - Administrator - Disabled)
Gast (S-1-5-21-1099707059-2751745762-4178213917-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1099707059-2751745762-4178213917-1002 - Limited - Enabled)
Luke (S-1-5-21-1099707059-2751745762-4178213917-1000 - Administrator - Enabled) => C:\Users\Luke
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.33 - STMicroelectronics)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: - )
Advanced Video FX Engine (HKLM-x32\...\Advanced Video FX Engine) (Version: - )
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1355, 14.07.2014 - AIMP DevTeam)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version: - Creative Assembly)
Amazon Music (HKU\S-1-5-21-1099707059-2751745762-4178213917-1000\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Belvedere 0.7.1 (HKLM-x32\...\Belvedere) (Version: 0.7.1 - Lifehacker)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - Canon Inc.)
Chivalry BETA (HKLM-x32\...\Steam App 232210) (Version: - )
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
Das Orakel von Miehr 4.00 (HKLM-x32\...\Das Orakel von Miehr 4.00) (Version: 4.00 - Philipp Winterberg)
Dell System Detect (HKU\S-1-5-21-1099707059-2751745762-4178213917-1000\...\73f463568823ebbe) (Version: 6.1.0.3 - Dell)
Dell Webcam Center (HKLM-x32\...\Dell Webcam Center) (Version: - )
Dell Webcam Manager (HKLM-x32\...\Dell Webcam Manager) (Version: - )
Dropbox (HKU\S-1-5-21-1099707059-2751745762-4178213917-1000\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
ffdshow v1.3.4532 [2014-07-17] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4532.0 - )
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
Guitar Pro 6 [cw2k Edition] Version 6.1.5 r11553 (HKLM-x32\...\Guitar Pro 6 [cw2k Edition]_is1) (Version: 6.1.5 r11553 - Arobas Music)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}) (Version: 14.03.0000 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JPEGmini (HKU\S-1-5-21-1099707059-2751745762-4178213917-1000\...\5d2010e174743543) (Version: 1.8.26.1 - ICVT Ltd)
KeyMan V4.0 Build 6 (HKLM-x32\...\{DC627AE5-A2B1-4D16-AF56-178D10EC3E81}) (Version: 4.0.0.6 - ZF Friedrichshafen AG)
KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.130 - PandoraTV)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.377 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.377 - LogMeIn, Inc.) Hidden
Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
MAGIX Screenshare (HKLM-x32\...\{AAE31374-02C2-452E-88EC-2F16D92731A9}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{8B8BF55D-6561-4911-A7C1-33D90F3FB989}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 17 Premium Download-Version (HKLM-x32\...\MAGIX_MSI_Videodeluxe17_premium) (Version: 10.0.0.32 - MAGIX AG)
MAGIX Video deluxe 17 Premium Download-Version (x32 Version: 10.0.0.32 - MAGIX AG) Hidden
MAGIX Video Pro X6 (HKLM\...\MX.{CBC84EDA-E830-4240-9392-325C3E6D5DCA}) (Version: 13.0.4.2 - MAGIX Software GmbH)
MAGIX Video Pro X6 (Version: 13.0.4.2 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X6 64 bit Update (Version: 13.0.5.9 - MAGIX AG) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{1CBCA994-0290-49AD-98D3-9013A0F102E6}) (Version: 2.9.406 - Sony)
Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony)
Media Go Video Playback Engine 2.16.108.12020 (HKLM-x32\...\{D4E76014-8D95-87D9-991F-287823C60736}) (Version: 2.16.108.12020 - Sony)
METAL GEAR SOLID V: GROUND ZEROES (HKLM-x32\...\Steam App 311340) (Version: - Kojima Productions)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Mozilla Thunderbird 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.54.10 - Black Tree Gaming)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Grafiktreiber 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.87.22.0 - Overwolf Ltd.)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.22 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.34.1130.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version: - GSC Game World)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
Spotify (HKU\S-1-5-21-1099707059-2751745762-4178213917-1000\...\Spotify) (Version: 1.0.7.157.g2a6526f9 - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.22.0 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKU\S-1-5-21-1099707059-2751745762-4178213917-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Telegram Desktop Version 0.7.17 (HKU\S-1-5-21-1099707059-2751745762-4178213917-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.7.17 - Telegram Messenger LLP)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Tom Clancy's Splinter Cell Blacklist (HKLM-x32\...\Steam App 235600) (Version: - Ubisoft Toronto)
TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Unreal (HKLM-x32\...\{8FDBE1E8-2922-4750-9E4B-6B28CA67DBBB}) (Version: - )
Uplay (HKLM-x32\...\Uplay) (Version: 6.1 - Ubisoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{6592B670-2680-11E3-B0E0-F04DA23A5C58}) (Version: 12.0.726 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
Windows-Treiberpaket - Intel (NETwLv64) net (10/07/2010 13.4.0.139) (HKLM\...\EA1C8ECD4E416637C38F0079F98C8C7B0A112265) (Version: 10/07/2010 13.4.0.139 - Intel)
Windows-Treiberpaket - Intel (NETwNs64) net (10/27/2011 14.3.0.6) (HKLM\...\75AC60724563D6CE4EC173A96E919948760F0DFE) (Version: 10/27/2011 14.3.0.6 - Intel)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1099707059-2751745762-4178213917-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1099707059-2751745762-4178213917-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1099707059-2751745762-4178213917-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1099707059-2751745762-4178213917-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1099707059-2751745762-4178213917-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1099707059-2751745762-4178213917-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1099707059-2751745762-4178213917-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1099707059-2751745762-4178213917-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1099707059-2751745762-4178213917-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1099707059-2751745762-4178213917-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
==================== Restore Points =========================
14-07-2015 19:29:36 Windows Update
16-07-2015 04:05:37 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {21D961CC-1AED-4990-B4EB-C054CD148B24} - System32\Tasks\avastBCLRestartS-1-5-21-1099707059-2751745762-4178213917-1000 => Firefox.exe
Task: {438F9CE2-4892-4842-93DF-CEFABFCDF66F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {4C509744-C607-465A-9301-E93F8DF11D55} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Phlogiston-Luke Phlogiston => D:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {55F97F2C-3492-4D65-ACF8-8B0F994D81E3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {5B6F1CBF-85D1-445D-872A-0266FFF92197} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {691B9316-A5B4-4AE6-83C7-80385CABEBB1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {82AB675D-34D3-44D6-A996-BAF9F5391DF3} - System32\Tasks\Amazon Music Helper => C:\Users\Luke\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-10-15] ()
Task: {8EA238DE-C280-4029-B28B-DCE5D2D2DB45} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-07-09] (Overwolf LTD)
Task: {ADF15F6F-7894-421F-A8D9-93A7E0BD12CE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1099707059-2751745762-4178213917-1000Core => C:\Users\Luke\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {B930FA1B-0542-4B5A-8B6C-676CCAD10D96} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {C5F83DCB-ECD9-43D2-BA9E-CE353258F25A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1099707059-2751745762-4178213917-1000UA => C:\Users\Luke\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {D83D64E1-2146-49F2-BD6A-D0F42921E77B} - System32\Tasks\{3FA28211-D461-41E1-995E-150FE850602A} => pcalua.exe -a "C:\Users\Luke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T24ZR4W\Firefox%20Setup%20Stub%2033.0[1].exe" -d C:\Users\Luke\Desktop
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1099707059-2751745762-4178213917-1000Core.job => C:\Users\Luke\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1099707059-2751745762-4178213917-1000UA.job => C:\Users\Luke\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-06-01 20:25 - 2015-05-28 06:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-17 00:00 - 2014-10-15 07:35 - 06281024 _____ () C:\Users\Luke\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-10-18 20:38 - 2011-07-25 09:43 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2015-04-24 00:05 - 2015-04-24 00:05 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-24 00:05 - 2015-04-24 00:05 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-17 11:44 - 2015-07-17 11:44 - 02956800 _____ () C:\Program Files\AVAST Software\Avast\defs\15071700\algo.dll
2015-05-03 16:38 - 2015-05-23 03:48 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-07-17 12:45 - 2015-07-17 12:45 - 00043008 _____ () c:\users\luke\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpizz98z.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00750080 _____ () C:\Users\Luke\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00047616 _____ () C:\Users\Luke\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00865280 _____ () C:\Users\Luke\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00200704 _____ () C:\Users\Luke\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Luke\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00726016 _____ () C:\Users\Luke\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Luke\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-04-24 00:05 - 2015-04-24 00:05 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-04-24 00:05 - 2015-04-24 00:05 - 00985600 _____ () C:\Program Files\AVAST Software\Avast\ffmpegsumo.dll
2015-05-21 21:48 - 2015-06-08 21:23 - 00153712 _____ () E:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-05-21 21:48 - 2015-06-08 21:23 - 00023152 _____ () E:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-07-14 22:21 - 2015-07-14 22:21 - 17448624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1099707059-2751745762-4178213917-1000\...\dell.com -> dell.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1099707059-2751745762-4178213917-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: IePluginServices => 2
MSCONFIG\startupfolder: C:^Users^Luke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk => C:\Windows\pss\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk.Startup
MSCONFIG\startupreg: Amazon Music => "C:\Users\Luke\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: CherryKeyMan => "C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DELL Webcam Manager => "C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" /s
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Luke\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TrayServer => C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{68A0F347-4DEE-4404-9AEB-67E36FE31839}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DB3B1440-40B1-41B5-8CEA-6B3C59444506}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A1FFD750-CB2D-4596-9AB5-4CA6EFDA5443}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{142F7668-D366-466D-9211-AAAFDF511813}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{D57E5FFA-9A21-4685-B68D-CD26EC4090D6}E:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{4842F0C5-DE20-413D-A53B-579E97CC0806}E:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [{1A78BA98-B6D1-4262-99CF-0F70DB33B50C}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{EE64431A-C294-4802-AE38-8184DEBE011E}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{005D1974-77F8-463F-8A37-3D240FE51EF1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C829019E-B69C-4C95-95D1-6CDFEBD1F0B6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1C5DE33A-823D-4513-88B1-B176316B6C3F}] => (Allow) C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{46CFA811-581C-41AD-93F2-AE1665D2AC4D}] => (Allow) C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{AACBDC61-1153-4EFE-A1E6-2938A539CCD5}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{BACECE9A-060B-4871-B28C-EA7856AB44E8}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [TCP Query User{D250555A-5F89-49B8-91B6-926B4090D06E}C:\users\luke\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\luke\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{FEC7C8B3-75BD-4897-9FD8-A73E9C0EB150}C:\users\luke\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\luke\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{945704B3-A83A-43D6-A6EF-ED31F089E17A}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [{AA9B756A-628D-4816-A52A-FEF22545B56D}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [{4A073D9A-BE1A-45B1-8375-E0552C2E126D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3247F0DB-0A36-451D-9047-FFBCB910BD56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{527B56AB-EC4E-4AFC-A21D-1552D1970665}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BDA9D6CD-5204-44BD-9986-47E54BEBAB89}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{1EC01D49-9F25-4556-A2DC-B3489EFB928F}D:\spiele\beat hazard ultra\beathazard.exe] => (Block) D:\spiele\beat hazard ultra\beathazard.exe
FirewallRules: [UDP Query User{CDFC0E39-A998-468F-A0FD-3994B756F8CA}D:\spiele\beat hazard ultra\beathazard.exe] => (Block) D:\spiele\beat hazard ultra\beathazard.exe
FirewallRules: [{00C5E7E1-1EFD-4469-8686-5381F117EFA5}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{686570D0-53C0-44EC-987C-992CEB6A7FCB}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{1A295504-E9FA-4173-8EBF-9B91FFF3F941}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{E790160C-1965-469C-8ED3-27F837569CCD}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{9B6A7FA7-9BC1-43E7-94AD-F7F74CF798ED}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9F6AF7BE-1625-4CD4-8308-2D895AB1959D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{57BACC02-BBC1-41FD-AB95-B0912633CAAF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F5603C66-FADE-4CB4-9BA5-D58FB315BE35}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{EC85AA4E-EA64-43B5-B2A2-A9D5687828CF}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{7ED735ED-15B0-4C5E-AA14-A82402C35A0A}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{8B387620-46CC-43A9-866A-3B1D088098AB}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{2D984F0F-9597-4617-A471-08293867C480}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{B327E413-7AA0-4BF2-9607-C3856AC88B5C}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{FCD449D4-40D7-4233-8883-6FE314AFED50}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{FC49DDB0-C6DA-4872-95A8-49CF8CBB7D03}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{8A9C104F-4D82-4DDD-8914-A3EA35C1D3EA}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{B9502F5E-6DA9-482C-9C8D-A263421EF60B}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe
FirewallRules: [{50AD301D-BE5F-4758-B1AE-DCF3F9B02233}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe
FirewallRules: [{1CE26D28-643F-4DEB-93B0-E287C5196172}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{13C80AE9-0707-4E45-A7D1-9EEA1EE0F220}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{0ABB4A96-DBFA-4BDA-A860-00D9B73EBE43}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{4DBF1BBC-9943-4412-B1BC-F508E9958682}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{FF75D4F0-A1C6-44CF-80DB-AF689DC08182}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe
FirewallRules: [{A24FA761-0CC1-4070-86C9-EAF57CC0144A}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe
FirewallRules: [{079BC13F-D0FC-481C-B94E-782D7A99128B}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [{4EA9D028-C36F-4C5C-85E5-D5BD751EC60F}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [{15A20206-B93E-41F4-BA94-67E20724FB3D}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{6A3605FA-2472-4BFD-BD20-AFA47FEB4D3C}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{488AA005-6952-49DA-8286-ACF23B0E286F}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1F49B4BD-2F62-49BD-B8C2-1CCA96ED0EA4}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D30069F5-18DA-463A-81FE-08EBE0179BCC}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E0455ED9-7826-4189-AED7-AA76E022E54A}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8D4387B1-BB44-487C-92E0-6B90505ACCB5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D71CAD6B-38D2-4003-A301-820B8834EA7A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4E9423BC-8818-448B-AF0F-C01DBF2463E4}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1CA4FBF1-C93F-4275-BB98-3B7E3EAA1ED3}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{53F8628D-5772-40D3-83BA-9FB1AA1A0B6D}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{D112BA90-28D5-4EF8-B8E9-FD3F1A153B23}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{DCCC9FAD-59A7-4F1B-92DC-46CE606F7E4E}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{409B59F7-5BA7-4A95-A8BB-8617D60A1C81}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [TCP Query User{9E41A288-1482-441D-98B1-BA50B0173930}E:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{779C746D-8E2A-4A40-B1A0-90DFAB1240E7}E:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{B685B9CF-1CDC-48F4-AA1F-4717986084B8}] => (Block) E:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{9F4DE447-72B3-4897-B2FB-6CE5C2453CED}] => (Block) E:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{260D447F-36A6-4D86-A7C4-864540E700F1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1AEC0B06-5591-4221-8E5D-6D50DA4E51BB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{1C5554D9-0E34-48DF-9A57-88DC332ED6CE}E:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) E:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe
FirewallRules: [UDP Query User{7B4DFF5F-69E7-4302-A9E8-B47BCD923827}E:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) E:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe
FirewallRules: [{99DE87B5-E1CF-4248-A5E4-A67C28B8C554}] => (Allow) E:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe
FirewallRules: [{E219951D-95C0-4836-B027-E331A3E18883}] => (Allow) E:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe
FirewallRules: [{D6CF1EBB-E10C-408D-8FC4-11AF017D0404}] => (Allow) E:\Spiele\Battle.net\Battle.net.exe
FirewallRules: [{0995CAFF-FDD9-4394-89F8-1B04C01EB3BC}] => (Allow) E:\Spiele\Battle.net\Battle.net.exe
FirewallRules: [{6F590118-0B02-4C8F-8A16-654A6FFB8123}] => (Allow) E:\Spiele\StarCraft II\StarCraft II.exe
FirewallRules: [{A55D6ADF-05EB-4516-BC48-89D2D69A24B1}] => (Allow) E:\Spiele\StarCraft II\StarCraft II.exe
FirewallRules: [{F77565B3-21FD-40CE-B460-3F374A1F7D55}] => (Allow) E:\Spiele\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{8B8A7A92-7FAB-4280-B3A3-2F1D4D6BB332}] => (Allow) E:\Spiele\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{4C35ABAD-0796-4B3B-BF34-F83F4DCE8B51}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{2FA9AFDE-5107-4140-B8BF-2FFAA62579CE}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{661AD15E-B2CB-4A02-AAF0-620C5E49B3B4}] => (Allow) E:\Spiele\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{89C811D3-9684-4D45-8B7E-CE20E7675EE6}] => (Allow) E:\Spiele\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{E225656F-F415-4EC9-99CC-3D45E9CDB79A}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{92EC5EF4-C370-496F-B964-BA2FC6F5A993}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{38BFC189-E70C-464B-921B-78CD82CD98EF}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{277CFF11-7793-4583-B8F5-25C88AD6C23F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{5F6A080B-43F4-4ED7-8489-EC614A082C67}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{6222CF7A-A605-47A2-A427-7445A745D616}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{661ED772-13BB-4C38-ADF2-D3E7177F0525}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{F71C390C-695D-4E63-ACB1-DEC9C53E6BD7}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{1C5150E0-3006-432F-BF73-F22A7118BF06}] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{3CD284CF-54AB-450C-A6B2-D0338ABE8327}] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{BAF81C2F-454A-4C20-B493-8EED2DCE135B}] => (Allow) E:\Spiele\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{4EA525F5-BAE8-47BA-AE50-B0EE4997AF38}] => (Allow) E:\Spiele\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [TCP Query User{44E764E8-8238-422D-BE88-B02E6E13719B}C:\users\luke\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\luke\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D396E2F3-DD32-4DE6-BFE8-9CF0823F8D09}C:\users\luke\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\luke\appdata\roaming\spotify\spotify.exe
FirewallRules: [{45836782-FA1B-4476-A476-3F0D0949FF56}] => (Block) C:\users\luke\appdata\roaming\spotify\spotify.exe
FirewallRules: [{629986E9-EEAA-4EF3-AFEC-03C3F909BF24}] => (Block) C:\users\luke\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A5C1F87B-55F8-4E31-AA8B-7B62F1842187}] => (Allow) E:\Spiele\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
FirewallRules: [{6F82598E-129C-46D0-9EB9-6FB7F9569596}] => (Allow) E:\Spiele\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{5474CBAD-3CB6-47C3-AAEF-5EB216602484}] => (Allow) E:\Spiele\Riot Games\League of Legends\lol.launcher.admin.exe
FirewallRules: [{9EC52295-6996-4505-9F3B-8359F16411C3}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{E20F50DB-8D86-4381-B236-D4842A163413}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{01191E7D-FA0B-4AF4-8225-D4C4CC8945F8}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{26937287-D531-45F0-8676-B99BF29FC3B0}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{8B5C657C-E0F6-4B27-BD5B-9C3F9B8F89F2}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{DB02A517-632E-4E57-AF5F-53B9523AD8FD}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{0FB203BE-B08C-4CC6-977A-E08045B6DD4E}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\chivalrymedievalwarfarebeta\Binaries\Win64\CMW.exe
FirewallRules: [{AD1479FE-F4ED-4A2B-A5DC-BEB311417109}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\chivalrymedievalwarfarebeta\Binaries\Win64\CMW.exe
FirewallRules: [{C1265970-5768-43FB-ABA3-E64B3EFFFAA9}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\chivalrymedievalwarfarebeta\Binaries\Win32\CMW.exe
FirewallRules: [{9A7FA8F8-E381-4064-AB20-70473A6392F0}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\chivalrymedievalwarfarebeta\Binaries\Win32\CMW.exe
FirewallRules: [{5C40ECEB-2544-4EBB-A368-845DA1C04823}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\chivalrymedievalwarfarebeta\ChivLauncher.exe
FirewallRules: [{57F35776-8C4E-41D5-908D-E2417581CCA4}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\chivalrymedievalwarfarebeta\ChivLauncher.exe
FirewallRules: [{FA35AC71-75B3-4713-8C6C-88A86AD04A54}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{E30B75B5-A8B5-49FC-A81C-3151CDDDA8A2}] => (Allow) D:\Spiele\SteamLibrary\SteamApps\common\Stalker Call of Pripyat\bin\xrEngine.exe
==================== Faulty Device Manager Devices =============
Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/17/2015 12:45:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtkNGUI64.exe, Version: 1.0.0.134, Zeitstempel: 0x4e5c8210
Name des fehlerhaften Moduls: RtkNGUI64.exe, Version: 1.0.0.134, Zeitstempel: 0x4e5c8210
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000d6e34
ID des fehlerhaften Prozesses: 0x980
Startzeit der fehlerhaften Anwendung: 0xRtkNGUI64.exe0
Pfad der fehlerhaften Anwendung: RtkNGUI64.exe1
Pfad des fehlerhaften Moduls: RtkNGUI64.exe2
Berichtskennung: RtkNGUI64.exe3
Error: (07/17/2015 12:32:23 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (07/16/2015 12:37:54 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (07/15/2015 04:13:19 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (07/14/2015 10:43:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce796f3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x002af688
ID des fehlerhaften Prozesses: 0x1840
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Error: (07/13/2015 03:00:47 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (07/13/2015 12:38:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 39.0.0.5659, Zeitstempel: 0x55934d06
Name des fehlerhaften Moduls: mozalloc.dll, Version: 39.0.0.5659, Zeitstempel: 0x55933a83
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0xd28
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (07/12/2015 12:17:29 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (07/11/2015 09:17:20 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (07/10/2015 12:56:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtkNGUI64.exe, Version: 1.0.0.134, Zeitstempel: 0x4e5c8210
Name des fehlerhaften Moduls: RtkNGUI64.exe, Version: 1.0.0.134, Zeitstempel: 0x4e5c8210
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000d6e34
ID des fehlerhaften Prozesses: 0x99c
Startzeit der fehlerhaften Anwendung: 0xRtkNGUI64.exe0
Pfad der fehlerhaften Anwendung: RtkNGUI64.exe1
Pfad des fehlerhaften Moduls: RtkNGUI64.exe2
Berichtskennung: RtkNGUI64.exe3
System errors:
=============
Error: (07/17/2015 01:25:58 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (07/17/2015 12:46:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CyberGhost 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/17/2015 12:46:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst CyberGhost 5 Client Service erreicht.
Error: (07/17/2015 11:44:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CyberGhost 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/17/2015 11:44:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst CyberGhost 5 Client Service erreicht.
Error: (07/16/2015 06:58:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CyberGhost 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/16/2015 06:58:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst CyberGhost 5 Client Service erreicht.
Error: (07/16/2015 10:16:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CyberGhost 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/16/2015 10:16:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst CyberGhost 5 Client Service erreicht.
Error: (07/15/2015 04:04:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CyberGhost 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office:
=========================
Error: (07/17/2015 12:45:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtkNGUI64.exe1.0.0.1344e5c8210RtkNGUI64.exe1.0.0.1344e5c8210c000000500000000000d6e3498001d0c07da9cbc2d4C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exefb1fbece-2c70-11e5-ac69-4ceb42606c6e
Error: (07/17/2015 12:32:23 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (07/16/2015 12:37:54 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (07/15/2015 04:13:19 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (07/14/2015 10:43:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175144ce796f3unknown0.0.0.000000000c0000005002af688184001d0be75b1b4ca55C:\Windows\SysWOW64\explorer.exeunknownf5b7a5d8-2a68-11e5-9282-4ceb42606c6e
Error: (07/13/2015 03:00:47 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (07/13/2015 12:38:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe39.0.0.565955934d06mozalloc.dll39.0.0.565955933a838000000300001aa1d2801d0bcf1826e2b33C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllc85a5abc-28e6-11e5-a5cf-4ceb42606c6e
Error: (07/12/2015 12:17:29 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (07/11/2015 09:17:20 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (07/10/2015 12:56:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtkNGUI64.exe1.0.0.1344e5c8210RtkNGUI64.exe1.0.0.1344e5c8210c000000500000000000d6e3499c01d0bafeee50ebf8C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe434c2a24-26f2-11e5-b036-4ceb42606c6e
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 33%
Total physical RAM: 8152.17 MB
Available physical RAM: 5414.89 MB
Total Virtual: 16302.53 MB
Available Virtual: 13121.66 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:99.9 GB) (Free:29.89 GB) NTFS
Drive d: () (Fixed) (Total:253.39 GB) (Free:14.13 GB) NTFS
Drive e: (Volume) (Fixed) (Total:345.25 GB) (Free:16.91 GB) NTFS
Drive h: (Externus Plattulus) (Fixed) (Total:1863.01 GB) (Free:63.21 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 07F2837E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=99.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=253.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=345.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 1FFC0D81)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of log ============================
Geändert von LukeRednax (17.07.2015 um 13:54 Uhr) |
|
17.07.2015, 13:21
| #2 |
| | Festplatte füllt sich selbstständig nach dem Hochfahren, Speicherplatz grundlos auf allen Partitionen immer wieder voll GMER-log:
__________________Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-17 13:54:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9750420AS rev.0005DEM1 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\Luke\AppData\Local\Temp\fxtoipog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2852] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076f02ab1 5 bytes JMP 00000001008df046
.text C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe[2988] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000075e31401 2 bytes JMP 76f7b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe[2988] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000075e31419 2 bytes JMP 76f7b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe[2988] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000075e31431 2 bytes JMP 76ff8f29 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe[2988] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000075e3144a 2 bytes CALL 76f5489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe[2988] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000075e314dd 2 bytes JMP 76ff8822 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe[2988] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075e314f5 2 bytes JMP 76ff89f8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe[2988] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000075e3150d 2 bytes JMP 76ff8718 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe[2988] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075e31525 2 bytes JMP 76ff8ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe[2988] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000075e3153d 2 bytes JMP 76f6fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe[2988] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000075e31555 2 bytes JMP 76f768ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe[2988] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000075e3156d 2 bytes JMP 76ff8fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe[2988] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000075e31585 2 bytes JMP 76ff8b42 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe[2988] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000075e3159d 2 bytes JMP 76ff86dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe[2988] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000075e315b5 2 bytes JMP 76f6fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe[2988] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000075e315cd 2 bytes JMP 76f7b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe[2988] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000075e316b2 2 bytes JMP 76ff8ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe[2988] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000075e316bd 2 bytes JMP 76ff8671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3064] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076f58781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[1120] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17 0000000075e31401 2 bytes JMP 76f7b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[1120] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17 0000000075e31419 2 bytes JMP 76f7b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[1120] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17 0000000075e31431 2 bytes JMP 76ff8f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[1120] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42 0000000075e3144a 2 bytes CALL 76f5489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[1120] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17 0000000075e314dd 2 bytes JMP 76ff8822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[1120] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17 0000000075e314f5 2 bytes JMP 76ff89f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[1120] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17 0000000075e3150d 2 bytes JMP 76ff8718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[1120] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17 0000000075e31525 2 bytes JMP 76ff8ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[1120] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17 0000000075e3153d 2 bytes JMP 76f6fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[1120] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17 0000000075e31555 2 bytes JMP 76f768ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[1120] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17 0000000075e3156d 2 bytes JMP 76ff8fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[1120] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17 0000000075e31585 2 bytes JMP 76ff8b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[1120] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17 0000000075e3159d 2 bytes JMP 76ff86dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[1120] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17 0000000075e315b5 2 bytes JMP 76f6fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[1120] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17 0000000075e315cd 2 bytes JMP 76f7b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[1120] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20 0000000075e316b2 2 bytes JMP 76ff8ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[1120] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31 0000000075e316bd 2 bytes JMP 76ff8671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5104] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076f58781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e31401 2 bytes JMP 76f7b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5104] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e31419 2 bytes JMP 76f7b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e31431 2 bytes JMP 76ff8f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e3144a 2 bytes CALL 76f5489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5104] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e314dd 2 bytes JMP 76ff8822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e314f5 2 bytes JMP 76ff89f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e3150d 2 bytes JMP 76ff8718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e31525 2 bytes JMP 76ff8ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e3153d 2 bytes JMP 76f6fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5104] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e31555 2 bytes JMP 76f768ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e3156d 2 bytes JMP 76ff8fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e31585 2 bytes JMP 76ff8b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e3159d 2 bytes JMP 76ff86dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e315b5 2 bytes JMP 76f6fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e315cd 2 bytes JMP 76f7b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e316b2 2 bytes JMP 76ff8ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e316bd 2 bytes JMP 76ff8671 C:\Windows\syswow64\kernel32.dll
---- Processes - GMER 2.1 ----
Library c:\users\luke\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpizz98z.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988](2015-07-17 10:45:34) 0000000004de0000
Library C:\Users\Luke\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24) 0000000068f50000
Library C:\Users\Luke\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30) 000000004a900000
Library C:\Users\Luke\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30) 0000000005de0000
Library C:\Users\Luke\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30) 000000004ad00000
Library C:\Users\Luke\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 000000006a790000
Library C:\Users\Luke\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006a4a0000
Library C:\Users\Luke\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988](2015-03-04 21:45:30) 000000006a3e0000
Library C:\Users\Luke\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006a030000
Library C:\Users\Luke\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000067f60000
Library C:\Users\Luke\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006af90000
Library C:\Users\Luke\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000699f0000
Library C:\Users\Luke\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000699c0000
Library C:\Users\Luke\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988](2015-03-04 21:45:30) 000000006ff10000
Library C:\Users\Luke\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000069990000
Library C:\Users\Luke\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000069950000
Library C:\Users\Luke\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000069900000
Library C:\Users\Luke\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988](2015-03-04 21:45:30) 0000000069820000
Library C:\Users\Luke\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988](2015-03-04 21:45:30) 00000000697e0000
Library C:\Users\Luke\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988](2015-03-04 21:45:30) 0000000073c90000
Library C:\Users\Luke\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988](2015-03-04 21:45:30) 0000000073b10000
Library C:\Users\Luke\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll (*** suspicious ***) @ C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2988](2015-03-04 21:45:30) 0000000073b00000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb42606c6e
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb42606c6e (not active ControlSet)
---- EOF - GMER 2.1 ----
 Dankeschön schonmal für die Hilfe! |
|
17.07.2015, 16:38
| #3 |
| /// the machine /// TB-Ausbilder    | Festplatte füllt sich selbstständig nach dem Hochfahren, Speicherplatz grundlos auf allen Partitionen immer wieder voll Hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
17.07.2015, 19:09
| #4 |
| | Festplatte füllt sich selbstständig nach dem Hochfahren, Speicherplatz grundlos auf allen Partitionen immer wieder voll "Scan finished: No Malware found!" hat mir das Programm ausgespuckt.  Und nu? |
|
18.07.2015, 09:35
| #5 | |
| /// the machine /// TB-Ausbilder | Festplatte füllt sich selbstständig nach dem Hochfahren, Speicherplatz grundlos auf allen Partitionen immer wieder vollZitat:
TreeSize Free Download Bitte TreeSize laden und laufen lassen. Wenn das Tool mit der Analyse fertig ist bitte einen Screenshot davon machen und hier posten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.07.2015, 12:02
| #6 |
| | Festplatte füllt sich selbstständig nach dem Hochfahren, Speicherplatz grundlos auf allen Partitionen immer wieder voll Hi, Ja, es ist ein Programm zum automatischen Verschieben von Dateien. Ich leere damit meine Dropbox im Hintergrund. C:  D:  E:  Computer sagt die Gesamtgröße der Partitionen richtig an.  LG Geändert von LukeRednax (18.07.2015 um 12:22 Uhr) Grund: Screenshots angefügt |
|
18.07.2015, 13:47
| #7 | |
| /// the machine /// TB-Ausbilder | Festplatte füllt sich selbstständig nach dem Hochfahren, Speicherplatz grundlos auf allen Partitionen immer wieder vollZitat:
Ich glaube Du hast den Sinn des Programms nicht so ganz verstanden oder? Du beschwerst Dich dass dein Speicherplatz immer kleiner wird. Das Tool zeigt genau an welcher Ordner viel Platz braucht, so sieht man wo das Problem liegt.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.07.2015, 15:00
| #8 |
| | Festplatte füllt sich selbstständig nach dem Hochfahren, Speicherplatz grundlos auf allen Partitionen immer wieder voll Doch hab ich, nur hab ich damit gerechnet, dass da auch eine gesamtkapazität angezeigt wird. Die hab ich halt noch nachgeschoben Nach Neustart sind wieder 22GB auf D: frei. Ich hab nichts gemacht. Vermutlich nur eine Windowssache? Tut mir leid, wenn ich mich hier an die falsche Adresse gewandt habe... Erklären kann ichs mir nicht. |
|
19.07.2015, 05:59
| #9 |
| /// the machine /// TB-Ausbilder | Festplatte füllt sich selbstständig nach dem Hochfahren, Speicherplatz grundlos auf allen Partitionen immer wieder voll Naja, das alles zeigt Treesize. Den Ordner, der soviel frisst, und nach Reboot ist der Ordner dann leer/normal. Ohne den Screenshot von vor dem Reboot alles nur Spekulation
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Festplatte füllt sich selbstständig nach dem Hochfahren, Speicherplatz grundlos auf allen Partitionen immer wieder voll |
| adware, antivirus, browser, cpu, cubase, cyberghost, defender, desktop, device driver, failed, festplatte, firefox, firefox 39.0, flash player, homepage, iexplore.exe, installation, kis, league of legends, mozilla, realtek, registry, rundll, services.exe, software, speicherplatz, svchost.exe, udp, updates, usb |
Linear-Darstellung
