Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7 Hartnäckiger svchost Virus (https://www.trojaner-board.de/161627-windows-7-hartnaeckiger-svchost-virus.html)

Arsonil 08.12.2014 13:38
Windows 7 Hartnäckiger svchost Virus
 
Hi.
In letzter Zeit (2-3 Wochen) taucht bei jedem Neustart meines Rechners bzw. auch bei jedem mal wo ich mich ins Internet einwähle eine Virusfundmeldung meines Virenprogrammes auf (avast).
Insgesamt sind es 2 Funde :
Der erste ist svchost.exe und soll laut avast Malware sein
Der zweite ist mysteriös heißt lovered.info oder ähnlich und soll ein Trojander sein.
Komischerweise finden diese sich niemals im Quarantäne Ordner wieder obwohl sie dorthin verschoben worden sein sollen, und generieren sich wie gesagt jedesmal neu.
Defogger::
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:09 on 08/12/2014 (Marvin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST::
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 02
Ran by Marvin (administrator) on MARVIN-PC on 08-12-2014 13:10:39
Running from C:\Users\Marvin\Downloads
Loaded Profile: Marvin (Available profiles: Marvin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Geek Software GmbH) E:\Programme\PDF24\pdf24.exe
() E:\Programme\Kudos RS\Gaming Mouse.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
() C:\Users\Marvin\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-30] (AVAST Software)
HKLM-x32\...\Run: [PDFPrint] => E:\Programme\PDF24\pdf24.exe [191016 2014-05-14] (Geek Software GmbH)
HKLM-x32\...\Run: [SPEEDLINK KUDOS] => E:\Programme\Kudos RS\Gaming Mouse.exe [1470464 2012-02-07] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-12-01] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-605976145-798981982-18162885-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-605976145-798981982-18162885-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Marvin\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-605976145-798981982-18162885-1000\...\Run: [EPSON SX420W Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-605976145-798981982-18162885-1000\...\MountPoints2: {05d3cf39-b73a-11e3-9cf3-94de80bed92c} - G:\Startme.exe
HKU\S-1-5-21-605976145-798981982-18162885-1000\...\MountPoints2: {9091c385-14b7-11e4-b4c3-94de80bed92c} - F:\AUTOSTARTER.EXE
HKU\S-1-5-21-605976145-798981982-18162885-1000\...\MountPoints2: {e8d11947-8f9a-11e3-b70b-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-605976145-798981982-18162885-1000\...\MountPoints2: {f193f14b-a38c-11e3-9cc9-94de80bed92c} - F:\autorun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs:  C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll => C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll File Not Found
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs-x32:  c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-605976145-798981982-18162885-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3321541&octid=EB_ORIGINAL_CTID&ISID=MD24241E3-285C-4499-BCD8-17783286B64F&SearchSource=55&CUI=&UM=5&UP=SPC74D7732-2844-4E76-8E51-9CBB0CD66904&SSPV=
HKU\S-1-5-21-605976145-798981982-18162885-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-605976145-798981982-18162885-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x435D160A7623CF01
HKU\S-1-5-21-605976145-798981982-18162885-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: SoFtCoup -> {29AEA0ED-7C22-E6D8-21DB-42958C6E3868} -> C:\ProgramData\SoFtCoup\okT_lYjl8.x64.dll ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\t06r99nt.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\t06r99nt.default\user.js
FF SearchPlugin: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\t06r99nt.default\searchplugins\conduit-search.xml
FF Extension: ProxTube - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\t06r99nt.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-07-28]
FF Extension: Adblock Plus - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\t06r99nt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-07]
FF Extension: Tab Mix Plus - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\t06r99nt.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-02-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-09]
FF HKU\S-1-5-21-605976145-798981982-18162885-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-09]
CHR Extension: (Scrollbar Anywhere) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\namcaplenodjnggbfkbopdbfngponici [2014-06-30]
CHR Extension: (Google Wallet) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-30] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-30] (Avast Software)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-10-07] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-11-14] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-09-03] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
S3 TunngleService; E:\Programme\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-30] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-04-16] () [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-26] (Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2014-04-16] () [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21584 2013-05-06] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-30] (Avast Software)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 hxsyol; \??\E:\Programme\Aura Kingdom\AuraKingdom\avital\hxsy64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 13:10 - 2014-12-08 13:10 - 00018408 _____ () C:\Users\Marvin\Downloads\FRST.txt
2014-12-08 13:10 - 2014-12-08 13:10 - 00000000 ____D () C:\FRST
2014-12-08 13:09 - 2014-12-08 13:09 - 00000474 _____ () C:\Users\Marvin\Downloads\defogger_disable.log
2014-12-08 13:09 - 2014-12-08 13:09 - 00000168 _____ () C:\Users\Marvin\defogger_reenable
2014-12-08 13:04 - 2014-12-08 13:04 - 00380416 _____ () C:\Users\Marvin\Downloads\Gmer-19357.exe
2014-12-08 13:03 - 2014-12-08 13:03 - 02119680 _____ (Farbar) C:\Users\Marvin\Downloads\FRST64.exe
2014-12-08 13:02 - 2014-12-08 13:02 - 00050477 _____ () C:\Users\Marvin\Downloads\Defogger.exe
2014-12-08 11:10 - 2014-12-08 11:11 - 00000197 _____ () C:\Windows\system32\2014-12-08-10-10-48.062-AvastVBoxSVC.exe-3264.log
2014-12-07 15:19 - 2014-12-07 15:19 - 00000000 ____D () C:\Users\Marvin\Desktop\Zeuhniskrams
2014-12-07 14:02 - 2014-12-07 14:03 - 00000197 _____ () C:\Windows\system32\2014-12-07-13-02-52.057-AvastVBoxSVC.exe-2556.log
2014-12-07 12:09 - 2014-12-07 12:10 - 00000197 _____ () C:\Windows\system32\2014-12-07-11-09-38.010-AvastVBoxSVC.exe-3148.log
2014-12-06 14:16 - 2014-12-06 14:16 - 00000197 _____ () C:\Windows\system32\2014-12-06-13-16-15.094-AvastVBoxSVC.exe-3252.log
2014-12-05 12:02 - 2014-12-05 12:02 - 00000197 _____ () C:\Windows\system32\2014-12-05-11-02-04.083-AvastVBoxSVC.exe-3112.log
2014-12-04 13:02 - 2014-12-04 13:03 - 00000197 _____ () C:\Windows\system32\2014-12-04-12-02-35.027-AvastVBoxSVC.exe-3148.log
2014-12-03 13:13 - 2014-12-03 13:13 - 00000197 _____ () C:\Windows\system32\2014-12-03-12-13-21.070-AvastVBoxSVC.exe-3204.log
2014-12-02 13:00 - 2014-11-12 21:46 - 00615624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-02 12:59 - 2014-11-13 01:20 - 31893136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 24557712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 14032984 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 13944952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 13213512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-02 12:59 - 2014-11-13 01:20 - 11397744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 11336432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 04292416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 04011208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 02874456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00964928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00923792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00900928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00871648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00500880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00418112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-02 11:04 - 2014-12-02 11:05 - 00000197 _____ () C:\Windows\system32\2014-12-02-10-04-40.037-AvastVBoxSVC.exe-3176.log
2014-12-02 11:04 - 2014-12-02 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-02 11:04 - 2014-12-02 11:04 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-02 00:12 - 2014-12-02 00:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-01 10:56 - 2014-12-01 10:57 - 00000197 _____ () C:\Windows\system32\2014-12-01-09-56-51.022-AvastVBoxSVC.exe-3232.log
2014-11-30 20:33 - 2014-11-30 20:34 - 00000247 _____ () C:\Windows\system32\2014-11-30-19-33-59.061-aswFe.exe-5936.log
2014-11-30 20:32 - 2014-11-30 20:33 - 00000247 _____ () C:\Windows\system32\2014-11-30-19-32-02.003-aswFe.exe-6292.log
2014-11-30 20:31 - 2014-11-30 20:32 - 00000197 _____ () C:\Windows\system32\2014-11-30-19-31-59.032-AvastVBoxSVC.exe-2824.log
2014-11-30 20:31 - 2014-11-30 20:31 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-30 20:31 - 2014-11-30 20:31 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-30 20:27 - 2014-11-30 20:27 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-30 20:27 - 2014-11-30 20:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-30 20:21 - 2014-11-30 20:21 - 00297816 _____ () C:\Windows\Minidump\113014-47221-01.dmp
2014-11-30 20:20 - 2014-11-30 20:20 - 443793662 _____ () C:\Windows\MEMORY.DMP
2014-11-25 12:24 - 2014-11-25 12:24 - 00000000 __SHD () C:\Users\Marvin\AppData\Local\EmieBrowserModeList
2014-11-23 18:43 - 2014-11-23 18:43 - 00000000 ____D () C:\Users\Marvin\AppData\Local\PAYDAY
2014-11-23 17:18 - 2014-11-23 17:18 - 00000211 _____ () C:\Users\Marvin\Desktop\PAYDAY The Heist.url
2014-11-22 17:10 - 2014-11-23 18:42 - 00035102 _____ () C:\Windows\DirectX.log
2014-11-22 17:10 - 2014-11-22 17:10 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Risen
2014-11-21 22:25 - 2014-11-21 22:25 - 00000211 _____ () C:\Users\Marvin\Desktop\Risen.url
2014-11-20 17:35 - 2014-12-02 12:58 - 00001101 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-11-20 17:35 - 2014-12-02 12:58 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-11-20 17:35 - 2014-11-20 17:35 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Canneverbe Limited
2014-11-20 17:35 - 2014-11-20 17:35 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-11-20 17:23 - 2014-11-20 17:32 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\DeepBurner
2014-11-20 11:19 - 2014-12-08 11:10 - 00004359 _____ () C:\Windows\setupact.log
2014-11-20 11:19 - 2014-11-20 11:19 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-20 11:18 - 2014-12-06 14:15 - 00018354 _____ () C:\Windows\PFRO.log
2014-11-20 01:16 - 2014-12-07 21:29 - 00000000 ____D () C:\Users\Marvin\.ruslanka
2014-11-20 01:16 - 2014-11-20 01:16 - 00001893 _____ () C:\Users\Public\Desktop\Ruslanka.lnk
2014-11-20 01:16 - 2014-11-20 01:16 - 00001893 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ruslanka.lnk
2014-11-20 01:16 - 2014-11-20 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ruslanka
2014-11-20 01:16 - 2014-11-20 01:16 - 00000000 ____D () C:\Program Files (x86)\Ruslanka
2014-11-19 11:46 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 11:46 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 11:46 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 11:46 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-17 14:14 - 2014-11-17 14:14 - 00000620 _____ () C:\Users\Public\Desktop\Bernd Das Brot.lnk
2014-11-17 14:13 - 2014-11-17 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver
2014-11-16 19:14 - 2014-11-16 19:14 - 00000212 _____ () C:\Users\Marvin\Desktop\PAYDAY 2.url
2014-11-12 10:43 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 10:43 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 10:43 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 10:43 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 10:43 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 10:43 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 10:43 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 10:43 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 10:43 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 10:43 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 10:43 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 10:43 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 10:43 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 10:43 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 10:43 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 10:43 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 10:43 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 10:43 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 10:43 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 10:43 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 10:43 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 10:43 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 10:43 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 10:43 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 10:43 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 10:43 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 10:43 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 10:43 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 10:43 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 10:43 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 10:43 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 10:43 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 10:43 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 10:43 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 10:43 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 10:43 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 10:43 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 10:43 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 10:43 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 10:43 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 10:43 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 10:43 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 10:43 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 10:43 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 10:43 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 10:43 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 10:43 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 10:43 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 10:43 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 10:43 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 10:43 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 10:43 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 10:43 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 10:43 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 10:43 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 10:43 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 10:43 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 10:43 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 10:43 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 10:43 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 10:43 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 10:43 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 10:43 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 10:43 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 10:43 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 10:42 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 10:42 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 10:42 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 10:42 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 10:42 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 10:42 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 10:42 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 10:42 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 10:42 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 10:42 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 10:42 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 10:42 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 10:42 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 10:42 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 10:42 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 10:42 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 10:42 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 10:42 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 10:42 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 10:42 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 10:42 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 10:42 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 10:42 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 10:42 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 10:42 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 10:42 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 10:42 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 10:42 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 10:42 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 10:42 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 10:42 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 13:09 - 2014-02-06 20:04 - 00000000 ____D () C:\Users\Marvin
2014-12-08 13:05 - 2014-03-29 13:05 - 00000296 _____ () C:\Windows\Tasks\MySearchDial.job
2014-12-08 13:01 - 2014-02-06 23:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-08 12:56 - 2014-02-06 21:11 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\TS3Client
2014-12-08 12:40 - 2014-05-09 23:23 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-08 12:23 - 2014-02-07 00:23 - 00000292 _____ () C:\Windows\Tasks\FoxTab.job
2014-12-08 11:17 - 2009-07-14 05:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-08 11:17 - 2009-07-14 05:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-08 11:16 - 2011-04-12 08:43 - 00700454 _____ () C:\Windows\system32\perfh007.dat
2014-12-08 11:16 - 2011-04-12 08:43 - 00150092 _____ () C:\Windows\system32\perfc007.dat
2014-12-08 11:16 - 2009-07-14 06:13 - 01624034 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-08 11:14 - 2014-02-06 20:04 - 01098487 _____ () C:\Windows\WindowsUpdate.log
2014-12-08 11:11 - 2014-06-09 15:55 - 00000000 ____D () C:\ProgramData\374311380
2014-12-08 11:11 - 2014-02-07 00:05 - 00000000 ____D () C:\Users\Marvin\AppData\Local\LogMeIn Hamachi
2014-12-08 11:10 - 2014-05-09 23:23 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-08 11:10 - 2014-02-06 21:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-08 11:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-08 01:15 - 2014-02-09 14:54 - 00007620 _____ () C:\Users\Marvin\AppData\Local\Resmon.ResmonCfg
2014-12-08 01:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-07 15:21 - 2014-05-07 13:24 - 00000000 ____D () C:\Users\Marvin\Desktop\Random Stuff
2014-12-07 15:19 - 2014-10-19 12:21 - 00000000 ____D () C:\Users\Marvin\Desktop\Online Bewerbung Ausbildung Stadt Bochum-Dateien
2014-12-07 15:09 - 2014-08-19 22:59 - 00000000 ____D () C:\Users\Marvin\Documents\Electronic Arts
2014-12-07 15:09 - 2014-02-06 20:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-06 14:16 - 2014-02-07 16:46 - 00001846 _____ () C:\Windows\Sandboxie.ini
2014-12-03 13:13 - 2014-05-09 23:24 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-03 13:12 - 2014-02-06 23:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-02 13:01 - 2014-02-07 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-02 13:00 - 2014-02-06 21:04 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-30 20:27 - 2014-05-09 23:22 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-30 20:27 - 2014-05-09 23:22 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-30 20:27 - 2014-05-09 23:22 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-30 20:27 - 2014-05-09 23:22 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-30 20:27 - 2014-05-09 23:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-30 20:27 - 2014-05-09 23:22 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-30 20:27 - 2014-05-09 23:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-30 20:27 - 2014-05-09 23:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-30 20:21 - 2014-06-07 01:31 - 00000000 ____D () C:\Windows\Minidump
2014-11-26 17:01 - 2014-02-06 23:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 17:01 - 2014-02-06 23:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 17:01 - 2014-02-06 23:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-24 17:51 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-24 17:49 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-20 12:41 - 2014-05-18 12:28 - 00000000 ____D () C:\Users\Marvin\Desktop\Pokemon Omicron 1.4 (Win)
2014-11-19 11:52 - 2014-03-05 13:04 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\DAEMON Tools Lite
2014-11-17 22:48 - 2014-07-10 01:05 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\DarknessII
2014-11-17 16:33 - 2014-02-12 15:44 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Skyrim
2014-11-17 16:30 - 2014-02-12 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-11-17 11:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 14:55 - 2009-07-14 05:45 - 00293384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 01:20 - 2014-10-06 17:00 - 16884632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-13 01:20 - 2014-02-07 18:31 - 20986592 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-13 01:20 - 2014-02-07 18:31 - 18514616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-13 01:20 - 2014-02-06 21:04 - 00027094 _____ () C:\Windows\system32\nvinfo.pb
2014-11-13 01:20 - 2014-02-06 21:03 - 03262784 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-13 01:20 - 2014-02-06 21:03 - 00989056 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-11-13 01:20 - 2014-02-06 21:03 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-13 01:20 - 2014-02-06 21:03 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-13 00:16 - 2014-02-07 17:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 00:15 - 2014-02-07 17:18 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 22:56 - 2014-02-06 21:04 - 06897352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-12 22:56 - 2014-02-06 21:04 - 03534152 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-12 22:56 - 2014-02-06 21:04 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-12 22:56 - 2014-02-06 21:04 - 00934032 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-12 22:56 - 2014-02-06 21:04 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-12 22:56 - 2014-02-06 21:04 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-11 11:29 - 2014-02-06 21:04 - 04100776 _____ () C:\Windows\system32\nvcoproc.bin
2014-11-10 13:40 - 2014-07-01 22:17 - 00000449 _____ () C:\Users\Marvin\Documents\aionmemo_b6155377.dat

Some content of TEMP:
====================
C:\Users\Marvin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Marvin\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-07 12:27

==================== End Of Log ============================
Addition::
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 02
Ran by Marvin at 2014-12-08 13:11:01
Running from C:\Users\Marvin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
AION Free-To-Play (HKLM-x32\...\InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}) (Version: 2.70.0000 - Gameforge)
AION Free-To-Play (x32 Version: 2.70.0000 - Gameforge) Hidden
Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version:  - Trion Worlds, Inc.)
Assassin's Creed (HKLM-x32\...\Steam App 15100) (Version:  - Ubisoft Montreal)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Bernd Das Brot (HKLM-x32\...\{DE45597F-C985-496B-A7BB-CAACADDF625D}) (Version: 1.00 - Deep Silver)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
Druckerdeinstallation für EPSON SX420W Series (HKLM\...\EPSON SX420W Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Evolve (HKLM-x32\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Fast And Safe (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf}) (Version:  - GTgroup) <==== ATTENTION
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Gothic (HKLM-x32\...\{BBF10B37-4ED3-11D5-A818-00500435FC18}) (Version:  - )
Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.0.0 - JoWooD Productions Software AG)
Gothic_Patch (HKLM-x32\...\{302AC480-43D2-11D5-A818-00500435FC18}) (Version:  - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3071 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.100 - Intel Corporation)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
KUDOS RS Gaming Mouse (HKLM-x32\...\SPEEDLINK KUDOS) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.279 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.279 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Might & Magic: Duel of Champions (HKLM-x32\...\Steam App 256410) (Version:  - Ubisoft Quebec)
Mozilla Firefox 34.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.49.8 - Black Tree Gaming)
NVIDIA 3D Vision Controller-Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
ON_OFF Charge 2 B13.0506.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0506.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Orcs Must Die! Unchained (HKLM-x32\...\{8EBA33AF-48E0-4207-A4EE-96029415AD76}_is1) (Version:  - Gameforge 4D GmbH)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PDF24 Creator 6.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Risen (HKLM-x32\...\Steam App 40300) (Version:  - Piranha – Bytes)
Risen 2 - Dark Waters (HKLM-x32\...\Steam App 40390) (Version:  - Piranha Bytes)
Ruslanka (HKLM-x32\...\4001-9763-4923-8008) (Version: 1.2 - nautavis GmbH)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
The Darkness II (HKLM-x32\...\Steam App 67370) (Version:  - Digital Extremes)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Guild II - Pirates of the European Seas (HKLM-x32\...\Steam App 39660) (Version:  - 4 Head Studios)
The Guild II (HKLM-x32\...\Steam App 39650) (Version:  - 4 Head Studios)
The Guild II: Renaissance (HKLM-x32\...\Steam App 39680) (Version:  - Rune Forge)
The Sims 4 Update 1.0.797.20 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
Thief (HKLM-x32\...\VGhpZWY=_is1) (Version: 1 - )
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Vindictus EU (HKLM-x32\...\Vindictus EU) (Version:  - )
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-605976145-798981982-18162885-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-605976145-798981982-18162885-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-605976145-798981982-18162885-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-605976145-798981982-18162885-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-605976145-798981982-18162885-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-605976145-798981982-18162885-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Restore Points  =========================

25-11-2014 11:20:09 Windows Update
28-11-2014 12:09:40 Windows Update
30-11-2014 19:25:42 avast! antivirus system restore point
02-12-2014 11:29:07 Windows Update
07-12-2014 14:09:45 Entfernt Die*Sims*Mittelalter

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {70660742-A3CD-4E13-B0F7-CFE39B9A4346} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {8FE8C1AF-4D8A-4039-AA0E-A4BD699662EA} - System32\Tasks\MySearchDial => C:\Users\Marvin\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {A495B6E2-A0FC-445C-8294-7AD1EBBB554A} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader Updater\YourFileUpdater.exe <==== ATTENTION
Task: {A8EAD255-5B8D-41B4-94C7-E29386C57134} - System32\Tasks\Digital Sites => C:\Users\Marvin\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {B5ECDC1C-BF72-4573-BEA8-9031FE48C4AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {EDA33E4C-20F8-41CE-B7AD-B3BC6D0B4EEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {F6F95AB6-DC57-4B5B-993D-498FBB604ADD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-30] (AVAST Software)
Task: {F786E456-0BF7-45CD-AA7A-940748A2CCA5} - System32\Tasks\FoxTab => C:\Users\Marvin\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {FCDE8C60-5688-4352-9776-41E5FF1EA5A1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Marvin\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\Marvin\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Marvin\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-02-06 21:04 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-13 15:04 - 2014-09-03 12:27 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-11-30 20:27 - 2014-11-30 20:27 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-30 20:27 - 2014-11-30 20:27 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-02-06 20:53 - 2013-03-19 14:25 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-02-07 00:58 - 2012-02-07 00:58 - 01470464 _____ () E:\Programme\Kudos RS\Gaming Mouse.exe
2014-12-08 13:02 - 2014-12-08 13:02 - 00050477 _____ () C:\Users\Marvin\Downloads\Defogger.exe
2014-12-07 22:04 - 2014-12-07 22:04 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120702\algo.dll
2014-11-30 20:27 - 2014-11-30 20:27 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-12-08 11:10 - 2014-12-08 11:10 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120800\algo.dll
2014-11-30 20:27 - 2014-11-30 20:27 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-30 20:27 - 2014-11-30 20:27 - 00888216 _____ () C:\Program Files\AVAST Software\Avast\ffmpegsumo.dll
2014-02-06 20:52 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-02-28 14:33 - 2014-02-28 14:33 - 00148480 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\quazip.dll
2014-02-27 14:46 - 2014-02-27 14:46 - 00864768 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\platforms\qwindows.dll
2014-02-27 14:45 - 2014-02-27 14:45 - 00677376 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-07-11 15:02 - 2014-07-11 15:02 - 00092104 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win32.dll
2014-07-11 15:02 - 2014-07-11 15:02 - 00105416 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll
2014-02-27 14:46 - 2014-02-27 14:46 - 00025600 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 14:46 - 2014-02-27 14:46 - 00242688 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-07-11 15:04 - 2014-07-11 15:04 - 00477128 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-07-14 09:21 - 2014-07-14 09:21 - 00484808 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 14:46 - 2014-02-27 14:46 - 00123904 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2014-12-02 00:12 - 2014-12-02 00:12 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-26 17:01 - 2014-11-26 17:01 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-605976145-798981982-18162885-500 - Administrator - Disabled)
Gast (S-1-5-21-605976145-798981982-18162885-501 - Limited - Disabled)
Marvin (S-1-5-21-605976145-798981982-18162885-1000 - Administrator - Enabled) => C:\Users\Marvin

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/08/2014 11:10:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2014 02:00:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2014 00:09:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2014 02:16:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/05/2014 00:00:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/04/2014 01:02:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2014 01:13:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2014 11:04:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/01/2014 09:40:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm CivilizationV.exe, Version 1.0.3.276 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1624

Startzeit: 01d00da7058ccdf7

Endzeit: 17

Anwendungspfad: E:\Programme\Steam\steamapps\common\Sid Meier's Civilization V\CivilizationV.exe

Berichts-ID:

Error: (12/01/2014 10:56:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/08/2014 11:10:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UsbCharger

Error: (12/08/2014 11:10:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error: (12/08/2014 11:10:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error: (12/08/2014 01:16:02 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "DNS-Client" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (12/08/2014 01:11:07 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "SSDP-Suche" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (12/08/2014 01:11:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/08/2014 01:11:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "SSDP-Suche" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/08/2014 01:11:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/08/2014 01:11:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/08/2014 01:11:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (12/08/2014 11:10:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2014 02:00:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2014 00:09:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2014 02:16:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/05/2014 00:00:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/04/2014 01:02:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2014 01:13:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2014 11:04:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/01/2014 09:40:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: CivilizationV.exe1.0.3.276162401d00da7058ccdf717E:\Programme\Steam\steamapps\common\Sid Meier's Civilization V\CivilizationV.exe

Error: (12/01/2014 10:56:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-12-08 11:10:43.504
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-08 11:10:43.454
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-08 11:10:42.203
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-08 11:10:42.140
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-07 14:00:51.028
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-07 14:00:50.966
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-07 14:00:50.841
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-07 14:00:50.778
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-07 12:09:31.920
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-07 12:09:31.870
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 30%
Total physical RAM: 8071 MB
Available physical RAM: 5602.63 MB
Total Pagefile: 16140.18 MB
Available Pagefile: 13290.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:19.75 GB) NTFS
Drive e: (DATA) (Fixed) (Total:465.76 GB) (Free:72.67 GB) NTFS
Drive f: (BDB) (CDROM) (Total:1.34 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 47DDC6EF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Gmer.txt ::
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-08 13:26:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2 KINGSTON_SV300S37A120G rev.521ABBF0 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Marvin\AppData\Local\Temp\pxdiypob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                    fffff800033b6000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                    fffff800033b602f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Windows\SysWOW64\PnkBstrA.exe[2676] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                0000000074a31a22 2 bytes [A3, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2676] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                0000000074a31ad0 2 bytes [A3, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2676] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                0000000074a31b08 2 bytes [A3, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2676] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                0000000074a31bba 2 bytes [A3, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2676] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                0000000074a31bda 2 bytes [A3, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                        0000000075231465 2 bytes [23, 75]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                        00000000752314bb 2 bytes [23, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000075231465 2 bytes [23, 75]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000752314bb 2 bytes [23, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files\AVAST Software\Avast\AvastUI.exe[3916] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                  0000000075c58791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3376] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69                                  0000000075231465 2 bytes [23, 75]
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3376] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155                                00000000752314bb 2 bytes [23, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000075231465 2 bytes [23, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000752314bb 2 bytes [23, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000075231465 2 bytes [23, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000752314bb 2 bytes [23, 75]
.text    ...                                                                                                                                                    * 2

---- EOF - GMER 2.1 ----

cosinus 08.12.2014 13:50
Hi

bitte poste die genauen Meldungen von Avast. Am besten das Avast-Logfile, das den Fund protokolliert.

Arsonil 08.12.2014 13:51
wo genau finde ich denn die logfiels habe schon nach dem stichwort log unter avast gesucht aber nichts gefunden

cosinus 08.12.2014 13:54
Wir haben hier leider nicht für jeden Virenscanner eine bebilderte Anleitung. Aus dem Avast-Forum => Hinweis Avast 2015 / 2014 / 8 / 7 / 6 / 5 / 4 - Häufig gestelle Fragen und Wissensdatenbank

Arsonil 08.12.2014 14:05
Avast Anti-rootkit Log
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-08 13:26:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2 KINGSTON_SV300S37A120G rev.521ABBF0 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Marvin\AppData\Local\Temp\pxdiypob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                    fffff800033b6000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                    fffff800033b602f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Windows\SysWOW64\PnkBstrA.exe[2676] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                0000000074a31a22 2 bytes [A3, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2676] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                0000000074a31ad0 2 bytes [A3, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2676] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                0000000074a31b08 2 bytes [A3, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2676] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                0000000074a31bba 2 bytes [A3, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2676] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                0000000074a31bda 2 bytes [A3, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                        0000000075231465 2 bytes [23, 75]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                        00000000752314bb 2 bytes [23, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000075231465 2 bytes [23, 75]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000752314bb 2 bytes [23, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files\AVAST Software\Avast\AvastUI.exe[3916] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                  0000000075c58791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3376] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69                                  0000000075231465 2 bytes [23, 75]
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3376] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155                                00000000752314bb 2 bytes [23, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000075231465 2 bytes [23, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000752314bb 2 bytes [23, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000075231465 2 bytes [23, 75]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000752314bb 2 bytes [23, 75]
.text    ...                                                                                                                                                    * 2

---- EOF - GMER 2.1 ----
Avast Eventlog
Code:
19.11.2014        23:46:13        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
19.11.2014        23:46:13        The virus definitions have been automatically updated to version 141119-1.
19.11.2014        23:46:18        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
19.11.2014        23:46:18        [0000188C] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
19.11.2014        23:46:18        [0000188C] WaitForWscService( 600 ) -> true
19.11.2014        23:46:18        [0000188C] Antivirus state 0 updatedSign 1
19.11.2014        23:46:18        [0000188C] Antispyware state 0 updatedSign 1
20.11.2014        11:19:21        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
20.11.2014        11:19:21        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
20.11.2014        11:19:21        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
20.11.2014        11:19:21        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
20.11.2014        11:19:21        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
20.11.2014        11:19:21        [000007E4] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
20.11.2014        11:19:21        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
20.11.2014        11:19:30        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
20.11.2014        11:19:30        The virus definitions have been automatically updated to version 141120-0.
20.11.2014        11:19:35        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
20.11.2014        11:19:35        [00000F90] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
20.11.2014        11:22:22        [00000F90] WaitForWscService( 269 ) -> true
20.11.2014        11:22:22        [00000F90] Antivirus state 0 updatedSign 1
20.11.2014        11:22:22        [00000F90] Antispyware state 0 updatedSign 1
20.11.2014        11:22:23        [000007E4] WaitForWscService( 242 ) -> true
20.11.2014        11:22:23        [000007E4] Antivirus state 0 updatedSign 1
20.11.2014        11:22:23        [000007E4] Antispyware state 0 updatedSign 1
21.11.2014        13:07:49        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
21.11.2014        13:07:50        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
21.11.2014        13:07:50        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
21.11.2014        13:07:51        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
21.11.2014        13:07:51        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
21.11.2014        13:07:51        [000007C4] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
21.11.2014        13:07:51        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
21.11.2014        13:07:59        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
21.11.2014        13:08:00        The virus definitions have been automatically updated to version 141121-0.
21.11.2014        13:08:05        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
21.11.2014        13:08:05        [00000FAC] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
21.11.2014        13:09:55        [00000FAC] WaitForWscService( 383 ) -> true
21.11.2014        13:09:55        [00000FAC] Antivirus state 0 updatedSign 1
21.11.2014        13:09:55        [00000FAC] Antispyware state 0 updatedSign 1
21.11.2014        13:09:55        [000007C4] WaitForWscService( 355 ) -> true
21.11.2014        13:09:55        [000007C4] Antivirus state 0 updatedSign 1
21.11.2014        13:09:55        [000007C4] Antispyware state 0 updatedSign 1
21.11.2014        21:09:19        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
21.11.2014        21:09:24        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
21.11.2014        21:09:24        [00001870] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
21.11.2014        21:09:24        [00001870] WaitForWscService( 600 ) -> true
21.11.2014        21:09:24        [00001870] Antivirus state 0 updatedSign 1
21.11.2014        21:09:24        [00001870] Antispyware state 0 updatedSign 1
21.11.2014        21:09:41        The virus definitions have been automatically updated to version 141121-1.
22.11.2014        16:36:57        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
22.11.2014        16:36:58        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
22.11.2014        16:36:58        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
22.11.2014        16:36:58        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
22.11.2014        16:36:59        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
22.11.2014        16:36:59        [000007B8] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
22.11.2014        16:36:59        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
22.11.2014        16:37:08        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
22.11.2014        16:37:08        The virus definitions have been automatically updated to version 141122-0.
22.11.2014        16:37:13        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
22.11.2014        16:37:13        [00000F28] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
22.11.2014        16:39:08        [00000F28] WaitForWscService( 374 ) -> true
22.11.2014        16:39:08        [00000F28] Antivirus state 0 updatedSign 1
22.11.2014        16:39:08        [00000F28] Antispyware state 0 updatedSign 1
22.11.2014        16:39:08        [000007B8] WaitForWscService( 346 ) -> true
22.11.2014        16:39:08        [000007B8] Antivirus state 0 updatedSign 1
22.11.2014        16:39:08        [000007B8] Antispyware state 0 updatedSign 1
23.11.2014        13:37:04        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
23.11.2014        13:37:05        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
23.11.2014        13:37:05        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
23.11.2014        13:37:06        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
23.11.2014        13:37:06        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
23.11.2014        13:37:06        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
23.11.2014        13:37:06        [000007B8] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
23.11.2014        13:37:15        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
23.11.2014        13:37:15        The virus definitions have been automatically updated to version 141123-0.
23.11.2014        13:37:20        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
23.11.2014        13:37:20        [000010B0] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
23.11.2014        13:39:09        [000010B0] WaitForWscService( 383 ) -> true
23.11.2014        13:39:09        [000010B0] Antivirus state 0 updatedSign 1
23.11.2014        13:39:09        [000007B8] WaitForWscService( 354 ) -> true
23.11.2014        13:39:09        [000007B8] Antivirus state 0 updatedSign 1
23.11.2014        13:39:09        [000007B8] Antispyware state 0 updatedSign 1
23.11.2014        13:39:09        [000010B0] Antispyware state 0 updatedSign 1
23.11.2014        21:38:13        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
23.11.2014        21:38:13        The virus definitions have been automatically updated to version 141123-1.
23.11.2014        21:38:18        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
23.11.2014        21:38:18        [00000CF8] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
23.11.2014        21:38:18        [00000CF8] WaitForWscService( 600 ) -> true
23.11.2014        21:38:18        [00000CF8] Antivirus state 0 updatedSign 1
23.11.2014        21:38:18        [00000CF8] Antispyware state 0 updatedSign 1
24.11.2014        10:40:56        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
24.11.2014        10:40:56        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
24.11.2014        10:40:56        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
24.11.2014        10:40:56        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
24.11.2014        10:40:56        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
24.11.2014        10:40:56        [000007B8] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
24.11.2014        10:40:56        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
24.11.2014        10:41:05        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
24.11.2014        10:41:05        The virus definitions have been automatically updated to version 141124-0.
24.11.2014        10:41:10        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
24.11.2014        10:41:10        [000013D0] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
24.11.2014        10:43:02        [000007B8] WaitForWscService( 352 ) -> true
24.11.2014        10:43:02        [000007B8] Antivirus state 0 updatedSign 1
24.11.2014        10:43:02        [000007B8] Antispyware state 0 updatedSign 1
24.11.2014        10:43:03        [000013D0] WaitForWscService( 378 ) -> true
24.11.2014        10:43:03        [000013D0] Antivirus state 0 updatedSign 1
24.11.2014        10:43:03        [000013D0] Antispyware state 0 updatedSign 1
24.11.2014        17:49:09        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
24.11.2014        17:49:09        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
24.11.2014        17:49:09        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
24.11.2014        17:49:10        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
24.11.2014        17:49:10        [0000078C] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
24.11.2014        17:49:10        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
24.11.2014        17:49:10        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
24.11.2014        17:49:12        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
24.11.2014        17:49:25        Aavm AUID event 1, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
24.11.2014        17:51:13        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
24.11.2014        17:51:13        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
24.11.2014        17:51:13        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
24.11.2014        17:51:14        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
24.11.2014        17:51:14        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
24.11.2014        17:51:14        [00000A08] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
24.11.2014        17:51:14        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
24.11.2014        17:53:17        [00000A08] WaitForWscService( 355 ) -> true
24.11.2014        17:53:17        [00000A08] Antivirus state 0 updatedSign 1
24.11.2014        17:53:17        [00000A08] Antispyware state 0 updatedSign 1
24.11.2014        21:54:42        The virus definitions have been automatically updated to version 141124-1.
24.11.2014        21:54:42        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
24.11.2014        21:54:47        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
24.11.2014        21:54:47        [00000CE4] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
24.11.2014        21:54:47        [00000CE4] WaitForWscService( 600 ) -> true
24.11.2014        21:54:47        [00000CE4] Antivirus state 0 updatedSign 1
24.11.2014        21:54:47        [00000CE4] Antispyware state 0 updatedSign 1
25.11.2014        12:16:26        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
25.11.2014        12:16:27        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
25.11.2014        12:16:27        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
25.11.2014        12:16:27        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
25.11.2014        12:16:27        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
25.11.2014        12:16:27        [000007D4] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
25.11.2014        12:16:27        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
25.11.2014        12:16:34        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
25.11.2014        12:16:35        The virus definitions have been automatically updated to version 141125-0.
25.11.2014        12:16:40        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
25.11.2014        12:16:40        [00000F3C] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
25.11.2014        12:18:32        [000007D4] WaitForWscService( 351 ) -> true
25.11.2014        12:18:32        [00000F3C] WaitForWscService( 376 ) -> true
25.11.2014        12:18:32        [000007D4] Antivirus state 0 updatedSign 1
25.11.2014        12:18:32        [00000F3C] Antivirus state 0 updatedSign 1
25.11.2014        12:18:32        [000007D4] Antispyware state 0 updatedSign 1
25.11.2014        12:18:32        [00000F3C] Antispyware state 0 updatedSign 1
25.11.2014        20:17:49        There is a new version of the program available on the Internet.
25.11.2014        20:17:50        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
25.11.2014        20:17:55        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
25.11.2014        20:17:55        [00000928] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
25.11.2014        20:17:55        [00000928] WaitForWscService( 600 ) -> true
25.11.2014        20:17:55        [00000928] Antivirus state 0 updatedSign 1
25.11.2014        20:17:55        [00000928] Antispyware state 0 updatedSign 1
26.11.2014        00:18:13        There is a new version of the program available on the Internet.
26.11.2014        11:02:40        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
26.11.2014        11:02:40        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
26.11.2014        11:02:40        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
26.11.2014        11:02:40        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
26.11.2014        11:02:41        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
26.11.2014        11:02:41        [000007AC] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
26.11.2014        11:02:41        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
26.11.2014        11:02:49        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
26.11.2014        11:02:49        There is a new version of the program available on the Internet.
26.11.2014        11:02:54        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
26.11.2014        11:02:54        [0000102C] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
26.11.2014        11:04:45        [000007AC] WaitForWscService( 352 ) -> true
26.11.2014        11:04:45        [000007AC] Antivirus state 0 updatedSign 1
26.11.2014        11:04:45        [000007AC] Antispyware state 0 updatedSign 1
26.11.2014        11:04:46        [0000102C] WaitForWscService( 378 ) -> true
26.11.2014        11:04:46        [0000102C] Antivirus state 0 updatedSign 1
26.11.2014        11:04:46        [0000102C] Antispyware state 0 updatedSign 1
26.11.2014        11:05:58        There is a new version of the program available on the Internet.
26.11.2014        15:06:17        There is a new version of the program available on the Internet.
26.11.2014        19:06:33        There is a new version of the program available on the Internet.
26.11.2014        23:06:58        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
26.11.2014        23:06:58        There is a new version of the program available on the Internet.
26.11.2014        23:07:03        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
26.11.2014        23:07:03        [00000674] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
26.11.2014        23:07:03        [00000674] WaitForWscService( 600 ) -> true
26.11.2014        23:07:03        [00000674] Antivirus state 0 updatedSign 1
26.11.2014        23:07:03        [00000674] Antispyware state 0 updatedSign 1
27.11.2014        15:43:04        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
27.11.2014        15:43:04        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
27.11.2014        15:43:05        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
27.11.2014        15:43:05        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
27.11.2014        15:43:05        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
27.11.2014        15:43:05        [000007C0] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
27.11.2014        15:43:05        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
27.11.2014        15:43:07        There is a new version of the program available on the Internet.
27.11.2014        15:45:10        [000007C0] WaitForWscService( 352 ) -> true
27.11.2014        15:45:10        [000007C0] Antivirus state 0 updatedSign 1
27.11.2014        15:45:10        [000007C0] Antispyware state 0 updatedSign 1
27.11.2014        15:52:17        There is a new version of the program available on the Internet.
27.11.2014        19:52:38        There is a new version of the program available on the Internet.
27.11.2014        23:53:03        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
27.11.2014        23:53:03        There is a new version of the program available on the Internet.
27.11.2014        23:53:08        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
27.11.2014        23:53:08        [00000FF0] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
27.11.2014        23:53:08        [00000FF0] WaitForWscService( 600 ) -> true
27.11.2014        23:53:08        [00000FF0] Antivirus state 0 updatedSign 1
27.11.2014        23:53:08        [00000FF0] Antispyware state 0 updatedSign 1
28.11.2014        11:25:15        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
28.11.2014        11:25:16        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
28.11.2014        11:25:16        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
28.11.2014        11:25:16        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
28.11.2014        11:25:16        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
28.11.2014        11:25:16        [000007B8] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
28.11.2014        11:25:16        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
28.11.2014        11:25:25        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
28.11.2014        11:25:25        There is a new version of the program available on the Internet.
28.11.2014        11:25:30        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
28.11.2014        11:25:30        [00000F28] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
28.11.2014        11:27:22        [00000F28] WaitForWscService( 379 ) -> true
28.11.2014        11:27:22        [00000F28] Antivirus state 0 updatedSign 1
28.11.2014        11:27:22        [00000F28] Antispyware state 0 updatedSign 1
28.11.2014        11:27:22        [000007B8] WaitForWscService( 351 ) -> true
28.11.2014        11:27:22        [000007B8] Antivirus state 0 updatedSign 1
28.11.2014        11:27:22        [000007B8] Antispyware state 0 updatedSign 1
28.11.2014        11:29:22        There is a new version of the program available on the Internet.
28.11.2014        15:29:43        There is a new version of the program available on the Internet.
28.11.2014        19:30:06        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
28.11.2014        19:30:07        There is a new version of the program available on the Internet.
28.11.2014        19:30:11        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
28.11.2014        19:30:11        [00001CBC] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
28.11.2014        19:30:11        [00001CBC] WaitForWscService( 600 ) -> true
28.11.2014        19:30:11        [00001CBC] Antivirus state 0 updatedSign 1
28.11.2014        19:30:11        [00001CBC] Antispyware state 0 updatedSign 1
28.11.2014        23:30:30        There is a new version of the program available on the Internet.
29.11.2014        03:30:46        There is a new version of the program available on the Internet.
29.11.2014        15:29:57        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
29.11.2014        15:29:58        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
29.11.2014        15:29:58        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
29.11.2014        15:29:58        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
29.11.2014        15:29:58        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
29.11.2014        15:29:58        [000007C0] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
29.11.2014        15:29:58        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
29.11.2014        15:30:00        There is a new version of the program available on the Internet.
29.11.2014        15:32:03        [000007C0] WaitForWscService( 358 ) -> true
29.11.2014        15:32:03        [000007C0] Antivirus state 0 updatedSign 1
29.11.2014        15:32:03        [000007C0] Antispyware state 0 updatedSign 1
30.11.2014        20:20:05        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
30.11.2014        20:20:06        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
30.11.2014        20:20:06        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
30.11.2014        20:20:07        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
30.11.2014        20:20:07        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
30.11.2014        20:20:07        [000007D0] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
30.11.2014        20:20:07        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
30.11.2014        20:21:29        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
30.11.2014        20:21:30        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 0, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
30.11.2014        20:21:30        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
30.11.2014        20:21:31        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
30.11.2014        20:21:31        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
30.11.2014        20:21:31        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
30.11.2014        20:21:31        [00000610] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
30.11.2014        20:21:42        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 0, progver 150996965, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
30.11.2014        20:21:43        There is a new version of the program available on the Internet.
30.11.2014        20:21:48        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
30.11.2014        20:21:48        [00000F24] WriteAVASFirewallStatus preVis 0 IsWin8 0 Expired 0 Fw 0 Fs 1
30.11.2014        20:23:35        [00000F24] WaitForWscService( 388 ) -> true
30.11.2014        20:23:35        [00000F24] Antivirus state 0 updatedSign 1
30.11.2014        20:23:35        [00000610] WaitForWscService( 355 ) -> true
30.11.2014        20:23:35        [00000610] Antivirus state 0 updatedSign 1
30.11.2014        20:23:35        [00000610] Antispyware state 0 updatedSign 1
30.11.2014        20:23:35        [00000F24] Antispyware state 0 updatedSign 1
30.11.2014        20:25:11        There is a new version of the program available on the Internet.
30.11.2014        20:27:06        Aavm AUID event 8, product 1,  ARCEn 0, rn , status 1, progver 150997152, Guid fba4c0ee-06d1-440b-9db2-d3c681939b79, Auid ntqJ2B4zJ7m8RD38
30.11.2014        20:27:10        VistaAux started /remwsc
30.11.2014        20:27:10        UninstallAVASFirewall VistAux preVista 0 firewall 0
30.11.2014        20:29:00        Maj 6 Min 1 GetVersionEx 6.1 Stored 5.0
30.11.2014        20:29:00        [00000D8C] RegisterAVASFirewall preVista 0 pszProductName avast! Antivirus pszProductExe C:\Program Files\AVAST Software\Avast\VisthAux.exe firewall 0
30.11.2014        20:29:00        [00000D8C] WaitForWscService( 599 ) -> true, SCM OK wsc OK err 0
30.11.2014        20:29:00        [00000D8C] Register AV OK
30.11.2014        20:29:00        [00000D8C] WaitForWscService( 599 ) -> true, SCM OK wsc OK err 0
30.11.2014        20:29:00        [00000D8C] Register AS OK
30.11.2014        20:29:00        [00000D8C] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
30.11.2014        20:29:00        [00000D8C] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
30.11.2014        20:29:00        [00000D8C] UpdateStatus AV OK status 0 sign 1
30.11.2014        20:29:00        [00000D8C] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
30.11.2014        20:29:00        [00000D8C] UpdateStatus AS OK status 0 sign 1
01.12.2014        10:56:44        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
01.12.2014        10:56:44        [000007D0] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
01.12.2014        10:56:50        [000007D0] WaitForWscService( 839 ) -> true, SCM OK wsc OK err 0
01.12.2014        10:56:50        [000007D0] UpdateStatus AV OK status 0 sign 1
01.12.2014        10:56:50        [000007D0] WaitForWscService( 839 ) -> true, SCM OK wsc OK err 0
01.12.2014        10:56:50        [000007D0] UpdateStatus AS OK status 0 sign 1
01.12.2014        10:56:52        The virus definitions have been automatically updated to version 141201-0.
01.12.2014        10:56:56        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
01.12.2014        10:56:56        [0000135C] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
01.12.2014        10:56:56        [0000135C] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
01.12.2014        10:56:56        [0000135C] UpdateStatus AV OK status 0 sign 1
01.12.2014        10:56:56        [0000135C] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
01.12.2014        10:56:56        [0000135C] UpdateStatus AS OK status 0 sign 1
02.12.2014        11:04:23        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
02.12.2014        11:04:23        [00000484] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
02.12.2014        11:04:26        [00000484] WaitForWscService( 839 ) -> true, SCM OK wsc OK err 0
02.12.2014        11:04:26        [00000484] UpdateStatus AV OK status 0 sign 1
02.12.2014        11:04:26        [00000484] WaitForWscService( 839 ) -> true, SCM OK wsc OK err 0
02.12.2014        11:04:26        [00000484] UpdateStatus AS OK status 0 sign 1
02.12.2014        11:04:42        The virus definitions have been automatically updated to version 141202-0.
02.12.2014        11:04:45        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
02.12.2014        11:04:45        [00000A04] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
02.12.2014        11:04:45        [00000A04] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
02.12.2014        11:04:45        [00000A04] UpdateStatus AV OK status 0 sign 1
02.12.2014        11:04:45        [00000A04] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
02.12.2014        11:04:45        [00000A04] UpdateStatus AS OK status 0 sign 1
02.12.2014        19:05:36        The virus definitions have been automatically updated to version 141202-1.
02.12.2014        19:05:40        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
02.12.2014        19:05:40        [00001398] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
02.12.2014        19:05:40        [00001398] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
02.12.2014        19:05:40        [00001398] UpdateStatus AV OK status 0 sign 1
02.12.2014        19:05:40        [00001398] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
02.12.2014        19:05:40        [00001398] UpdateStatus AS OK status 0 sign 1
03.12.2014        13:13:14        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
03.12.2014        13:13:14        [000007C0] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
03.12.2014        13:13:18        [000007C0] WaitForWscService( 839 ) -> true, SCM OK wsc OK err 0
03.12.2014        13:13:18        [000007C0] UpdateStatus AV OK status 0 sign 1
03.12.2014        13:13:18        [000007C0] WaitForWscService( 839 ) -> true, SCM OK wsc OK err 0
03.12.2014        13:13:18        [000007C0] UpdateStatus AS OK status 0 sign 1
03.12.2014        13:13:23        The virus definitions have been automatically updated to version 141203-0.
03.12.2014        13:13:27        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
03.12.2014        13:13:27        [0000089C] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
03.12.2014        13:13:27        [0000089C] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
03.12.2014        13:13:27        [0000089C] UpdateStatus AV OK status 0 sign 1
03.12.2014        13:13:27        [0000089C] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
03.12.2014        13:13:27        [0000089C] UpdateStatus AS OK status 0 sign 1
03.12.2014        21:14:07        The virus definitions have been automatically updated to version 141203-1.
03.12.2014        21:14:11        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
03.12.2014        21:14:11        [0000154C] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
03.12.2014        21:14:11        [0000154C] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
03.12.2014        21:14:11        [0000154C] UpdateStatus AV OK status 0 sign 1
03.12.2014        21:14:11        [0000154C] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
03.12.2014        21:14:11        [0000154C] UpdateStatus AS OK status 0 sign 1
04.12.2014        13:02:27        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
04.12.2014        13:02:27        [000007CC] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
04.12.2014        13:02:34        [000007CC] WaitForWscService( 839 ) -> true, SCM OK wsc OK err 0
04.12.2014        13:02:34        [000007CC] UpdateStatus AV OK status 0 sign 1
04.12.2014        13:02:34        [000007CC] WaitForWscService( 839 ) -> true, SCM OK wsc OK err 0
04.12.2014        13:02:34        [000007CC] UpdateStatus AS OK status 0 sign 1
04.12.2014        13:02:36        The virus definitions have been automatically updated to version 141204-0.
04.12.2014        13:02:40        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
04.12.2014        13:02:40        [00000F18] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
04.12.2014        13:02:40        [00000F18] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
04.12.2014        13:02:40        [00000F18] UpdateStatus AV OK status 0 sign 1
04.12.2014        13:02:40        [00000F18] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
04.12.2014        13:02:40        [00000F18] UpdateStatus AS OK status 0 sign 1
04.12.2014        21:03:45        The virus definitions have been automatically updated to version 141204-1.
04.12.2014        21:03:49        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
04.12.2014        21:03:49        [00000A70] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
04.12.2014        21:03:49        [00000A70] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
04.12.2014        21:03:49        [00000A70] UpdateStatus AV OK status 0 sign 1
04.12.2014        21:03:49        [00000A70] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
04.12.2014        21:03:49        [00000A70] UpdateStatus AS OK status 0 sign 1
05.12.2014        11:59:57        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
05.12.2014        11:59:57        [000007E0] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
05.12.2014        12:00:04        [000007E0] WaitForWscService( 839 ) -> true, SCM OK wsc OK err 0
05.12.2014        12:00:04        [000007E0] UpdateStatus AV OK status 0 sign 1
05.12.2014        12:00:04        [000007E0] WaitForWscService( 839 ) -> true, SCM OK wsc OK err 0
05.12.2014        12:00:04        [000007E0] UpdateStatus AS OK status 0 sign 1
05.12.2014        16:03:54        The virus definitions have been automatically updated to version 141205-1.
05.12.2014        16:03:57        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
05.12.2014        16:03:57        [00001574] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
05.12.2014        16:03:57        [00001574] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
05.12.2014        16:03:57        [00001574] UpdateStatus AV OK status 0 sign 1
05.12.2014        16:03:57        [00001574] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
05.12.2014        16:03:57        [00001574] UpdateStatus AS OK status 0 sign 1
06.12.2014        00:04:32        The virus definitions have been automatically updated to version 141205-2.
06.12.2014        00:04:37        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
06.12.2014        00:04:37        [00001808] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
06.12.2014        00:04:37        [00001808] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
06.12.2014        00:04:37        [00001808] UpdateStatus AV OK status 0 sign 1
06.12.2014        00:04:37        [00001808] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
06.12.2014        00:04:37        [00001808] UpdateStatus AS OK status 0 sign 1
06.12.2014        14:16:08        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
06.12.2014        14:16:08        [000007D8] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
06.12.2014        14:16:14        [000007D8] WaitForWscService( 839 ) -> true, SCM OK wsc OK err 0
06.12.2014        14:16:14        [000007D8] UpdateStatus AV OK status 0 sign 1
06.12.2014        14:16:14        [000007D8] WaitForWscService( 839 ) -> true, SCM OK wsc OK err 0
06.12.2014        14:16:14        [000007D8] UpdateStatus AS OK status 0 sign 1
06.12.2014        14:16:18        The virus definitions have been automatically updated to version 141206-0.
06.12.2014        14:16:21        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
06.12.2014        14:16:21        [00000A14] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
06.12.2014        14:16:21        [00000A14] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
06.12.2014        14:16:21        [00000A14] UpdateStatus AV OK status 0 sign 1
06.12.2014        14:16:21        [00000A14] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
06.12.2014        14:16:21        [00000A14] UpdateStatus AS OK status 0 sign 1
06.12.2014        22:19:53        The virus definitions have been automatically updated to version 141206-1.
06.12.2014        22:19:57        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
06.12.2014        22:19:57        [00001678] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
06.12.2014        22:19:57        [00001678] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
06.12.2014        22:19:57        [00001678] UpdateStatus AV OK status 0 sign 1
06.12.2014        22:19:57        [00001678] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
06.12.2014        22:19:57        [00001678] UpdateStatus AS OK status 0 sign 1
07.12.2014        12:09:29        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
07.12.2014        12:09:29        [000007A4] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
07.12.2014        12:09:35        [000007A4] WaitForWscService( 839 ) -> true, SCM OK wsc OK err 0
07.12.2014        12:09:35        [000007A4] UpdateStatus AV OK status 0 sign 1
07.12.2014        12:09:35        [000007A4] WaitForWscService( 839 ) -> true, SCM OK wsc OK err 0
07.12.2014        12:09:35        [000007A4] UpdateStatus AS OK status 0 sign 1
07.12.2014        12:09:39        The virus definitions have been automatically updated to version 141207-0.
07.12.2014        12:09:43        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
07.12.2014        12:09:43        [00000E9C] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
07.12.2014        12:09:43        [00000E9C] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
07.12.2014        12:09:43        [00000E9C] UpdateStatus AV OK status 0 sign 1
07.12.2014        12:09:43        [00000E9C] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
07.12.2014        12:09:43        [00000E9C] UpdateStatus AS OK status 0 sign 1
07.12.2014        14:00:52        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
07.12.2014        14:00:52        [00000AEC] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
07.12.2014        14:00:52        [00000AEC] WaitForWscService( 839 ) -> true, SCM OK wsc OK err 0
07.12.2014        14:00:52        [00000AEC] UpdateStatus AV OK status 0 sign 1
07.12.2014        14:00:52        [00000AEC] WaitForWscService( 839 ) -> true, SCM OK wsc OK err 0
07.12.2014        14:00:52        [00000AEC] UpdateStatus AS OK status 0 sign 1
07.12.2014        18:04:26        The virus definitions have been automatically updated to version 141207-1.
07.12.2014        18:04:31        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
07.12.2014        18:04:31        [00000690] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
07.12.2014        18:04:31        [00000690] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
07.12.2014        18:04:31        [00000690] UpdateStatus AV OK status 0 sign 1
07.12.2014        18:04:31        [00000690] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
07.12.2014        18:04:31        [00000690] UpdateStatus AS OK status 0 sign 1
07.12.2014        22:04:55        The virus definitions have been automatically updated to version 141207-2.
07.12.2014        22:04:59        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
07.12.2014        22:04:59        [00001A80] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
07.12.2014        22:04:59        [00001A80] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
07.12.2014        22:04:59        [00001A80] UpdateStatus AV OK status 0 sign 1
07.12.2014        22:04:59        [00001A80] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
07.12.2014        22:04:59        [00001A80] UpdateStatus AS OK status 0 sign 1
08.12.2014        11:10:41        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
08.12.2014        11:10:41        [000007C0] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
08.12.2014        11:10:47        [000007C0] WaitForWscService( 839 ) -> true, SCM OK wsc OK err 0
08.12.2014        11:10:47        [000007C0] UpdateStatus AV OK status 0 sign 1
08.12.2014        11:10:47        [000007C0] WaitForWscService( 839 ) -> true, SCM OK wsc OK err 0
08.12.2014        11:10:47        [000007C0] UpdateStatus AS OK status 0 sign 1
08.12.2014        11:10:50        The virus definitions have been automatically updated to version 141208-0.
08.12.2014        11:10:54        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
08.12.2014        11:10:54        [00000D54] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
08.12.2014        11:10:54        [00000D54] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
08.12.2014        11:10:54        [00000D54] UpdateStatus AV OK status 0 sign 1
08.12.2014        11:10:54        [00000D54] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
08.12.2014        11:10:54        [00000D54] UpdateStatus AS OK status 0 sign 1
08.12.2014        13:12:57        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
08.12.2014        13:12:57        [000006D8] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 0
08.12.2014        13:12:57        [000006D8] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
08.12.2014        13:12:57        [000006D8] UpdateStatus AV OK status 1 sign 1
08.12.2014        13:12:57        [000006D8] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
08.12.2014        13:12:57        [000006D8] UpdateStatus AS OK status 1 sign 1
08.12.2014        13:26:58        VistaAux started /enable /av
08.12.2014        13:26:58        VistaAux Trying to start avast service
08.12.2014        13:26:58        VistaAux starting providers
08.12.2014        13:27:12        Maj 6 Min 1 GetVersionEx 6.1 Stored 6.1
08.12.2014        13:27:12        [00000CDC] WriteAVASFirewallStat SignUpToDate 1 preVis0 IsWin80 ExpPrg 0 Fw 0 Fs 1
08.12.2014        13:27:12        [00000CDC] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
08.12.2014        13:27:12        [00000CDC] UpdateStatus AV OK status 0 sign 1
08.12.2014        13:27:12        [00000CDC] WaitForWscService( 840 ) -> true, SCM OK wsc OK err 0
08.12.2014        13:27:12        [00000CDC] UpdateStatus AS OK status 0 sign 1
08.12.2014        13:27:26        AAVM - initialization error: AvResRun failed, ahresws2.dll.
08.12.2014        13:27:39        AAVM - initialization error: AvResRun failed, ahresws2.dll.
08.12.2014        13:28:10        AAVM - initialization error: AvResRun failed, ahresws2.dll.
08.12.2014        13:35:26        AAVM - initialization error: AvResRun failed, ahresws2.dll.
Ok habe noch einen Echtzeit logfile gefunden
Code:
*

06.12.2014 14:16:30        C:\ProgramData\374311380\BITAC20.tmp [L] Win32:Malware-gen (0)
Datei erfolgreich gelöscht...
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Sonntag, 7. Dezember 2014 12:09:29
*


*
* Schutz beendet: Sonntag, 7. Dezember 2014 12:31:46
* Laufzeit war 22 Minute(n), 22 Sekunde(n)
*

*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Sonntag, 7. Dezember 2014 14:00:51
*

07.12.2014 14:01:04        C:\ProgramData\374311380\BITAC20.tmp [L] Win32:Malware-gen (0)
Datei erfolgreich gelöscht...

*
* Schutz beendet: Montag, 8. Dezember 2014 01:45:06
* Laufzeit war 11 Stunde(n), 44 Minute(n), 44 Sekunde(n)
*

*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Montag, 8. Dezember 2014 11:10:41
*

08.12.2014 11:11:00        C:\ProgramData\374311380\BITAC20.tmp [L] Win32:Malware-gen (0)
Datei erfolgreich gelöscht...

*
* Schutz beendet: Montag, 8. Dezember 2014 13:12:43
* Laufzeit war 2 Stunde(n), 2 Minute(n), 2 Sekunde(n)
*

*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Montag, 8. Dezember 2014 13:26:58
*

08.12.2014 13:28:16        C:\ProgramData\374311380\BITAC20.tmp [L] Win32:Adware-CAW [Adw] (0)
Datei erfolgreich gelöscht...
In der "Webshield.txt" den anderen Virus
Code:
04.12.2014 13:02:46        hxxp://lovered.info/distrib/1.80.1926/sp.dll.x86_64/used/sp32_64_10000058991358062590.dll [L] Win32:BProtect-J [Trj] (0)

*
* Schutz beendet: Freitag, 5. Dezember 2014 02:35:57
* Laufzeit war 13 Stunde(n), 33 Minute(n), 33 Sekunde(n)
*

*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Freitag, 5. Dezember 2014 11:59:57
*

05.12.2014 12:00:27        hxxp://lovered.info/distrib/1.80.1926/sp.dll.x86_64/used/sp32_64_10000058991358062590.dll [L] Win32:BProtect-J [Trj] (0)
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Samstag, 6. Dezember 2014 14:16:08
*

06.12.2014 14:16:30        hxxp://lovered.info/distrib/1.80.1926/sp.dll.x86_64/used/sp32_64_10000058991358062590.dll [L] Win32:BProtect-J [Trj] (0)
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Sonntag, 7. Dezember 2014 12:09:29
*


*
* Schutz beendet: Sonntag, 7. Dezember 2014 12:31:46
* Laufzeit war 22 Minute(n), 22 Sekunde(n)
*

*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Sonntag, 7. Dezember 2014 14:00:51
*

07.12.2014 14:01:04        hxxp://lovered.info/distrib/1.80.1926/sp.dll.x86_64/used/sp32_64_10000058991358062590.dll [L] Win32:BProtect-J [Trj] (0)

*
* Schutz beendet: Montag, 8. Dezember 2014 01:45:06
* Laufzeit war 11 Stunde(n), 44 Minute(n), 44 Sekunde(n)
*

*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Montag, 8. Dezember 2014 11:10:41
*

08.12.2014 11:11:00        hxxp://lovered.info/distrib/1.80.1926/sp.dll.x86_64/used/sp32_64_10000058991358062590.dll [L] Win32:BProtect-J [Trj] (0)

*
* Schutz beendet: Montag, 8. Dezember 2014 13:13:26
* Laufzeit war 2 Stunde(n), 2 Minute(n), 2 Sekunde(n)
*

*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Montag, 8. Dezember 2014 13:27:16
*

cosinus 08.12.2014 14:19
Und wo steht da jetzt, dass svchost.exe ein Virus sei? :wtf:

Dir ist bekannt, dass svchost.exe eine essentielle Systemdatei von Windows ist?

Arsonil 08.12.2014 14:42
ja klar :)
aber wenn die avast meldung aufploppt steht dort das die datei svchost.exe malware sei und dementsprechend blockiert wird
ich mein das es gut möglich ist dass sich der virus dort eingenistet hat oder nicht?

cosinus 08.12.2014 14:57
Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Arsonil 08.12.2014 16:47
Code:
# AdwCleaner v4.104 - Bericht erstellt am 08/12/2014 um 16:37:04
# Aktualisiert 05/12/2014 von Xplode
# Database : 2014-12-08.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Marvin - MARVIN-PC
# Gestartet von : C:\Users\Marvin\Downloads\AdwCleaner_4.104.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\SoftCoup
Ordner Gelöscht : C:\ProgramData\fbdfb7630317a78c
Ordner Gelöscht : C:\Users\Marvin\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Marvin\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Marvin\AppData\Roaming\YourFileDownloader
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\t06r99nt.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\t06r99nt.default\searchplugins\conduit-search.xml
Datei Gelöscht : C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\t06r99nt.default\user.js

***** [ Tasks ] *****

Task Gelöscht : Digital Sites
Task Gelöscht : FoxTab
Task Gelöscht : MySearchDial
Task Gelöscht : YourFile DownloaderUpdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Conduit_Search_Protect
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\mysearchdial.com
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\YourFileDownloader
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - Safe\FastAndSafe_x64.dll

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17420

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v34.0 (x86 de)

[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ALvYo0OIQCk5.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sum[...]
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.AL", 2);
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "dvd_14_13_ff");
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuzyyE0D0EzztD0B0E0DzytB0CyEtByC0EtN0D0Tzu0SzztCzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0F0Bzz0F0F0BtBtG0BzztBt[...]
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.cntry", "DE");
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "587025112");
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", false);
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "FF88CCE09C622C2347A71A891424C89A");
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", false);
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dvd_14_13_ff&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0B0E0DzytB0CyEtByC0EtN0D0Tzu0SzztCzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEt[...]
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.id", "94DE80BED92C426E");
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16158");
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "140305_b");
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.lastB", "google.de");
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.013:5:14");
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dvd_14_13_ff&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0B0E0DzytB0CyEtByC0EtN0D0Tzu0SzztCzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCy[...]
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"94\",\"lastVrsn\":\"94\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.sg", "none");
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dvd_14_13_ff&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0B0E0DzytB0CyEtByC0EtN0D0Tzu0SzztCzytN1L2XzutBtFtCzztFtBtFtDtN1L1Czut[...]
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
[t06r99nt.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.013:5:14");

-\\ Google Chrome v35.0.1916.153

[C:\Users\Marvin\AppData\Local\Chromium\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}

-\\ Chromium v

[C:\Users\Marvin\AppData\Local\Chromium\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [10386 octets] - [08/12/2014 16:35:39]
AdwCleaner[S0].txt - [10034 octets] - [08/12/2014 16:37:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10095 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x64
Ran by Marvin on 08.12.2014 at 16:40:14,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Marvin\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Marvin\AppData\Roaming\mozilla\firefox\profiles\t06r99nt.default\minidumps [105 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.12.2014 at 16:44:27,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 02
Ran by Marvin (administrator) on MARVIN-PC on 08-12-2014 16:45:29
Running from C:\Users\Marvin\Downloads
Loaded Profile: Marvin (Available profiles: Marvin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Geek Software GmbH) E:\Programme\PDF24\pdf24.exe
() E:\Programme\Kudos RS\Gaming Mouse.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-30] (AVAST Software)
HKLM-x32\...\Run: [PDFPrint] => E:\Programme\PDF24\pdf24.exe [191016 2014-05-14] (Geek Software GmbH)
HKLM-x32\...\Run: [SPEEDLINK KUDOS] => E:\Programme\Kudos RS\Gaming Mouse.exe [1470464 2012-02-07] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-12-01] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-605976145-798981982-18162885-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-605976145-798981982-18162885-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Marvin\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-605976145-798981982-18162885-1000\...\Run: [EPSON SX420W Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-605976145-798981982-18162885-1000\...\MountPoints2: {05d3cf39-b73a-11e3-9cf3-94de80bed92c} - G:\Startme.exe
HKU\S-1-5-21-605976145-798981982-18162885-1000\...\MountPoints2: {9091c385-14b7-11e4-b4c3-94de80bed92c} - F:\AUTOSTARTER.EXE
HKU\S-1-5-21-605976145-798981982-18162885-1000\...\MountPoints2: {e8d11947-8f9a-11e3-b70b-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-605976145-798981982-18162885-1000\...\MountPoints2: {f193f14b-a38c-11e3-9cc9-94de80bed92c} - F:\autorun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs:  C:\ProgramData\Fast And => C:\ProgramData\Fast And File Not Found
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs-x32:  c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-605976145-798981982-18162885-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-605976145-798981982-18162885-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x435D160A7623CF01
HKU\S-1-5-21-605976145-798981982-18162885-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: SoFtCoup -> {29AEA0ED-7C22-E6D8-21DB-42958C6E3868} -> C:\ProgramData\SoFtCoup\okT_lYjl8.x64.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\t06r99nt.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: ProxTube - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\t06r99nt.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-07-28]
FF Extension: Adblock Plus - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\t06r99nt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-07]
FF Extension: Tab Mix Plus - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\t06r99nt.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-02-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-09]
FF HKU\S-1-5-21-605976145-798981982-18162885-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-09]
CHR Extension: (Scrollbar Anywhere) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\namcaplenodjnggbfkbopdbfngponici [2014-06-30]
CHR Extension: (Google Wallet) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-30] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-30] (Avast Software)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-10-07] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-11-14] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-09-03] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
S3 TunngleService; E:\Programme\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-30] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-04-16] () [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-26] (Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2014-04-16] () [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21584 2013-05-06] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-30] (Avast Software)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 hxsyol; \??\E:\Programme\Aura Kingdom\AuraKingdom\avital\hxsy64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 16:44 - 2014-12-08 16:44 - 00000960 _____ () C:\Users\Marvin\Desktop\JRT.txt
2014-12-08 16:40 - 2014-12-08 16:40 - 00000197 _____ () C:\Windows\system32\2014-12-08-15-40-29.011-AvastVBoxSVC.exe-2872.log
2014-12-08 16:40 - 2014-12-08 16:40 - 00000000 ____D () C:\Windows\ERUNT
2014-12-08 16:39 - 2014-12-08 16:39 - 01707646 _____ (Thisisu) C:\Users\Marvin\Desktop\JRT.exe
2014-12-08 16:35 - 2014-12-08 16:37 - 00000000 ____D () C:\AdwCleaner
2014-12-08 16:35 - 2014-12-08 16:35 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-08 15:24 - 2014-12-08 15:24 - 02153472 _____ () C:\Users\Marvin\Downloads\AdwCleaner_4.104.exe
2014-12-08 13:43 - 2014-12-08 13:43 - 00000000 _____ () C:\Users\Marvin\Sti_Trace.log
2014-12-08 13:26 - 2014-12-08 13:26 - 00004848 _____ () C:\Users\Marvin\Desktop\Gmer.txt
2014-12-08 13:11 - 2014-12-08 13:11 - 00036597 _____ () C:\Users\Marvin\Downloads\Addition.txt
2014-12-08 13:10 - 2014-12-08 16:45 - 00017174 _____ () C:\Users\Marvin\Downloads\FRST.txt
2014-12-08 13:10 - 2014-12-08 16:45 - 00000000 ____D () C:\FRST
2014-12-08 13:09 - 2014-12-08 13:09 - 00000474 _____ () C:\Users\Marvin\Downloads\defogger_disable.log
2014-12-08 13:09 - 2014-12-08 13:09 - 00000168 _____ () C:\Users\Marvin\defogger_reenable
2014-12-08 13:04 - 2014-12-08 13:04 - 00380416 _____ () C:\Users\Marvin\Downloads\Gmer-19357.exe
2014-12-08 13:03 - 2014-12-08 13:03 - 02119680 _____ (Farbar) C:\Users\Marvin\Downloads\FRST64.exe
2014-12-08 13:02 - 2014-12-08 13:02 - 00050477 _____ () C:\Users\Marvin\Downloads\Defogger.exe
2014-12-08 11:10 - 2014-12-08 11:11 - 00000197 _____ () C:\Windows\system32\2014-12-08-10-10-48.062-AvastVBoxSVC.exe-3264.log
2014-12-07 15:19 - 2014-12-07 15:19 - 00000000 ____D () C:\Users\Marvin\Desktop\Zeuhniskrams
2014-12-07 14:02 - 2014-12-07 14:03 - 00000197 _____ () C:\Windows\system32\2014-12-07-13-02-52.057-AvastVBoxSVC.exe-2556.log
2014-12-07 12:09 - 2014-12-07 12:10 - 00000197 _____ () C:\Windows\system32\2014-12-07-11-09-38.010-AvastVBoxSVC.exe-3148.log
2014-12-06 14:16 - 2014-12-06 14:16 - 00000197 _____ () C:\Windows\system32\2014-12-06-13-16-15.094-AvastVBoxSVC.exe-3252.log
2014-12-05 12:02 - 2014-12-05 12:02 - 00000197 _____ () C:\Windows\system32\2014-12-05-11-02-04.083-AvastVBoxSVC.exe-3112.log
2014-12-04 13:02 - 2014-12-04 13:03 - 00000197 _____ () C:\Windows\system32\2014-12-04-12-02-35.027-AvastVBoxSVC.exe-3148.log
2014-12-03 13:13 - 2014-12-03 13:13 - 00000197 _____ () C:\Windows\system32\2014-12-03-12-13-21.070-AvastVBoxSVC.exe-3204.log
2014-12-02 13:00 - 2014-11-12 21:46 - 00615624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-02 12:59 - 2014-11-13 01:20 - 31893136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 24557712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 14032984 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 13944952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 13213512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-02 12:59 - 2014-11-13 01:20 - 11397744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 11336432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 04292416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 04011208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 02874456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00964928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00923792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00900928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00871648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00500880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00418112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-12-02 12:59 - 2014-11-13 01:20 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-02 11:04 - 2014-12-02 11:05 - 00000197 _____ () C:\Windows\system32\2014-12-02-10-04-40.037-AvastVBoxSVC.exe-3176.log
2014-12-02 11:04 - 2014-12-02 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-02 11:04 - 2014-12-02 11:04 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-02 00:12 - 2014-12-02 00:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-01 10:56 - 2014-12-01 10:57 - 00000197 _____ () C:\Windows\system32\2014-12-01-09-56-51.022-AvastVBoxSVC.exe-3232.log
2014-11-30 20:33 - 2014-11-30 20:34 - 00000247 _____ () C:\Windows\system32\2014-11-30-19-33-59.061-aswFe.exe-5936.log
2014-11-30 20:32 - 2014-11-30 20:33 - 00000247 _____ () C:\Windows\system32\2014-11-30-19-32-02.003-aswFe.exe-6292.log
2014-11-30 20:31 - 2014-11-30 20:32 - 00000197 _____ () C:\Windows\system32\2014-11-30-19-31-59.032-AvastVBoxSVC.exe-2824.log
2014-11-30 20:31 - 2014-11-30 20:31 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-30 20:31 - 2014-11-30 20:31 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-30 20:27 - 2014-11-30 20:27 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-30 20:27 - 2014-11-30 20:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-30 20:21 - 2014-11-30 20:21 - 00297816 _____ () C:\Windows\Minidump\113014-47221-01.dmp
2014-11-30 20:20 - 2014-11-30 20:20 - 443793662 _____ () C:\Windows\MEMORY.DMP
2014-11-25 12:24 - 2014-11-25 12:24 - 00000000 __SHD () C:\Users\Marvin\AppData\Local\EmieBrowserModeList
2014-11-23 18:43 - 2014-11-23 18:43 - 00000000 ____D () C:\Users\Marvin\AppData\Local\PAYDAY
2014-11-23 17:18 - 2014-11-23 17:18 - 00000211 _____ () C:\Users\Marvin\Desktop\PAYDAY The Heist.url
2014-11-22 17:10 - 2014-11-23 18:42 - 00035102 _____ () C:\Windows\DirectX.log
2014-11-22 17:10 - 2014-11-22 17:10 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Risen
2014-11-21 22:25 - 2014-11-21 22:25 - 00000211 _____ () C:\Users\Marvin\Desktop\Risen.url
2014-11-20 17:35 - 2014-12-02 12:58 - 00001101 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-11-20 17:35 - 2014-12-02 12:58 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-11-20 17:35 - 2014-11-20 17:35 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Canneverbe Limited
2014-11-20 17:35 - 2014-11-20 17:35 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-11-20 17:23 - 2014-11-20 17:32 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\DeepBurner
2014-11-20 11:19 - 2014-12-08 16:38 - 00004527 _____ () C:\Windows\setupact.log
2014-11-20 11:19 - 2014-11-20 11:19 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-20 11:18 - 2014-12-08 16:37 - 00018668 _____ () C:\Windows\PFRO.log
2014-11-20 01:16 - 2014-12-07 21:29 - 00000000 ____D () C:\Users\Marvin\.ruslanka
2014-11-20 01:16 - 2014-11-20 01:16 - 00001893 _____ () C:\Users\Public\Desktop\Ruslanka.lnk
2014-11-20 01:16 - 2014-11-20 01:16 - 00001893 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ruslanka.lnk
2014-11-20 01:16 - 2014-11-20 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ruslanka
2014-11-20 01:16 - 2014-11-20 01:16 - 00000000 ____D () C:\Program Files (x86)\Ruslanka
2014-11-19 11:46 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 11:46 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 11:46 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 11:46 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-17 14:14 - 2014-11-17 14:14 - 00000620 _____ () C:\Users\Public\Desktop\Bernd Das Brot.lnk
2014-11-17 14:13 - 2014-11-17 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver
2014-11-16 19:14 - 2014-11-16 19:14 - 00000212 _____ () C:\Users\Marvin\Desktop\PAYDAY 2.url
2014-11-12 10:43 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 10:43 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 10:43 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 10:43 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 10:43 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 10:43 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 10:43 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 10:43 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 10:43 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 10:43 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 10:43 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 10:43 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 10:43 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 10:43 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 10:43 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 10:43 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 10:43 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 10:43 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 10:43 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 10:43 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 10:43 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 10:43 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 10:43 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 10:43 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 10:43 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 10:43 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 10:43 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 10:43 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 10:43 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 10:43 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 10:43 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 10:43 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 10:43 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 10:43 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 10:43 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 10:43 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 10:43 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 10:43 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 10:43 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 10:43 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 10:43 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 10:43 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 10:43 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 10:43 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 10:43 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 10:43 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 10:43 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 10:43 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 10:43 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 10:43 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 10:43 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 10:43 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 10:43 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 10:43 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 10:43 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 10:43 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 10:43 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 10:43 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 10:43 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 10:43 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 10:43 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 10:43 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 10:43 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 10:43 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 10:43 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 10:42 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 10:42 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 10:42 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 10:42 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 10:42 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 10:42 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 10:42 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 10:42 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 10:42 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 10:42 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 10:42 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 10:42 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 10:42 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 10:42 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 10:42 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 10:42 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 10:42 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 10:42 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 10:42 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 10:42 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 10:42 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 10:42 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 10:42 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 10:42 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 10:42 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 10:42 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 10:42 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 10:42 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 10:42 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 10:42 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 10:42 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 16:45 - 2011-04-12 08:43 - 00700454 _____ () C:\Windows\system32\perfh007.dat
2014-12-08 16:45 - 2011-04-12 08:43 - 00150092 _____ () C:\Windows\system32\perfc007.dat
2014-12-08 16:45 - 2009-07-14 06:13 - 01624034 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-08 16:45 - 2009-07-14 05:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-08 16:45 - 2009-07-14 05:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-08 16:40 - 2014-05-09 23:23 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-08 16:38 - 2014-05-09 23:23 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-08 16:38 - 2014-02-07 00:05 - 00000000 ____D () C:\Users\Marvin\AppData\Local\LogMeIn Hamachi
2014-12-08 16:38 - 2014-02-06 21:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-08 16:38 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-08 16:37 - 2014-02-06 20:04 - 01107205 _____ () C:\Windows\WindowsUpdate.log
2014-12-08 16:35 - 2014-02-06 21:11 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\TS3Client
2014-12-08 16:01 - 2014-02-06 23:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-08 13:43 - 2014-02-06 20:04 - 00000000 ____D () C:\Users\Marvin
2014-12-08 13:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-08 01:15 - 2014-02-09 14:54 - 00007620 _____ () C:\Users\Marvin\AppData\Local\Resmon.ResmonCfg
2014-12-07 15:21 - 2014-05-07 13:24 - 00000000 ____D () C:\Users\Marvin\Desktop\Random Stuff
2014-12-07 15:19 - 2014-10-19 12:21 - 00000000 ____D () C:\Users\Marvin\Desktop\Online Bewerbung Ausbildung Stadt Bochum-Dateien
2014-12-07 15:09 - 2014-08-19 22:59 - 00000000 ____D () C:\Users\Marvin\Documents\Electronic Arts
2014-12-07 15:09 - 2014-02-06 20:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-06 14:16 - 2014-02-07 16:46 - 00001846 _____ () C:\Windows\Sandboxie.ini
2014-12-03 13:13 - 2014-05-09 23:24 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-03 13:12 - 2014-02-06 23:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-02 13:01 - 2014-02-07 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-02 13:00 - 2014-02-06 21:04 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-30 20:27 - 2014-05-09 23:22 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-30 20:27 - 2014-05-09 23:22 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-30 20:27 - 2014-05-09 23:22 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-30 20:27 - 2014-05-09 23:22 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-30 20:27 - 2014-05-09 23:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-30 20:27 - 2014-05-09 23:22 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-30 20:27 - 2014-05-09 23:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-30 20:27 - 2014-05-09 23:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-30 20:21 - 2014-06-07 01:31 - 00000000 ____D () C:\Windows\Minidump
2014-11-26 17:01 - 2014-02-06 23:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 17:01 - 2014-02-06 23:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 17:01 - 2014-02-06 23:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-24 17:51 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-24 17:49 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-20 12:41 - 2014-05-18 12:28 - 00000000 ____D () C:\Users\Marvin\Desktop\Pokemon Omicron 1.4 (Win)
2014-11-19 11:52 - 2014-03-05 13:04 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\DAEMON Tools Lite
2014-11-17 22:48 - 2014-07-10 01:05 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\DarknessII
2014-11-17 16:33 - 2014-02-12 15:44 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Skyrim
2014-11-17 16:30 - 2014-02-12 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-11-17 11:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 14:55 - 2009-07-14 05:45 - 00293384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 01:20 - 2014-10-06 17:00 - 16884632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-13 01:20 - 2014-02-07 18:31 - 20986592 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-13 01:20 - 2014-02-07 18:31 - 18514616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-13 01:20 - 2014-02-06 21:04 - 00027094 _____ () C:\Windows\system32\nvinfo.pb
2014-11-13 01:20 - 2014-02-06 21:03 - 03262784 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-13 01:20 - 2014-02-06 21:03 - 00989056 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-11-13 01:20 - 2014-02-06 21:03 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-13 01:20 - 2014-02-06 21:03 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-13 00:16 - 2014-02-07 17:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 00:15 - 2014-02-07 17:18 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 22:56 - 2014-02-06 21:04 - 06897352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-12 22:56 - 2014-02-06 21:04 - 03534152 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-12 22:56 - 2014-02-06 21:04 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-12 22:56 - 2014-02-06 21:04 - 00934032 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-12 22:56 - 2014-02-06 21:04 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-12 22:56 - 2014-02-06 21:04 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-11 11:29 - 2014-02-06 21:04 - 04100776 _____ () C:\Windows\system32\nvcoproc.bin
2014-11-10 13:40 - 2014-07-01 22:17 - 00000449 _____ () C:\Users\Marvin\Documents\aionmemo_b6155377.dat

Some content of TEMP:
====================
C:\Users\Marvin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Marvin\AppData\Local\Temp\nvStInst.exe
C:\Users\Marvin\AppData\Local\Temp\Quarantine.exe
C:\Users\Marvin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-07 12:27

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 02
Ran by Marvin at 2014-12-08 16:47:16
Running from C:\Users\Marvin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
AION Free-To-Play (HKLM-x32\...\InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}) (Version: 2.70.0000 - Gameforge)
AION Free-To-Play (x32 Version: 2.70.0000 - Gameforge) Hidden
Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version:  - Trion Worlds, Inc.)
Assassin's Creed (HKLM-x32\...\Steam App 15100) (Version:  - Ubisoft Montreal)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Bernd Das Brot (HKLM-x32\...\{DE45597F-C985-496B-A7BB-CAACADDF625D}) (Version: 1.00 - Deep Silver)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
Druckerdeinstallation für EPSON SX420W Series (HKLM\...\EPSON SX420W Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Evolve (HKLM-x32\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Gothic (HKLM-x32\...\{BBF10B37-4ED3-11D5-A818-00500435FC18}) (Version:  - )
Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.0.0 - JoWooD Productions Software AG)
Gothic_Patch (HKLM-x32\...\{302AC480-43D2-11D5-A818-00500435FC18}) (Version:  - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3071 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.100 - Intel Corporation)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
KUDOS RS Gaming Mouse (HKLM-x32\...\SPEEDLINK KUDOS) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.279 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.279 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Might & Magic: Duel of Champions (HKLM-x32\...\Steam App 256410) (Version:  - Ubisoft Quebec)
Mozilla Firefox 34.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.49.8 - Black Tree Gaming)
NVIDIA 3D Vision Controller-Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
ON_OFF Charge 2 B13.0506.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0506.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Orcs Must Die! Unchained (HKLM-x32\...\{8EBA33AF-48E0-4207-A4EE-96029415AD76}_is1) (Version:  - Gameforge 4D GmbH)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PDF24 Creator 6.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Risen (HKLM-x32\...\Steam App 40300) (Version:  - Piranha – Bytes)
Risen 2 - Dark Waters (HKLM-x32\...\Steam App 40390) (Version:  - Piranha Bytes)
Ruslanka (HKLM-x32\...\4001-9763-4923-8008) (Version: 1.2 - nautavis GmbH)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
The Darkness II (HKLM-x32\...\Steam App 67370) (Version:  - Digital Extremes)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Guild II - Pirates of the European Seas (HKLM-x32\...\Steam App 39660) (Version:  - 4 Head Studios)
The Guild II (HKLM-x32\...\Steam App 39650) (Version:  - 4 Head Studios)
The Guild II: Renaissance (HKLM-x32\...\Steam App 39680) (Version:  - Rune Forge)
The Sims 4 Update 1.0.797.20 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
Thief (HKLM-x32\...\VGhpZWY=_is1) (Version: 1 - )
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Vindictus EU (HKLM-x32\...\Vindictus EU) (Version:  - )
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-605976145-798981982-18162885-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-605976145-798981982-18162885-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-605976145-798981982-18162885-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-605976145-798981982-18162885-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-605976145-798981982-18162885-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-605976145-798981982-18162885-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Restore Points  =========================

25-11-2014 11:20:09 Windows Update
28-11-2014 12:09:40 Windows Update
30-11-2014 19:25:42 avast! antivirus system restore point
02-12-2014 11:29:07 Windows Update
07-12-2014 14:09:45 Entfernt Die*Sims*Mittelalter

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {70660742-A3CD-4E13-B0F7-CFE39B9A4346} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {B5ECDC1C-BF72-4573-BEA8-9031FE48C4AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {EDA33E4C-20F8-41CE-B7AD-B3BC6D0B4EEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {F6F95AB6-DC57-4B5B-993D-498FBB604ADD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-30] (AVAST Software)
Task: {FCDE8C60-5688-4352-9776-41E5FF1EA5A1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-06 21:04 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-13 15:04 - 2014-09-03 12:27 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-11-30 20:27 - 2014-11-30 20:27 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-30 20:27 - 2014-11-30 20:27 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-02-06 20:53 - 2013-03-19 14:25 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-02-07 00:58 - 2012-02-07 00:58 - 01470464 _____ () E:\Programme\Kudos RS\Gaming Mouse.exe
2014-12-08 11:10 - 2014-12-08 11:10 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120800\algo.dll
2014-11-30 20:27 - 2014-11-30 20:27 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-11-30 20:27 - 2014-11-30 20:27 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-06 20:52 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-02 00:12 - 2014-12-02 00:12 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-605976145-798981982-18162885-500 - Administrator - Disabled)
Gast (S-1-5-21-605976145-798981982-18162885-501 - Limited - Disabled)
Marvin (S-1-5-21-605976145-798981982-18162885-1000 - Administrator - Enabled) => C:\Users\Marvin

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-12-08 16:38:25.922
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-08 16:38:25.862
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-08 16:38:25.265
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-08 16:38:25.203
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-08 11:10:43.504
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-08 11:10:43.454
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-08 11:10:42.203
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-08 11:10:42.140
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-07 14:00:51.028
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-07 14:00:50.966
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 24%
Total physical RAM: 8071 MB
Available physical RAM: 6106.63 MB
Total Pagefile: 16140.18 MB
Available Pagefile: 14066.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:19.81 GB) NTFS
Drive e: (DATA) (Fixed) (Total:465.76 GB) (Free:72.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 47DDC6EF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 08.12.2014 18:35
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
AppInit_DLLs:  C:\ProgramData\Fast And => C:\ProgramData\Fast And File Not Found
AppInit_DLLs-x32:  c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: SoFtCoup -> {29AEA0ED-7C22-E6D8-21DB-42958C6E3868} -> C:\ProgramData\SoFtCoup\okT_lYjl8.x64.dll No File
c:\progra~3\fastan~1
C:\ProgramData\SoFtCoup
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Arsonil 09.12.2014 00:36
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2014 02
Ran by Marvin at 2014-12-09 00:29:11 Run:1
Running from C:\Users\Marvin\Downloads
Loaded Profile: Marvin (Available profiles: Marvin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AppInit_DLLs:  C:\ProgramData\Fast And => C:\ProgramData\Fast And File Not Found
AppInit_DLLs-x32:  c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: SoFtCoup -> {29AEA0ED-7C22-E6D8-21DB-42958C6E3868} -> C:\ProgramData\SoFtCoup\okT_lYjl8.x64.dll No File
c:\progra~3\fastan~1
C:\ProgramData\SoFtCoup
EmptyTemp:
Hosts:
       
*****************

" C:\ProgramData\Fast And" => Value Data removed successfully.
" c:\progra~3\fastan~1\fastan~1.dll" => Value Data removed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29AEA0ED-7C22-E6D8-21DB-42958C6E3868}" => Key deleted successfully.
"HKCR\CLSID\{29AEA0ED-7C22-E6D8-21DB-42958C6E3868}" => Key deleted successfully.
"c:\progra~3\fastan~1" => File/Directory not found.
"C:\ProgramData\SoFtCoup" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 738.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
Falls ich mal fragen darf wo wir schon dabei sind :)
Kann es sein dass gewisse Viren oder ähnliches meine Internetverbindung zwischen Meinem PC und dem Router lahmlegen können?
Die Avast-Meldungen mit den beiden Viren sind im übrigen verschwunden :) (DANKE)

cosinus 09.12.2014 11:07
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Arsonil 09.12.2014 13:01
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 09.12.2014
Suchlauf-Zeit: 12:56:09
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.09.05
Rootkit Datenbank: v2014.12.08.03
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Marvin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 316441
Verstrichene Zeit: 3 Min, 46 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

cosinus 09.12.2014 13:03
Gut, fehlt noch ESET

Arsonil 09.12.2014 13:56
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=38dbe8b597a6a847b508836cadc66020
# engine=21470
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-09 12:54:58
# local_time=2014-12-09 01:54:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 91 754007 18455522 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 3519 169759548 0 0
# scanned=337811
# found=3
# cleaned=3
# scan_time=2851
sh=21FA935C037CDD4DA753895AA750262A3056B871 ft=1 fh=c71c001127f5a6d6 vn="Variante von Win64/Adware.MultiPlug.C Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\SoftCoup\okT_lYjl8.x64.dll.vir"
sh=476063885747EDD774A6B8CB2790703503A75A55 ft=1 fh=d7bb79193adaee2e vn="Win32/Systweak.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=BA39F8C9886EF4AABD72262B192DB8A177C7E206 ft=1 fh=078180abaf06d010 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:22 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131