Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
50% CPU usage wenn idle...

50% CPU usage wenn idle...


Log-Analyse und Auswertung: 50% CPU usage wenn idle...

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 13.12.2016, 23:38   #1
cmdr
 
50% CPU usage wenn idle... - Standard

50% CPU usage wenn idle...


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Teng (ATTENTION: The user is not administrator) on SATAN (13-12-2016 23:31:45)
Running from G:\Needful Things\Trojaner Board
Loaded Profiles: m & Teng (Available Profiles: m & Teng)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> nvscpapisvr.exe
Failed to access process -> svchost.exe
Failed to access process -> atiesrxx.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> atieclxx.exe
Failed to access process -> nvxdsync.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> FCUpdateService.exe
Failed to access process -> GfExperienceService.exe
Failed to access process -> NvNetworkService.exe
Failed to access process -> NvStreamService.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> NvStreamNetworkService.exe
Failed to access process -> svchost.exe
Failed to access process -> NvStreamUserAgent.exe
Failed to access process -> conhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Gemalto N.V.) C:\Users\Teng\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(www.bid-o-matic.org) C:\Program Files (x86)\Biet-O-Matic\Biet-O-Matic.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\SCSI Host\scsihost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Failed to access process -> wmpnetwk.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Failed to access process -> svchost.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-10-01] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [77824 2014-03-22] (Apple Computer, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [SCSI Host] => C:\Program Files (x86)\SCSI Host\scsihost.exe [1521664 2016-04-18] ()
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\RunOnce: [wextract_cleanup0] => rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\m\AppData\Local\Temp\IXP000.TMP\" <===== ATTENTION
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd)
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\Run: [Steam] => "C:\Program Files (x86)\Steam\Steam.exe" -silent
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [4411488 2014-03-16] ()
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Teng\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [27311232 2011-06-29] (Gemalto N.V.)
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\Run: [koxgzz.exe] => \koxgzz.exe
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\Run: [Mark.of.the.Ninja.Special.Edition-SKIDROW.exe] => Mark.of.the.Ninja.Special.Edition-SKIDROW.exe
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\MountPoints2: K - K:\LaunchU3.exe -a
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\MountPoints2: {0bc57b94-ddb3-11e2-8036-001d60863ea4} - N:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\MountPoints2: {28d2cd41-447c-11e3-a4f4-001d60863ea4} - J:\autorun.exe
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\MountPoints2: {b9d494f1-5692-11e1-be88-001d60863ea4} - L:\LaunchU3.exe -a
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk [2011-10-28]
ShortcutTarget: Biet-O-Matic.lnk -> C:\Program Files (x86)\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org)
BootExecute: autocheck autochk * OODBS

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{1D1813E2-57DB-459F-9DBE-2087AB259659}: [NameServer] 69.164.196.21,5.134.115.112
Tcpip\..\Interfaces\{1D1813E2-57DB-459F-9DBE-2087AB259659}: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{7B365E17-81AA-4E61-BE18-136661F4713A}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-896307261-3574068607-3140626432-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [S-1-5-21-896307261-3574068607-3140626432-1001] ATTENTION => Default URLSearchHook is missing
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-22] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-22] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-22] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-22] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-08-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-08-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-08-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-08-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default [2016-12-13]
FF user.js: detected! => C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\user.js [2014-09-28]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\avlwyghh.default -> Google Deutschland
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\avlwyghh.default -> Google Deutschland
FF Keyword.URL: Mozilla\Firefox\Profiles\avlwyghh.default -> 	  hxxp://www.google.de/search?sourceid=navclient&hl=de&q=
FF NetworkProxy: Mozilla\Firefox\Profiles\avlwyghh.default -> autoconfig_url", "chrome://viewtubes/content/viewtubes_false.pac"
FF NetworkProxy: Mozilla\Firefox\Profiles\avlwyghh.default -> type", 2
FF Extension: (Disconnect) - C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\Extensions\2.0@disconnect.me.xpi [2016-04-29]
FF Extension: (ClipConverter) - C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\Extensions\clipconverter@clipconverter.cc.xpi [2016-04-09]
FF Extension: (German Dictionary) - C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2016-12-04]
FF Extension: (Ghostery) - C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\Extensions\firefox@ghostery.com.xpi [2016-11-29]
FF Extension: (HTTPS Everywhere) - C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\Extensions\https-everywhere-eff@eff.org.xpi [2016-12-03]
FF Extension: (Facebook Ticker Removal) - C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\Extensions\info@technologymob.com.xpi [2016-04-29]
FF Extension: (Self-Destructing Cookies) - C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2016-11-02]
FF Extension: (Beef Taco (Targeted Advertising Cookie Opt-Out)) - C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\Extensions\john@velvetcache.org.xpi [2016-04-29]
FF Extension: (uBlock Origin) - C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\Extensions\uBlock0@raymondhill.net.xpi [2016-11-29]
FF Extension: (uMatrix) - C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\Extensions\uMatrix@raymondhill.net.xpi [2016-11-02]
FF Extension: (LittleFox) - C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\Extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}.xpi [2016-10-19]
FF Extension: (Flashblock) - C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-01-04]
FF Extension: (MicroFox) - C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\Extensions\{403304EE-066A-4a2a-8F41-F12028480A0A}.xpi [2016-10-19]
FF Extension: (Cookie Monster) - C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\Extensions\{45d8ff86-d909-11db-9705-005056c00008} [2016-11-28]
FF Extension: (Save Button for Pinterest) - C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2016-12-13]
FF Extension: (NoScript) - C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-12-03]
FF Extension: (BetterPrivacy) - C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-11-02]
FF Extension: (Tab Mix Plus) - C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-10-31]
FF Extension: (Greasemonkey) - C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-08-20]
FF Extension: (Adblock Edge) - C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2016-04-27]
FF SearchPlugin: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\searchplugins\darklyrics.xml [2013-11-26]
FF SearchPlugin: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\searchplugins\discogs.xml [2015-09-16]
FF SearchPlugin: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\searchplugins\duckduckgo-de.xml [2015-05-18]
FF SearchPlugin: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\searchplugins\duckduckgo.xml [2012-02-20]
FF SearchPlugin: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\searchplugins\ebay-deutschland.xml [2015-05-03]
FF SearchPlugin: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\searchplugins\encyclopaedia-metallum---google.xml [2013-11-26]
FF SearchPlugin: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\searchplugins\encyclopaedia-metallum-bands.xml [2013-11-26]
FF SearchPlugin: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\searchplugins\gamefaqs.xml [2014-06-01]
FF SearchPlugin: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\searchplugins\gametrailerscom.xml [2013-11-26]
FF SearchPlugin: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\searchplugins\google-blog-search.xml [2013-11-26]
FF SearchPlugin: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\searchplugins\google-deutschland.xml [2015-09-02]
FF SearchPlugin: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\searchplugins\google-maps-deutschland---sat.xml [2013-10-07]
FF SearchPlugin: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\searchplugins\ign.xml [2014-06-01]
FF SearchPlugin: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\searchplugins\imdb.xml [2014-12-08]
FF SearchPlugin: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\searchplugins\lastfm---artists.xml [2013-11-26]
FF SearchPlugin: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\searchplugins\popsikecom.xml [2013-11-26]
FF SearchPlugin: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\searchplugins\rap-genius.xml [2014-07-07]
FF SearchPlugin: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\searchplugins\urban-dictionary.xml [2013-11-26]
FF SearchPlugin: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\searchplugins\wikipedia-en---search.xml [2014-06-01]
FF SearchPlugin: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\searchplugins\youtube-video-search.xml [2014-12-20]
FF SearchPlugin: C:\Users\Teng\AppData\Roaming\Mozilla\Firefox\Profiles\avlwyghh.default\searchplugins\youtube.xml [2014-12-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_250.dll [2014-10-22] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-22] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_250.dll [2014-10-22] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-01] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-04-10] (Foxit Software Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-10-01] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-10-01] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-10-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-10-01] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-10-26] (DT Soft Ltd)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-10-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56376 2016-10-01] (NVIDIA Corporation)
S3 PRESONUS_AUDIOBOX_USB; C:\Windows\System32\Drivers\psabusbu.sys [462968 2009-12-04] (Ploytec GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-13 20:15 - 2016-12-13 20:15 - 00000000 ____D C:\New folder
2016-12-12 23:21 - 2016-12-12 23:21 - 00001136 _____ C:\Users\Teng\Desktop\PC Konfiguration.txt
2016-12-12 22:34 - 2016-12-12 22:34 - 00000000 ____D C:\566551856fee234bbde9c7606c559e
2016-12-06 20:48 - 2016-12-06 20:48 - 00000000 ____D C:\Users\Teng\AppData\LocalLow\Knuckle Cracker
2016-12-06 20:46 - 2016-12-06 20:48 - 00000000 ____D C:\Users\m\AppData\Roaming\ParticleFleet
2016-12-06 20:30 - 2016-12-06 20:30 - 00000000 ____D C:\Users\Teng\AppData\Roaming\CreeperWorld3
2016-11-23 10:28 - 2016-12-04 18:56 - 00000000 ____D C:\Users\Teng\AppData\Roaming\Audacity
2016-11-23 10:28 - 2016-11-23 10:28 - 00001024 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-11-23 10:28 - 2016-11-23 10:28 - 00001012 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-11-23 10:28 - 2016-11-23 10:28 - 00000000 ____D C:\Users\Teng\AppData\Local\Audacity
2016-11-23 10:28 - 2016-11-23 10:28 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-11-21 10:50 - 2016-11-21 10:50 - 00059403 _____ C:\Users\Teng\Desktop\Tickets Killerz 3.pdf
2016-11-18 18:57 - 2016-12-12 22:22 - 00000000 ____D C:\Users\Teng\AppData\LocalLow\Mozilla
2016-11-18 14:26 - 2016-12-13 22:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-13 23:31 - 2014-10-16 12:28 - 00000000 ____D C:\FRST
2016-12-13 23:31 - 2011-10-28 10:43 - 00000000 ____D C:\Program Files (x86)\Biet-O-Matic
2016-12-13 20:15 - 2012-04-25 20:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-12 22:38 - 2009-07-14 05:45 - 00014752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-12 22:38 - 2009-07-14 05:45 - 00014752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-12 22:16 - 2009-07-14 06:13 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-12 22:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-12 22:10 - 2016-10-12 14:48 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-12 22:10 - 2011-10-26 17:54 - 00000000 ____D C:\Users\Teng\.rainlendar2
2016-12-12 22:10 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-12 12:05 - 2014-09-12 01:28 - 00000000 ____D C:\Users\Teng\AppData\Roaming\F21A5342-74C1-4E8D-BAC3-006C36D75143
2016-12-12 11:32 - 2011-10-27 23:11 - 00000000 ____D C:\Users\Teng\AppData\Roaming\vlc
2016-12-08 22:10 - 2012-02-08 00:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KnuckleCracker
2016-12-04 19:58 - 2015-05-15 15:31 - 00000000 ____D C:\Users\Teng\AppData\Local\CrashDumps
2016-12-04 19:47 - 2011-10-28 15:59 - 00000000 ____D C:\Users\Teng\AppData\Roaming\FileZilla
2016-11-13 00:25 - 2011-10-24 13:41 - 00000000 ____D C:\Program Files (x86)\Rainlendar2

==================== Files in the root of some directories =======

2013-11-05 11:40 - 2016-05-02 16:47 - 0000288 _____ () C:\Users\Teng\AppData\Roaming\.backup.dm
2011-11-13 11:24 - 2011-11-13 11:24 - 0027617 _____ () C:\Users\Teng\AppData\Roaming\phpdesigner.xml
2005-04-08 03:16 - 2011-11-11 22:18 - 0108357 ____H () C:\Users\Teng\AppData\Roaming\Tenglog.dat
2012-01-24 21:24 - 2012-01-24 22:02 - 0004608 _____ () C:\Users\Teng\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-27 03:57 - 2013-01-27 03:57 - 0001470 _____ () C:\Users\Teng\AppData\Local\RecConfig.xml

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================
--- --- ---

--- --- ---




[CODE]Additional
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Teng (13-12-2016 23:37:01)
Running from G:\Needful Things\Trojaner Board
Windows 7 Professional Service Pack 1 (X64) (2011-10-23 17:17:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-896307261-3574068607-3140626432-500 - Administrator - Disabled)
Guest (S-1-5-21-896307261-3574068607-3140626432-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-896307261-3574068607-3140626432-1002 - Limited - Enabled)
m (S-1-5-21-896307261-3574068607-3140626432-1001 - Administrator - Enabled) => C:\Users\m
Teng (S-1-5-21-896307261-3574068607-3140626432-1004 - Limited - Enabled) => C:\Users\Teng

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.250 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Amnesia: A Machine for Pigs (HKLM-x32\...\Amnesia: A Machine for Pigs_is1) (Version:  - )
Ansel (Version: 373.06 - NVIDIA Corporation) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.4.0.0 - Auslogics Labs Pty Ltd)
Avidemux 2.5 (HKLM-x32\...\Avidemux 2.5 (64-bit)) (Version: 2.5.6.7716 - )
Biet-O-Matic v2.14.8 (HKLM-x32\...\Biet-O-Matic v2.14.8) (Version: 2.14.8 - BOM Development Team)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Broken Sword 2.5 (HKLM-x32\...\Broken Sword 2.5_is1) (Version:  - mindFactory)
Bullzip PDF Printer 7.2.0.1304 (HKLM\...\Bullzip PDF Printer_is1) (Version: 7.2.0.1304 - Bullzip)
calibre (HKLM-x32\...\{D47B7229-AC24-4D79-96AB-880649FFC892}) (Version: 2.19.0 - Kovid Goyal)
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Creeper World (HKLM-x32\...\CreeperWorld.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1) (Version: 0182 - UNKNOWN)
Creeper World (x32 Version: 0182 - UNKNOWN) Hidden
Creeper World 2 (HKLM-x32\...\CreeperWorld2.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1) (Version: 3.63.0 - UNKNOWN)
Creeper World 2 (x32 Version: 3.63.0 - UNKNOWN) Hidden
Dacia Media Nav Toolbox (HKLM-x32\...\Dacia Media Nav Toolbox) (Version: 3.18.4.502485 - NNG Llc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Dungeon Keeper 2 (HKLM-x32\...\GOGPACKDUNGEONKEEPER2_is1) (Version: 2.0.0.32 - GOG.com)
Dying Light (HKLM-x32\...\RHlpbmdMaWdodA==_is1) (Version: 1 - )
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.2.24.20150630 - Landesfinanzdirektion Thüringen)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
FileZilla Client 3.22.2.2 (HKLM-x32\...\FileZilla Client) (Version: 3.22.2.2 - Tim Kosse)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.3.76.410 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
Free Audio Converter version 5.0.61.805 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.61.805 - DVDVideoSoft Ltd.)
Freespace (HKLM-x32\...\GOGPACKFREESPACE_is1) (Version: 2.0.0.7 - GOG.com)
GOG.com Dungeon Keeper 2 (HKLM\...\{b6462b67-caf5-4a74-99df-cc2811bd1957}.sdb) (Version:  - )
GOG.com Freespace (HKLM\...\{cade436f-07c5-47f2-b1f3-10be3bd121da}.sdb) (Version:  - )
GPL Ghostscript Lite 9.04 (HKLM-x32\...\GPL Ghostscript Lite_is1) (Version:  - )
Guitar Pro 5.0 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.290 - Oracle)
Java(TM) 7 Update 2 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217002FF}) (Version: 7.0.20 - Oracle)
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 12.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 en-US)) (Version: 12.0 - Mozilla)
Mozilla Firefox 50.0.2 (x86 en-US) (HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 373.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 373.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 373.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 373.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
One Unit Whole Blood (HKLM-x32\...\One Unit Whole Blood_is1) (Version:  - GOG.com)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Pathway Professional - Film Analysis (HKLM-x32\...\{9AA9F79E-3EFA-415F-99E9-E18529A0AFF4}) (Version: 31897 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
PDFTK Builder 3.5.3 (HKLM-x32\...\PDFTK Builder_is1) (Version:  - )
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
Pidgin (HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\Pidgin) (Version: 2.10.1 - )
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
RemoteControl for Winamp (HKLM-x32\...\RemoteControl for Winamp1.00) (Version: 1.00 - Martin Schlodinski)
SABnzbd 0.7.14 (HKLM-x32\...\SABnzbd) (Version: 0.7.14 - The SABnzbd Team)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19269 - Gemalto N.V.)
Scrolls (HKLM-x32\...\{F7F74F7F-C458-4B7C-A6F4-80A28ED7AF0B}) (Version: 1.0.2.0 - Mojang)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sins of a Solar Empire Rebellion (c) Stardock version 1 (HKLM-x32\...\Sins of a Solar Empire Rebellion (c) Stardock_is1) (Version: 1 - )
Smart Organizing Monitor (HKLM-x32\...\{AD66DDE3-33AC-4F26-9EC6-A37454423C4F}) (Version: 1.00.0000 - RICOH)
Stronghold HD (HKLM-x32\...\GOGPACKSTRONGHOLDHD_is1) (Version: 2.0.0.3 - GOG.com)
Ulead GIF Animator Lite Edition 1.0 (HKLM-x32\...\Ulead GIF Animator Lite Edition 1.0) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Z (HKLM-x32\...\1207664893_is1) (Version: 2.3.0.8 - GOG.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-11-01 19:10 - 2016-11-01 19:10 - 00052400 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-03-16 18:42 - 2014-03-16 18:42 - 04411488 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
2012-05-16 20:12 - 2012-05-16 20:12 - 00179200 _____ () C:\Program Files (x86)\Rainlendar2\lua52.dll
2014-03-14 11:24 - 2014-03-14 11:24 - 00324608 _____ () C:\Program Files (x86)\Rainlendar2\libical.dll
2014-03-16 18:42 - 2014-03-16 18:42 - 00082528 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
2014-03-14 11:24 - 2014-03-14 11:24 - 00080384 _____ () C:\Program Files (x86)\Rainlendar2\libicalss.dll
2014-03-16 18:44 - 2014-03-16 18:44 - 00346208 _____ () C:\Program Files (x86)\Rainlendar2\plugins\GoogleCalendarPlugin.dll
2012-06-17 14:21 - 2012-06-17 14:21 - 00015360 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll
2016-05-03 00:21 - 2016-04-18 12:16 - 01521664 _____ () C:\Program Files (x86)\SCSI Host\scsihost.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [494]
AlternateDataStreams: C:\Users\Public\Desktop\Amnesia: A Machine for Pigs.lnk [1458]
AlternateDataStreams: C:\Users\Teng\Cookies:X7IeMuZWMtAtWneF5qqjxy4jMIO6Z [2364]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\microsoft.com -> hxxps://update.microsoft.com
IE trusted site: HKU\S-1-5-21-896307261-3574068607-3140626432-1004\...\microsoft.com -> hxxp://update.microsoft.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-10-16 20:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-896307261-3574068607-3140626432-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Teng\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 69.164.196.21 - 5.134.115.112
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^m^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D818B8A3-C591-408D-97DD-FCFE031ED0AF}] => %ProgramFiles% (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F9965F4C-7EEF-489F-AA2F-3462F02CF282}] => C:\Program Files (x86)\Last.fm\LastFM.exe
FirewallRules: [{18519143-8B84-444A-8413-4D03E2337838}] => C:\Program Files (x86)\Last.fm\LastFM.exe
FirewallRules: [{C97F3F47-31DD-4D5D-B94B-9E32E841B225}] => C:\Program Files (x86)\Last.fm\LastFM.exe
FirewallRules: [{5EC81B49-7716-4536-A6E9-257972400C4C}] => C:\Program Files (x86)\Last.fm\LastFM.exe
FirewallRules: [{D802A2B1-4140-4B87-BA4C-5E7E18F949D1}] => %ProgramFiles% (x86)\Last.fm\LastFM.exe
FirewallRules: [{F336331D-32B8-4C1E-BE2E-56E427457430}] => %ProgramFiles% (x86)\Rainlendar2\Rainlendar2.exe
FirewallRules: [{902F5112-8525-404C-AFEE-72E0285218C2}] => %ProgramFiles% (x86)\SABnzbd\SABnzbd.exe
FirewallRules: [{7E030C8B-B048-4B9E-B7B1-3DF466C2B546}] => %ProgramFiles% (x86)\Biet-O-Matic\Biet-O-Matic.exe
FirewallRules: [{C2B1EE59-B6EA-4333-9256-8EC7DFE92C69}] => %ProgramFiles% (x86)\Biet-O-Matic\BOMUpdate.exe
FirewallRules: [{1D8B1F05-475E-4EFE-BA92-99D42CE238F0}] => %ProgramFiles% (x86)\Biet-O-Matic\BOM Logging Config Tool.exe
FirewallRules: [TCP Query User{42E16501-95EE-40C3-A415-7598C2CAA9A7}H:\games\dead island\deadislandgame.exe] => H:\games\dead island\deadislandgame.exe
FirewallRules: [UDP Query User{536C437E-A628-4805-920E-55BCED5ED45B}H:\games\dead island\deadislandgame.exe] => H:\games\dead island\deadislandgame.exe
FirewallRules: [{1464E782-28E2-48E0-A707-D9ABDA655C06}] => %ProgramFiles% (x86)\FileZilla FTP Client\filezilla.exe
FirewallRules: [{CA3A851B-6575-4719-867D-5FEEE905CA00}] => %ProgramFiles% (x86)\Biet-O-Matic\Biet-O-Matic.exe
FirewallRules: [{DE3BDCCB-9CAF-4877-B7E3-C48904A69B8F}] => %ProgramFiles% (x86)\Biet-O-Matic\BOM Logging Config Tool.exe
FirewallRules: [{78857152-4C79-4CDA-8F4E-00853F56ACFF}] => %ProgramFiles% (x86)\Biet-O-Matic\BOMUpdate.exe
FirewallRules: [{6EC31C6D-D7D8-46D0-BDB9-3A40D627D65F}] => %ProgramFiles% (x86)\Winamp\winamp.exe
FirewallRules: [{3DD30B62-D3B2-4EAB-A08F-D944348A8162}] => %ProgramFiles% (x86)\ImgBurn\ImgBurn.exe
FirewallRules: [{6D2C788A-4B01-4871-B090-02A4985A1AF2}] => %ProgramFiles% (x86)\YouTube Download\FreeYouTubeDownload.exe
FirewallRules: [{DF665DB2-E823-4F06-8E75-05D9546D6DE7}] => G:\Needful Things\Mediathek\Starten_Windows.exe
FirewallRules: [{D80925EB-D229-4BD3-87D4-15C983996C6F}] => G:\Needful Things\Mediathek\Starten_Windows.exe
FirewallRules: [{8208ADE5-F3CB-410E-A785-8D58822D9158}] => %ProgramFiles% (x86)\Desura\desura.exe
FirewallRules: [{52D7F7C6-734C-4A2A-88E9-647D44B529DF}] => %ProgramFiles% (x86)\Desura\desura.exe
FirewallRules: [{965346D4-725E-44B1-A544-C90E53A15BEA}] => G:\Needful Things\jxpiinstall.exe
FirewallRules: [{BE204C14-F2F0-4BA7-9D59-5F8DF3E5F771}] => %SystemDrive%\Users\Teng\AppData\Roaming\Microsoft\Windows\Pidgin\pidgin.exe
FirewallRules: [{255A9E4E-7A1F-4A57-84B9-02806A08ADA4}] => %SystemDrive%\Users\Teng\AppData\Roaming\Microsoft\Windows\Pidgin\pidgin.exe
FirewallRules: [TCP Query User{A86C2083-EA78-4487-BCAE-83E3A9512E74}H:\games\dead island\deadislandgame.exe] => H:\games\dead island\deadislandgame.exe
FirewallRules: [UDP Query User{68DCB21D-40B2-4003-95CA-5236D2F0B6BC}H:\games\dead island\deadislandgame.exe] => H:\games\dead island\deadislandgame.exe
FirewallRules: [{E589C869-FFF5-45C7-A1A7-BEA808AB9FDD}] => C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{1C7D2188-1B52-4837-ACC7-1F1F97927967}] => C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{DAB60054-3165-4F35-9C84-3AA1D837EB14}] => C:\Program Files (x86)\Sins of a Solar Empire\Sins of a Solar Empire.exe
FirewallRules: [{44D8A06E-670D-46A9-9B6D-374199FD3DD4}] => C:\Program Files (x86)\Sins of a Solar Empire\Sins of a Solar Empire.exe
FirewallRules: [TCP Query User{9189F5A1-B40E-40B9-BD78-94CDC23FA4BF}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{3320C074-19E9-4205-8893-9243649887D8}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{8F9209E9-1ABE-4AF8-9FD6-5A9AC56FB396}] => %ProgramFiles% (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [{46CD6534-BA66-42D4-94FC-EE9A5910E420}] => %ProgramFiles% (x86)\Adobe\Flash Player\AddIns\airappinstaller\airappinstaller.exe
FirewallRules: [{FD5239EF-7079-45C0-8070-9AE26A29160E}] => G:\Needful Things\Hearthstone-Setup-enUS.exe
FirewallRules: [{EA57DA4A-9939-4D18-835E-23203A0264F7}] => G:\Needful Things\Hearthstone-Setup-enUS.exe
FirewallRules: [{A31EFED0-4871-42BF-B90D-1C0E64893254}] => C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{DDE06BB6-CC0C-4D84-A839-20F4016EB459}] => C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{0DCE0E0E-FD2E-4435-81C7-E5D12EF2C630}] => G:\Games\StarCraft II\Versions\Base24944\SC2.exe
FirewallRules: [TCP Query User{55EA7BC1-0D4F-4990-B812-0D91FDA6AC9D}G:\games\call of duty black ops 2\t6sp.exe] => G:\games\call of duty black ops 2\t6sp.exe
FirewallRules: [UDP Query User{6DE5962B-D4DF-47A3-995E-C19CB0C9FDD5}G:\games\call of duty black ops 2\t6sp.exe] => G:\games\call of duty black ops 2\t6sp.exe
FirewallRules: [{7763C62F-B6EB-4E84-A4D4-F7C9AD9C740F}] => %USERPROFILE%\Desktop\mbar\mbar.exe
FirewallRules: [{4852B790-F206-4148-B4CD-2D35A81C4274}] => %USERPROFILE%\Desktop\mbar\mbar.exe
FirewallRules: [{A3C1B775-B2A1-4282-947A-A7DC3FABAF09}] => %USERPROFILE%\Desktop\mbar\mbamdor.exe
FirewallRules: [{09A7A9FC-29B8-41AB-B6E1-7258726FEEB0}] => %USERPROFILE%\Desktop\mbar\mbamdor.exe
FirewallRules: [TCP Query User{5FC6DA22-358D-4752-B4F7-DEE028ED2C92}C:\program files (x86)\games\farcry 3\bin\farcry3.exe] => C:\program files (x86)\games\farcry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{2D0B7557-52C2-4DDD-9385-2EC493E57313}C:\program files (x86)\games\farcry 3\bin\farcry3.exe] => C:\program files (x86)\games\farcry 3\bin\farcry3.exe
FirewallRules: [TCP Query User{49F5A7DD-9328-4E81-8318-8CE80558BE2D}G:\games\dying light\dyinglightgame.exe] => G:\games\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{CD2C2BA9-6C9A-48BF-AC0C-C3C8D3965DDC}G:\games\dying light\dyinglightgame.exe] => G:\games\dying light\dyinglightgame.exe
FirewallRules: [TCP Query User{CEF16071-CF1C-4E96-B910-887AF09DF66C}G:\games\call of duty black ops 2\t6zm.exe] => G:\games\call of duty black ops 2\t6zm.exe
FirewallRules: [UDP Query User{FD414A49-255D-4D32-9011-FC80D3C5F100}G:\games\call of duty black ops 2\t6zm.exe] => G:\games\call of duty black ops 2\t6zm.exe
FirewallRules: [{6A731557-7B88-4A82-8CB0-C0B43C4BE6B8}] => G:\Games\Call of Duty Black Ops 2\t6sp.exe
FirewallRules: [{25F0E3D3-1683-4853-9F82-905B06587860}] => C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{3C759EA9-017B-4D9B-9929-E53F55DF3928}] => C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{88628CA2-3548-4299-A3DB-BEFA685AB868}] => G:\Needful Things\CreativeCloudSet-Up.exe
FirewallRules: [{380E378A-D595-4A65-9114-C71F33B91BE9}] => G:\Needful Things\CreativeCloudSet-Up.exe
FirewallRules: [{2E049E01-8950-44D3-BD0E-21820E5622D5}] => %ProgramFiles% (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
FirewallRules: [{3B73D895-CEAC-4D29-A5D0-692A63269CA9}] => %ProgramFiles% (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
FirewallRules: [{F4069482-624B-4DE4-ADE6-65E9EB2EA29A}] => %ProgramFiles% (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
FirewallRules: [{B87DEDA3-0BCE-484D-A80A-BBC22547DBF3}] => %ProgramFiles% (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
FirewallRules: [{AAA56D4E-D097-4D29-B586-109D8DA57B0F}] => %ProgramFiles% (x86)\Dacia Media Nav\Toolbox\toolbox.exe
FirewallRules: [{CDB65DA2-9FD4-4D22-AF7A-C6D695E19F99}] => %ProgramFiles% (x86)\Dacia Media Nav\Toolbox\toolbox.exe
FirewallRules: [TCP Query User{0488A768-3F77-4385-80D9-FD1342445016}G:\games\freespace\fs.exe] => G:\games\freespace\fs.exe
FirewallRules: [UDP Query User{D1D57B63-C8DE-4952-B756-84BA0E08A61A}G:\games\freespace\fs.exe] => G:\games\freespace\fs.exe
FirewallRules: [{51C2476B-52E3-44C8-A113-4806B0128519}] => %SystemDrive%\Users\Teng\Downloads\ageofconan-en.exe
FirewallRules: [{D9DEE0DC-2B71-4E11-94F2-697C3B728D01}] => %SystemDrive%\Users\Teng\Downloads\ageofconan-en.exe
FirewallRules: [TCP Query User{F39D0671-F160-469C-8816-05C3301BC706}H:\games\age of conan\conanpatcher.exe] => H:\games\age of conan\conanpatcher.exe
FirewallRules: [UDP Query User{5F556993-D1A7-47FD-9D8D-A4D9E9BFC868}H:\games\age of conan\conanpatcher.exe] => H:\games\age of conan\conanpatcher.exe
FirewallRules: [{43DF27E8-258D-4940-817E-BA9E2A105E2F}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7E88C2FD-C213-45D5-A699-36E73042A979}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{56E77248-851C-4C91-96A4-BCED33B5B4D4}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{367E94B8-9E3D-45D2-A9A9-BE8C2634F091}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8242B6EE-E727-49FF-87C1-ACC7079E06DF}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{5FBA1AAF-5B24-47FC-A6FF-5E92D9DF30E8}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B7C6205D-27A1-4E93-AC3E-2BE25ECD7697}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FB6B8565-049C-41CC-89D6-8CE581EF4DFB}] => %ProgramFiles% (x86)\Winamp\winamp.exe
FirewallRules: [{39E2E4BF-4C8E-44E6-9FFC-E39CABE0D7BD}] => %ProgramFiles% (x86)\Winamp\winamp.exe
FirewallRules: [{11588CD1-B05A-4397-83A1-D8441F2DCCE6}] => C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
FirewallRules: [{1C2F6B4B-F50D-481E-899F-EC4C5B792571}] => C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/04/2016 07:58:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 50.0.1.6171, time stamp: 0x58367404
Faulting module name: mozglue.dll, version: 50.0.1.6171, time stamp: 0x58366d59
Exception code: 0x80000003
Fault offset: 0x0000ed4b
Faulting process id: 0x38c
Faulting application start time: 0x01d24e5864893d50
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: 9abc6a70-ba53-11e6-bb87-001d60863ea4

Error: (12/04/2016 07:58:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 50.0.1.6171, time stamp: 0x58367404
Faulting module name: mozglue.dll, version: 50.0.1.6171, time stamp: 0x58366d59
Exception code: 0x80000003
Fault offset: 0x0000ed4b
Faulting process id: 0x194
Faulting application start time: 0x01d24e15eed6a5d0
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: 94bdfdf0-ba53-11e6-bb87-001d60863ea4

Error: (12/03/2016 10:19:58 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (12/03/2016 06:21:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 50.0.1.6171, time stamp: 0x58367404
Faulting module name: mozglue.dll, version: 50.0.1.6171, time stamp: 0x58366d59
Exception code: 0x80000003
Fault offset: 0x0000ed4b
Faulting process id: 0xb70
Faulting application start time: 0x01d24d8905fd9990
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: e7ff72a0-b97c-11e6-bb87-001d60863ea4

Error: (12/03/2016 06:15:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 50.0.0.6152, time stamp: 0x581d7ed2
Faulting module name: mozglue.dll, version: 50.0.0.6152, time stamp: 0x581d788d
Exception code: 0x80000003
Fault offset: 0x0000ed40
Faulting process id: 0x1b44
Faulting application start time: 0x01d24d87badcec50
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: 0b593de0-b97c-11e6-bb87-001d60863ea4

Error: (11/27/2016 02:56:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bc4

Start Time: 01d248200ef0c860

Termination Time: 225

Application Path: C:\Windows\Explorer.EXE

Report Id: 35c0f691-b4a9-11e6-bb87-001d60863ea4

Error: (11/14/2016 12:58:58 AM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
Description: Microsoft Word: Rejected Safe Mode action : Word hat festgestellt, dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus starten?.
Rejected Safe Mode action : Microsoft Word.

Error: (11/05/2016 03:05:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/05/2016 03:05:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/04/2016 11:38:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 49.0.2.6136 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a88

Start Time: 01d236af6a8da490

Termination Time: 236

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 6a0e7d41-a2df-11e6-bf1e-001d60863ea4


System errors:
=============
Error: (12/10/2016 12:03:08 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The NVIDIA Streamer Service service did not shut down properly after receiving a preshutdown control.

Error: (12/08/2016 07:43:37 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: Proximity detection failed due to unknown error '0x80004004'.  The best proximity time detected was -1 milliseconds.

Error: (11/14/2016 11:36:11 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The NVIDIA Streamer Service service did not shut down properly after receiving a preshutdown control.

Error: (11/05/2016 12:35:44 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (11/04/2016 09:30:28 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/04/2016 09:30:02 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: Proximity detection failed due to unknown error '0x80004004'.  The best proximity time detected was -1 milliseconds.

Error: (10/25/2016 09:33:34 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The NVIDIA Streamer Service service did not shut down properly after receiving a preshutdown control.

Error: (10/23/2016 02:02:19 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The NVIDIA Streamer Service service did not shut down properly after receiving a preshutdown control.

Error: (10/22/2016 11:48:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (10/22/2016 02:22:02 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
  Date: 2014-10-16 21:43:04.096
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-16 21:43:04.058
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-23 01:42:44.803
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\m\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-23 01:42:44.756
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\m\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-23 01:42:44.444
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-23 01:42:44.413
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
Percentage of memory in use: 71%
Total physical RAM: 4094.49 MB
Available physical RAM: 1175.79 MB
Total Virtual: 16376.16 MB
Available Virtual: 12266.21 MB

==================== Drives ================================

Drive c: (Satan) (Fixed) (Total:97.56 GB) (Free:10.97 GB) NTFS
Drive d: (Old C) (Fixed) (Total:195.31 GB) (Free:41.47 GB) NTFS
Drive e: (Old D) (Fixed) (Total:195.31 GB) (Free:55.1 GB) NTFS
Drive f: (Old E) (Fixed) (Total:75.14 GB) (Free:23.73 GB) NTFS
Drive g: () (Fixed) (Total:292.97 GB) (Free:53.66 GB) NTFS
Drive h: () (Fixed) (Total:540.89 GB) (Free:110.23 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================
--- --- ---

--- --- ---

Antwort

Themen zu 50% CPU usage wenn idle...
50% cpu, angeblich, coin-miner, cpu, gefunde, gelöscht, glaube, hilfe, hilfe!, malwarebytes, nicht, nicht mehr, wirklich


« Laptop bereinigen nach "Microsoft-Anruf" | Win10 adware/hijacking probleme »


Ähnliche Themen: 50% CPU usage wenn idle...


  1. erhöhte CPU-Last nach paar Minuten idle
    Plagegeister aller Art und deren Bekämpfung - 05.12.2016 (3)
  2. CPU Auslastung hoch komische Datei IDLE
    Alles rund um Windows - 18.06.2016 (9)
  3. Wenn ich etwas anklicke scheint es so als wenn es mehrfach passiert
    Alles rund um Windows - 14.05.2016 (0)
  4. Problem mit TCP Ports PID 0 und System Idle Prozess , ständig neue Verbindung
    Plagegeister aller Art und deren Bekämpfung - 20.04.2016 (6)
  5. Win 7 (64) - CPU 100% sobald Browser geöffnet, Idle ok. Auch bei anderen Anwendungen meist 100% CPU
    Log-Analyse und Auswertung - 09.07.2015 (5)
  6. Hohe CPU-Last im Idle (Systemunterbrechung wird mit über 20% CPU-Last im Schnitt angezeigt)
    Plagegeister aller Art und deren Bekämpfung - 29.11.2013 (7)
  7. Bei Internetverbindungsaufbau GPU Last hoch trotz idle
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (5)
  8. CPU im idle 68°C bei spielen 100% auslastung
    Log-Analyse und Auswertung - 13.11.2012 (9)
  9. CPU USAGE bei 100%
    Alles rund um Windows - 25.05.2012 (3)
  10. deutliche Traffic-Anzeige an Router und Modem, CPU: idle: werde ich gescannt?
    Netzwerk und Hardware - 03.03.2011 (4)
  11. Critical Error RAM memory usage .. HDD ... "Scanner" öffnet sich dauernd
    Plagegeister aller Art und deren Bekämpfung - 06.01.2011 (13)
  12. CPU Usage konstant bei 30% und mehr
    Plagegeister aller Art und deren Bekämpfung - 08.06.2010 (4)
  13. Vista wird immer lahmer und hat hohe cpu usage - Virus ?
    Log-Analyse und Auswertung - 03.02.2008 (0)
  14. Was tun, wenn Trojaner da?
    Plagegeister aller Art und deren Bekämpfung - 09.02.2006 (2)
  15. Was ist wenn...
    Plagegeister aller Art und deren Bekämpfung - 20.03.2005 (50)
  16. BACKDOOR Trojaner - Firewall, idle und Emule
    Plagegeister aller Art und deren Bekämpfung - 20.07.2004 (21)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema 50% CPU usage wenn idle... - FRST Logfile: FRST Logfile: Code: Alles auswählen Aufklappen ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016 Ran by Teng (ATTENTION: The user is not administrator) on - 50% CPU usage wenn idle......
Archiv
Du betrachtest: 50% CPU usage wenn idle... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131