Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Permanentes Ladezeichen an der Maus (https://www.trojaner-board.de/166099-permanentes-ladezeichen-maus.html)

Hesher999 14.04.2015 15:04
Permanentes Ladezeichen an der Maus
 
Guten Tag,

ich habe heute auch mit GTA V angefangen und wurde plötzlich immer auf den Desktop getabt. Wenn ich wieder reingegangen bin, wurde ich wieder rausgetabt. Das neustarten hat nicht geholfen und das Windows anmelden hat auch länger gedauert.

Dann habe ich permanent das Ladezeichen und auch hier bei dem Text schreiben, werde ich immer wieder rausgetabt.

Danke im Voraus

MfG

Vinz

schrauber 14.04.2015 15:31
Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Hesher999 14.04.2015 17:18
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by Hesher at 2015-04-14 16:04:19
Running from C:\Users\Hesher\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version:  - Kunos Simulazioni)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Avira System Speedup 1.6 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6 - 2000 - 2015 Avira Operations GmbH & Co. KG)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DiRT 2 (HKLM-x32\...\Steam App 12840) (Version:  - Codemasters Racing Studio)
DiRT 3 Complete Edition (HKLM-x32\...\Steam App 321040) (Version:  - Codemasters Racing Studio)
DiRT Showdown (HKLM-x32\...\Steam App 201700) (Version:  - Codemasters Racing Studio)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.6.0.0 - Electronic Arts)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Euro Truck Simulator 2 Multiplayer 0.1.5 R3 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.1.5 R3 Alpha - ETS2MP Team)
F1 2013 (HKLM-x32\...\Steam App 223670) (Version:  - Codemasters Birmingham)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Audio Dub version 1.7.9.908 (HKLM-x32\...\Free Audio Dub_is1) (Version: 1.7.9.908 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.56.301 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.56.301 - DVDVideoSoft Ltd.)
FreeRIP MP3 Converter 4.5.2 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.5.2 - GreenTree Applications SRL)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar)
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden
GRID 2 (HKLM-x32\...\Steam App 44350) (Version:  - Codemasters Racing)
GTR 2 - FIA GT Racing Game (HKLM-x32\...\Steam App 8790) (Version:  - SimBin Studios AB)
GTR Evolution (HKLM-x32\...\Steam App 8660) (Version:  - SimBin)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Landwirtschafts Simulator 2013 (HKLM-x32\...\FarmingSimulator2013DE_is1) (Version: 1.0 - GIANTS Software)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
MAGIX PC Check & Tuning Free 2011 (x32 Version: 6.0.403.1050 - MAGIX AG) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mouse Editor (HKLM-x32\...\InstallShield_{3A4218DE-B9DB-4AD5-9DB2-5853D3AA0335}) (Version: 12.08.0006 - Ihr Firmenname)
MOUSE Editor (x32 Version: 12.08.0006 - Ihr Firmenname) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MTA:SA v1.3.5 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.5 - Multi Theft Auto)
MTA:SA v1.4.0 (HKLM-x32\...\MTA:SA 1.4) (Version: v1.4.0 - Multi Theft Auto)
Need For Speed™ World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4643 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
RACE 07 (HKLM-x32\...\Steam App 8600) (Version:  - SimBin)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
rFactor (remove only) (HKLM-x32\...\rFactor) (Version:  - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.6 - Rockstar Games)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Sitecom WiFi USB adapter N300 Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0201 - Sitecom Europe BV)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Test Drive Unlimited 2 (HKLM-x32\...\Steam App 9930) (Version:  - Eden Studios)
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version:  - Ubisoft)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version:  - Ubisoft Singapore)
TrackMania Nations Forever (HKLM-x32\...\Steam App 11020) (Version:  - Nadeo)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version:  - Nadeo)
Unity Web Player (HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1373372224-1858701567-1832733131-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1373372224-1858701567-1832733131-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1373372224-1858701567-1832733131-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1373372224-1858701567-1832733131-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1373372224-1858701567-1832733131-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1373372224-1858701567-1832733131-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1373372224-1858701567-1832733131-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Restore Points  =========================

14-04-2015 13:42:42 Entfernt Rockstar Games Social Club
14-04-2015 14:44:43 Avira System Speedup 1.6

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {040BFAED-62CA-476A-872C-9001F6A55329} - System32\Tasks\{DCB06167-B428-425E-B4B6-4F173F4A0EB6} => pcalua.exe -a C:\Users\Hesher\Desktop\pbsetup.exe -d C:\Users\Hesher\Desktop
Task: {055AA15B-87D9-47EF-8A4B-39ACB7032318} - System32\Tasks\{F4F26837-0D96-4B59-BA83-22D16F0EE942} => pcalua.exe -a "C:\Users\Hesher\Downloads\wlsetup-all_16.4.3508.0205 (1).exe" -d C:\Users\Hesher\Downloads
Task: {0986207B-0ABC-4C50-A16F-FC097E769A77} - System32\Tasks\{7E05553A-F0A4-4C37-939A-8C9B3BA0E53F} => pcalua.exe -a "C:\Users\Hesher\Downloads\SpyHunter-Installer (3).exe" -d C:\Users\Hesher\Downloads
Task: {143ADEC8-83F0-4975-A25F-81E9FD6D7E5A} - System32\Tasks\{FB45AEB3-E318-421B-AD1D-2215CF435C84} => pcalua.exe -a C:\Users\Hesher\Downloads\colorcubesviz.exe -d C:\Users\Hesher\Downloads
Task: {269A3F2F-3414-434B-BC82-0824B790F0C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-04] (Google Inc.)
Task: {2777EAF0-28C8-43B0-9984-1D656FFB2FE3} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe <==== ATTENTION
Task: {289031BA-C81C-4C15-8A47-C4A4B404E142} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {292AE251-DE15-4798-996A-50A45348330E} - System32\Tasks\{1D1866D2-1ED4-4779-8561-31BDB86D4E54} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{28FA3609-B6E2-4BCA-B089-F5122AC417C5}\setup.exe" -c -runfromtemp -l0x0407  -removeonly
Task: {30687FA4-A23D-4864-8633-0E750C8B193C} - System32\Tasks\{61F1AD44-036D-4C82-8754-5F5A4FD71C6C} => Chrome.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsProgressBar
Task: {55164654-C6F9-402A-9F80-DBC293E4F845} - System32\Tasks\{CFD18FFB-2A64-4BD1-995A-DDB114423444} => pcalua.exe -a "C:\Users\Hesher\Downloads\The Sims 3 - Razor1911 Final MAXSPEED\Final Version Patch\Sims3_1.0.632.00002_from_1.0.631.00002.exe" -d "C:\Users\Hesher\Downloads\The Sims 3 - Razor1911 Final MAXSPEED\Final Version Patch"
Task: {5D9AE74D-2D91-467D-BE21-2AD06BB707AE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-05] (Adobe Systems Incorporated)
Task: {64E35778-2AF9-43E8-8AF3-E68FBB8C52A9} - System32\Tasks\{50708637-D2BD-4B63-8656-CDC21B58F3E1} => pcalua.exe -a C:\Users\Hesher\Downloads\wlsetup-web.exe -d C:\Users\Hesher\Downloads
Task: {76254C08-4954-4F28-A034-E3FF7625AB89} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {97E09C8F-AB55-42FF-8685-1D2DE32ADA2F} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2015-01-30] (Avira Operations GmbH & Co. KG)
Task: {A052FC73-E77B-40D8-92BF-434F8978148F} - System32\Tasks\Driver Booster SkipUAC (Hesher) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {AC4AE298-6E13-43E4-89F7-8D8A01EE9FE5} - \PCCT - MAGIX AG No Task File <==== ATTENTION
Task: {AD5F1203-E09F-4E28-81BD-F6FA4F4D1C5C} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe <==== ATTENTION
Task: {B62A69BF-C807-431E-AFDC-466715CE6843} - System32\Tasks\{E25D1AA7-6C06-42BF-A1F5-25A10FCE2761} => pcalua.exe -a C:\Users\Hesher\Downloads\PCC_2007_Setup.exe -d C:\Users\Hesher\Downloads
Task: {C2B8AD9C-95D7-4307-9A5A-273FC7A10F09} - System32\Tasks\{0EEB23AD-3AC8-4ED2-A12B-8C25981848AE} => pcalua.exe -a C:\Users\Hesher\Downloads\64bit_Win7_Win8_Win81_R273.exe -d C:\Users\Hesher\Downloads
Task: {E185FF3B-86C1-4930-9D19-69BE6D115DC3} - \SidebarExecute No Task File <==== ATTENTION
Task: {E8909B90-8E32-4CCF-A918-92141737F4A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-04] (Google Inc.)
Task: {F19BD01D-A91D-4C36-8DDF-F8BCA8D3E8EE} - System32\Tasks\nethost task => C:\Users\Hesher\AppData\Local\SystemDir\nethost.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-02-16 00:23 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-28 11:14 - 2014-02-28 11:14 - 00173568 _____ () C:\Users\Hesher\AppData\Local\TeamSpeak 3 Client\quazip.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 01080832 _____ () C:\Users\Hesher\AppData\Local\TeamSpeak 3 Client\platforms\qwindows.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00833024 _____ () C:\Users\Hesher\AppData\Local\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-02-28 15:07 - 2014-08-17 17:52 - 00102344 _____ () C:\Users\Hesher\AppData\Local\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-02-28 15:07 - 2014-08-17 17:52 - 00108488 _____ () C:\Users\Hesher\AppData\Local\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00030208 _____ () C:\Users\Hesher\AppData\Local\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00233984 _____ () C:\Users\Hesher\AppData\Local\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-02-28 15:10 - 2014-08-17 17:52 - 00563656 _____ () C:\Users\Hesher\AppData\Local\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-02-28 15:10 - 2014-08-17 17:52 - 00579016 _____ () C:\Users\Hesher\AppData\Local\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00159232 _____ () C:\Users\Hesher\AppData\Local\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2015-04-14 03:15 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-08-31 22:20 - 2012-11-06 09:47 - 00114688 _____ () C:\Program Files (x86)\Sitecom\WiFi USB adapter N300 Driver and Utility\EnumDevLib.dll
2015-04-04 17:41 - 2015-03-30 23:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-04 17:41 - 2015-03-30 23:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-04 17:41 - 2015-03-30 23:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2014-09-22 19:27 - 2014-09-22 19:27 - 00995840 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\836f5d7723793533276fce1bc21493e9\System.ComponentModel.Composition.ni.dll
2014-09-22 19:35 - 2014-09-22 19:35 - 00146944 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp7dda8007#\8124d4a4a318bba2608e9c0f68838b4b\System.ComponentModel.Composition.Registration.ni.dll
2014-09-22 19:27 - 2014-09-22 19:27 - 00190976 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Reflc3377498#\d4eb56f9cc4d9a04b96a1cacc5225e03\System.Reflection.Context.ni.dll
2014-09-22 19:27 - 2014-09-22 19:27 - 00762880 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ReactiveUI\415e34c4702a1fda4251fab74c91a5c2\ReactiveUI.ni.dll
2014-09-22 19:35 - 2014-09-22 19:35 - 00306176 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ReactiveUI.Xaml\1545d248029abb5643a4a210027a47c3\ReactiveUI.Xaml.ni.dll
2015-04-05 08:22 - 2015-04-05 08:22 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\ProgramData\TEMP:0888F409
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47
AlternateDataStreams: C:\ProgramData\TEMP:66633281
AlternateDataStreams: C:\Users\Hesher\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Hesher\Anwendungsdaten:NT2
AlternateDataStreams: C:\Users\Hesher\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Hesher\AppData\Roaming:NT2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hesher\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: AppMgmt => 3
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PeerDistSvc => 3
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\Services: Yontoo Desktop Updater => 2
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: IjadoGavhu => regsvr32.exe "
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: OscarEditor => "C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe" Minimum
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: RGSC => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
MSCONFIG\startupreg: Spotify => "C:\Users\Hesher\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Hesher\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Hesher\AppData\Roaming\Yontoo\YontooDesktop.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1373372224-1858701567-1832733131-500 - Administrator - Disabled)
Gast (S-1-5-21-1373372224-1858701567-1832733131-501 - Limited - Disabled)
Hesher (S-1-5-21-1373372224-1858701567-1832733131-1000 - Administrator - Enabled) => C:\Users\Hesher
HomeGroupUser$ (S-1-5-21-1373372224-1858701567-1832733131-1007 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2015 04:05:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0x1564
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3

Error: (04/14/2015 04:05:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 4.1.1944.2762, Zeitstempel: 0x5515f674
Name des fehlerhaften Moduls: nvstreamsvc.exe, Version: 4.1.1944.2762, Zeitstempel: 0x5515f674
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000687672
ID des fehlerhaften Prozesses: 0x5c8
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3

Error: (04/14/2015 04:05:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0xb4c
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3

Error: (04/14/2015 04:05:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 4.1.1944.2762, Zeitstempel: 0x5515f674
Name des fehlerhaften Moduls: nvstreamsvc.exe, Version: 4.1.1944.2762, Zeitstempel: 0x5515f674
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000687672
ID des fehlerhaften Prozesses: 0xef0
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3

Error: (04/14/2015 04:05:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0x544
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3

Error: (04/14/2015 04:05:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 4.1.1944.2762, Zeitstempel: 0x5515f674
Name des fehlerhaften Moduls: nvstreamsvc.exe, Version: 4.1.1944.2762, Zeitstempel: 0x5515f674
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000687672
ID des fehlerhaften Prozesses: 0xa94
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3

Error: (04/14/2015 04:05:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0x138
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3

Error: (04/14/2015 04:05:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 4.1.1944.2762, Zeitstempel: 0x5515f674
Name des fehlerhaften Moduls: nvstreamsvc.exe, Version: 4.1.1944.2762, Zeitstempel: 0x5515f674
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000687672
ID des fehlerhaften Prozesses: 0x1d8
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3

Error: (04/14/2015 04:04:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0x4ac
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3

Error: (04/14/2015 04:04:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 4.1.1944.2762, Zeitstempel: 0x5515f674
Name des fehlerhaften Moduls: nvstreamsvc.exe, Version: 4.1.1944.2762, Zeitstempel: 0x5515f674
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000687672
ID des fehlerhaften Prozesses: 0x714
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3


System errors:
=============
Error: (04/14/2015 03:00:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sppsvc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (04/14/2015 02:58:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst RealtekCU erreicht.

Error: (04/14/2015 02:57:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎14.‎04.‎2015 um 14:56:42 unerwartet heruntergefahren.

Error: (04/14/2015 02:55:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Kryptografiedienste" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (04/14/2015 02:55:55 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "CryptSvc" konnte sich nicht als "NT Authority\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1722

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/14/2015 02:55:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Kryptografiedienste" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (04/14/2015 02:55:55 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "CryptSvc" konnte sich nicht als "NT Authority\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1722

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/14/2015 02:55:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Kryptografiedienste" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (04/14/2015 02:55:55 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "CryptSvc" konnte sich nicht als "NT Authority\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1722

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/14/2015 02:55:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Kryptografiedienste" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069


Microsoft Office Sessions:
=========================
Error: (04/14/2015 04:05:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920fca001d076bc018f2557C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe3f4e36b6-e2af-11e4-8dbc-955e4d8da0b3

Error: (04/14/2015 04:05:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920f156401d076bc0108b54fC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe3ec618f7-e2af-11e4-8dbc-955e4d8da0b3

Error: (04/14/2015 04:05:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe4.1.1944.27625515f674nvstreamsvc.exe4.1.1944.27625515f674c000000500000000006876725c801d076bc0076fa7dC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe3ea0b61b-e2af-11e4-8dbc-955e4d8da0b3

Error: (04/14/2015 04:05:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920fb4c01d076bc007796bfC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe3e348536-e2af-11e4-8dbc-955e4d8da0b3

Error: (04/14/2015 04:05:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe4.1.1944.27625515f674nvstreamsvc.exe4.1.1944.27625515f674c00000050000000000687672ef001d076bbffdc8cfaC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe3e100cbd-e2af-11e4-8dbc-955e4d8da0b3

Error: (04/14/2015 04:05:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920f54401d076bbffdd775eC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe3d9adb06-e2af-11e4-8dbc-955e4d8da0b3

Error: (04/14/2015 04:05:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe4.1.1944.27625515f674nvstreamsvc.exe4.1.1944.27625515f674c00000050000000000687672a9401d076bbff19130eC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe3d3c3ee3-e2af-11e4-8dbc-955e4d8da0b3

Error: (04/14/2015 04:05:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920f13801d076bbff19af50C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe3cd51720-e2af-11e4-8dbc-955e4d8da0b3

Error: (04/14/2015 04:05:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe4.1.1944.27625515f674nvstreamsvc.exe4.1.1944.27625515f674c000000500000000006876721d801d076bbfe8a8c97C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe3cb2736f-e2af-11e4-8dbc-955e4d8da0b3

Error: (04/14/2015 04:04:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920f4ac01d076bbfe8b4feaC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe3c45cd57-e2af-11e4-8dbc-955e4d8da0b3


==================== Memory info ===========================

Processor: AMD FX(tm)-6100 Six-Core Processor
Percentage of memory in use: 38%
Total physical RAM: 8173.55 MB
Available physical RAM: 4985.93 MB
Total Pagefile: 16345.3 MB
Available Pagefile: 12689.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:872.82 GB) (Free:324.11 GB) NTFS
Drive z: (Volume) (Fixed) (Total:19.53 GB) (Free:10.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CF6FB97A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=872.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by Hesher (administrator) on HESHER-PC on 14-04-2015 16:02:51
Running from C:\Users\Hesher\Downloads
Loaded Profiles: Hesher (Available profiles: Hesher)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Sitecom\WiFi USB adapter N300 Driver and Utility\RtlService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Sitecom\WiFi USB adapter N300 Driver and Utility\RtWLan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
(TeamSpeak Systems GmbH) C:\Users\Hesher\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(NVIDIA Corporation) C:\Users\Hesher\AppData\Local\Temp\NVIDIA\DisplayDriver\GeForceGameReadyDriverforGrandTheftAutoV\setup.exe
(Spotify Ltd) C:\Users\Hesher\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Users\Hesher\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-13] ()
HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\...\MountPoints2: {86c6816e-7643-11e4-94f6-bdcd0be5f4cd} - E:\Startme.exe
HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\...\MountPoints2: {95c3c5fe-cbb1-11e3-88a8-eea9ffcd452b} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)
GroupPolicy-x32: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=blackbear7
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1373372224-1858701567-1832733131-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=blackbear7
SearchScopes: HKU\S-1-5-21-1373372224-1858701567-1832733131-1000 -> {3DC8958A-75B2-4A98-8D21-B39A53A4C477} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=crm&q={searchTerms}&locale=&apn_ptnrs=^6F&apn_dtid=^YYYYYY^YY^DE&apn_uid=034842b7-5aea-4b3d-9ea6-60741efc7ef4&apn_sauid=08C6DBDA-2ADC-4FB2-BCCD-7D4D4A40BAD9
SearchScopes: HKU\S-1-5-21-1373372224-1858701567-1832733131-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=blackbear7
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2014-08-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-08-28] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
Toolbar: HKLM-x32 - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -  No File
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.95.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{912B627C-19E2-44B6-B981-5B5ECC460940}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Hesher\AppData\Roaming\Mozilla\Firefox\Profiles\aFQpYlvG.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-05] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-08-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-08-28] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-05] ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-02-13] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1373372224-1858701567-1832733131-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hesher\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1373372224-1858701567-1832733131-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-02-13] (Pando Networks)
FF Extension: Avira Browser Safety - C:\Users\Hesher\AppData\Roaming\Mozilla\Firefox\Profiles\aFQpYlvG.default\Extensions\abs@avira.com [2014-09-08]

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3320691&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP59FEC16C-AB31-4576-8B9B-7FF00AF1EE96&SSPV=
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSearchKeyword: Default -> services.dasoertliche.de
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-04]
CHR Extension: (YouTube) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-04]
CHR Extension: (GeoGebra) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2014-10-01]
CHR Extension: (Battlefield Heroes) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2013-04-15]
CHR Extension: (Google Search) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-04]
CHR Extension: (FoxyProxy Standard) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2014-01-23]
CHR Extension: (Dark atmosphere) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfpikgkkfdoabncoileilaglepbpdhek [2014-10-26]
CHR Extension: (AdBlock) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-14]
CHR Extension: (Break The Wall) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhfgnobmdkblmbdahcnpajbjnfmknpn [2013-03-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Battlefield Play4Free) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh [2013-03-16]
CHR Extension: (Gmail) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-04]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bgomnbpelpcdicbnicimghcecemjpbef] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cegdomhocaeoedbdpfolmgjkjaijfomo] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kppacdmmddediahklmcgkgdhhoojemmd] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-31] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-03] ()
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-11-24] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-03-30] (Electronic Arts)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-01] ()
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-04-05] ()
R2 RealtekCU; C:\Program Files (x86)\Sitecom\WiFi USB adapter N300 Driver and Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 MAGIX StartUp Analyze Service; C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MXSAS.exe [X]
S2 sppsvc; %SystemRoot%\system32\sppsvc.exe [X]
S4 sppuinotify; %SystemRoot%\system32\sppuinotify.dll [X]
S4 Yontoo Desktop Updater; "C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "C:\Users\Hesher\AppData\Roaming\Yontoo\YontooDesktop.exe"

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 PorscheWheelFilterUsb; C:\Windows\System32\DRIVERS\PWFilterUsb.sys [58448 2010-12-15] (Windows (R) Codename Longhorn DDK provider)
S3 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [676864 2010-01-06] (Realtek Semiconductor Corporation                          ) [File not signed]
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1525904 2012-12-18] (Realtek Semiconductor Corporation                          )
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 androidusb; System32\Drivers\lgandadb.sys [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 cpuz132; \??\C:\Users\Hesher\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 16:02 - 2015-04-14 16:03 - 00020469 _____ () C:\Users\Hesher\Downloads\FRST.txt
2015-04-14 16:02 - 2015-04-14 16:02 - 00000000 ____D () C:\FRST
2015-04-14 16:01 - 2015-04-14 16:01 - 02096640 _____ (Farbar) C:\Users\Hesher\Downloads\FRST64.exe
2015-04-14 14:58 - 2015-04-14 15:29 - 00000000 ____D () C:\Users\Hesher\AppData\Local\PMB Files
2015-04-14 14:57 - 2015-04-14 15:46 - 00167235 _____ () C:\Windows\setupact.log
2015-04-14 14:57 - 2015-04-14 14:57 - 00000590 _____ () C:\Windows\PFRO.log
2015-04-14 14:57 - 2015-04-14 14:57 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-14 14:56 - 2015-04-14 14:56 - 00000533 _____ () C:\Users\Hesher\Documents\Uninstall STAR WARS The Old Republic.log
2015-04-14 14:46 - 2015-04-14 14:52 - 00000000 ____D () C:\Users\Hesher\AppData\Local\AviraSpeedup
2015-04-14 14:44 - 2015-04-14 14:44 - 00003320 _____ () C:\Windows\System32\Tasks\AviraSpeedup
2015-04-14 14:44 - 2015-04-14 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-04-14 14:40 - 2015-04-14 14:40 - 01190415 _____ () C:\Users\Hesher\Downloads\ProcessExplorer.zip
2015-04-14 13:52 - 2015-04-14 13:52 - 01203488 _____ () C:\Users\Hesher\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-04-14 02:39 - 2015-04-14 02:39 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-11 17:56 - 2015-04-11 17:56 - 00001199 _____ () C:\Users\Public\Desktop\Play Euro Truck Simulator 2 Multiplayer.lnk
2015-04-11 17:56 - 2015-04-11 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 Multiplayer
2015-04-11 17:55 - 2015-04-11 17:56 - 00000000 ____D () C:\Program Files (x86)\Euro Truck Simulator 2 Multiplayer
2015-04-08 20:04 - 2015-04-14 15:46 - 00000000 ____D () C:\Users\Hesher\AppData\Local\Spotify
2015-04-08 20:04 - 2015-04-08 20:04 - 00001805 _____ () C:\Users\Hesher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-08 20:03 - 2015-04-14 15:38 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\Spotify
2015-04-05 22:04 - 2015-04-05 22:05 - 00000000 ____D () C:\Users\Hesher\Documents\Battlefield 3
2015-04-05 22:03 - 2015-04-08 11:32 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-04-05 22:03 - 2015-04-05 22:09 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-04-04 23:22 - 2015-04-04 23:22 - 00003122 _____ () C:\Windows\System32\Tasks\{DCB06167-B428-425E-B4B6-4F173F4A0EB6}
2015-04-04 19:53 - 2015-04-04 19:53 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\Need for Speed World
2015-04-04 17:25 - 2015-04-04 17:25 - 00000000 ____D () C:\Users\Hesher\Documents\NFS Undercover
2015-03-31 18:57 - 2015-03-31 18:57 - 00000000 ____D () C:\Users\Hesher\AppData\Local\LogMeIn
2015-03-30 21:52 - 2015-04-10 22:34 - 00000000 ____D () C:\Users\Hesher\Documents\ManiaPlanet
2015-03-30 21:52 - 2015-04-10 22:34 - 00000000 ____D () C:\ProgramData\ManiaPlanet
2015-03-30 15:25 - 2015-03-30 15:25 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\Drivers\hamachi.sys
2015-03-28 21:28 - 2015-03-31 16:27 - 00000000 ____D () C:\Users\Hesher\Documents\TrackMania
2015-03-28 21:28 - 2015-03-28 22:15 - 00000000 ____D () C:\ProgramData\TrackMania
2015-03-25 21:14 - 2015-03-25 21:39 - 00000000 ____D () C:\Program Files (x86)\Wolfenstein - Enemy Territory
2015-03-24 21:15 - 2015-03-24 21:15 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\steam.transformice.com
2015-03-22 21:27 - 2015-03-22 21:27 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\system32CmdLineExt.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 15:57 - 2013-10-27 00:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-14 15:38 - 2013-02-04 20:55 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-14 15:16 - 2013-02-16 00:51 - 01972896 _____ () C:\Windows\WindowsUpdate.log
2015-04-14 15:01 - 2013-08-14 10:21 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\TS3Client
2015-04-14 14:58 - 2013-02-04 20:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-14 14:58 - 2013-02-04 19:23 - 00000000 ___RD () C:\Users\Hesher\Desktop\Programme
2015-04-14 14:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-14 14:57 - 2009-07-14 06:45 - 05045704 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-14 14:51 - 2015-01-21 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
2015-04-14 14:51 - 2014-07-26 21:44 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CreepTD
2015-04-14 14:51 - 2014-05-01 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
2015-04-14 14:51 - 2013-09-05 21:26 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-04-14 14:51 - 2013-09-05 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-04-14 14:51 - 2013-06-23 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rFactor
2015-04-14 14:51 - 2013-03-13 17:26 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IVMP
2015-04-14 14:51 - 2013-02-04 22:15 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-04-14 14:46 - 2013-02-17 18:46 - 00122288 _____ () C:\Users\Hesher\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-14 14:44 - 2014-09-08 16:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-14 14:34 - 2013-04-09 18:11 - 00007598 _____ () C:\Users\Hesher\AppData\Local\Resmon.ResmonCfg
2015-04-14 14:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-14 13:42 - 2013-04-01 23:45 - 00000000 ____D () C:\Users\Hesher\AppData\Local\Rockstar Games
2015-04-14 13:42 - 2013-02-26 21:15 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-14 13:42 - 2013-02-04 17:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-14 12:13 - 2013-02-17 17:18 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-14 02:39 - 2013-03-12 15:57 - 00000000 ____D () C:\Users\Hesher\Documents\Rockstar Games
2015-04-13 21:42 - 2014-07-05 10:03 - 00000000 ____D () C:\Users\Hesher\Documents\Euro Truck Simulator 2
2015-04-13 16:25 - 2013-02-04 19:20 - 00000000 ___RD () C:\Users\Hesher\Desktop\Schule
2015-04-12 19:56 - 2013-02-04 21:08 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\Skype
2015-04-12 14:47 - 2013-02-16 09:14 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-04-12 14:47 - 2013-02-16 09:14 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-04-12 14:47 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 16:40 - 2013-02-08 13:37 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\.minecraft
2015-04-09 13:36 - 2014-09-08 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-09 13:36 - 2013-10-07 21:49 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-09 11:41 - 2013-04-28 01:36 - 00000000 ____D () C:\ProgramData\Origin
2015-04-08 14:55 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-08 14:45 - 2013-09-29 16:56 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-04-08 13:47 - 2014-12-08 14:35 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\concept design
2015-04-08 11:32 - 2013-03-16 20:16 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-04-08 11:32 - 2013-03-16 20:11 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-04-06 12:59 - 2014-10-29 17:52 - 00300544 ___SH () C:\Users\Hesher\Desktop\Thumbs.db
2015-04-05 17:55 - 2013-02-16 00:25 - 00000000 ____D () C:\Users\Hesher
2015-04-05 08:22 - 2014-10-22 08:55 - 00000000 ____D () C:\Users\Hesher\AppData\Local\Adobe
2015-04-05 08:22 - 2013-10-27 00:49 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-05 08:22 - 2013-10-27 00:49 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-05 08:22 - 2013-10-27 00:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-04 17:57 - 2013-05-27 22:42 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-04-04 17:57 - 2013-05-13 17:24 - 00000000 ____D () C:\Users\Hesher\AppData\Local\Electronic_Arts_Inc
2015-04-04 17:24 - 2013-03-16 20:15 - 00000000 ____D () C:\Users\Hesher\AppData\Local\PunkBuster
2015-03-31 15:44 - 2014-09-08 16:15 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\Avira
2015-03-31 15:43 - 2014-09-08 16:01 - 00000000 ____D () C:\ProgramData\Avira
2015-03-30 20:31 - 2013-09-29 16:52 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-28 22:20 - 2015-02-10 09:18 - 00000000 ____D () C:\Users\Hesher\AppData\Local\VirtualStore
2015-03-28 05:44 - 2014-06-18 18:33 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 05:44 - 2013-11-21 22:48 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 05:43 - 2014-06-18 18:33 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 05:43 - 2013-11-21 22:48 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-25 20:41 - 2014-07-18 22:46 - 00000000 ____D () C:\Users\Hesher\Documents\DVDVideoSoft
2015-03-21 20:20 - 2013-04-27 20:37 - 00000000 ____D () C:\Users\Hesher\Documents\My Games
2015-03-17 21:38 - 2015-01-24 20:51 - 00000000 ____D () C:\Program Files (x86)\Supraball
2015-03-15 17:03 - 2013-02-19 22:23 - 00000000 ____D () C:\Windows\SysWOW64\directx

==================== Files in the root of some directories =======

2014-01-28 14:40 - 2014-01-28 14:40 - 0000624 _____ () C:\Users\Hesher\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-05-15 21:38 - 2013-05-15 21:38 - 0000014 _____ () C:\Users\Hesher\AppData\Roaming\dx.ini
2014-08-25 18:59 - 2014-08-25 21:25 - 0000096 _____ () C:\Users\Hesher\AppData\Roaming\LauncherSettings_live.cfg
2014-02-16 10:24 - 2014-02-16 10:31 - 0032669 _____ () C:\Users\Hesher\AppData\Roaming\LiveSupport.exe_log.txt
2014-02-16 10:24 - 2014-02-16 10:31 - 0000092 _____ () C:\Users\Hesher\AppData\Roaming\regsvr32.exe_log.txt
2014-04-16 12:01 - 2014-04-16 12:01 - 0000798 _____ () C:\Users\Hesher\AppData\Local\recently-used.xbel
2013-04-09 18:11 - 2015-04-14 14:34 - 0007598 _____ () C:\Users\Hesher\AppData\Local\Resmon.ResmonCfg
2014-05-10 18:20 - 2014-12-08 14:32 - 0001534 _____ () C:\ProgramData\ss.ini

Some content of TEMP:
====================
C:\Users\Hesher\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 00:00

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Fühlt sich auf jeden Fall alles sehr krass verlangsamt an, als ob ein Programm alles wegfrisst

Hat jemand eine Idee? Der Ladekreis isi immernoch da und eine Deinstallation hat grade 15 Minuten gedauert..

schrauber 15.04.2015 09:34
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hesher999 15.04.2015 15:32
Code:
ComboFix 15-04-14.01 - Hesher 15.04.2015  15:57:13.2.6 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.8174.6226 [GMT 2:00]
ausgeführt von:: c:\users\Hesher\Downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hesher\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
---- Vorheriger Suchlauf -------
.
c:\users\Hesher\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-03-15 bis 2015-04-15  ))))))))))))))))))))))))))))))
.
.
2015-04-15 14:12 . 2015-04-15 14:12        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-04-14 17:33 . 2015-04-14 17:33        --------        d-----w-        C:\RegBackup
2015-04-14 17:00 . 2015-04-14 17:26        --------        d-----w-        C:\AdwCleaner
2015-04-14 14:12 . 2015-04-08 20:32        560968        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
2015-04-14 14:07 . 2015-04-09 00:58        30397072        ----a-w-        c:\windows\system32\nvcompiler.dll
2015-04-14 14:07 . 2015-04-09 00:58        2935416        ----a-w-        c:\windows\SysWow64\nvapi.dll
2015-04-14 14:07 . 2015-04-09 00:58        25375048        ----a-w-        c:\windows\SysWow64\nvcompiler.dll
2015-04-14 14:02 . 2015-04-14 14:05        --------        d-----w-        C:\FRST
2015-04-14 12:58 . 2015-04-15 14:12        --------        d-----w-        c:\users\Hesher\AppData\Local\PMB Files
2015-04-14 12:46 . 2015-04-14 12:52        --------        d-----w-        c:\users\Hesher\AppData\Local\AviraSpeedup
2015-04-14 00:39 . 2015-04-14 18:12        --------        d-----w-        c:\program files\Rockstar Games
2015-04-11 15:55 . 2015-04-11 15:56        --------        d-----w-        c:\program files (x86)\Euro Truck Simulator 2 Multiplayer
2015-04-08 18:04 . 2015-04-15 05:11        --------        d-----w-        c:\users\Hesher\AppData\Local\Spotify
2015-04-08 18:03 . 2015-04-15 11:56        --------        d-----w-        c:\users\Hesher\AppData\Roaming\Spotify
2015-04-05 20:03 . 2015-04-08 09:32        348672        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2015-04-05 20:03 . 2015-04-05 20:09        76152        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2015-04-05 10:49 . 2015-04-05 10:49        --------        d-----w-        c:\users\Hesher\AppData\Local\Diagnostics
2015-04-04 17:53 . 2015-04-04 17:53        --------        d-----w-        c:\users\Hesher\AppData\Roaming\Need for Speed World
2015-03-31 16:57 . 2015-03-31 16:57        --------        d-----w-        c:\users\Hesher\AppData\Local\LogMeIn
2015-03-30 19:52 . 2015-04-10 20:34        --------        d-----w-        c:\programdata\ManiaPlanet
2015-03-30 13:25 . 2015-03-30 13:25        33856        ---ha-w-        c:\windows\system32\drivers\hamachi.sys
2015-03-28 19:28 . 2015-03-28 20:15        --------        d-----w-        c:\programdata\TrackMania
2015-03-25 19:14 . 2015-03-25 19:39        --------        d-----w-        c:\program files (x86)\Wolfenstein - Enemy Territory
2015-03-24 19:15 . 2015-03-24 19:15        --------        d-----w-        c:\users\Hesher\AppData\Roaming\steam.transformice.com
2015-03-22 19:27 . 2015-03-22 19:27        98304        ----a-w-        c:\windows\system32CmdLineExt.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-09 00:58 . 2012-10-10 20:23        3317344        ----a-w-        c:\windows\system32\nvapi64.dll
2015-04-09 00:58 . 2012-10-10 20:23        17176128        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2015-04-09 00:58 . 2012-10-10 20:22        12689592        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2015-04-08 21:30 . 2013-02-15 22:23        6841488        ----a-w-        c:\windows\system32\nvcpl.dll
2015-04-08 21:30 . 2013-02-15 22:23        3478344        ----a-w-        c:\windows\system32\nvsvc64.dll
2015-04-08 21:30 . 2013-02-15 22:23        936264        ----a-w-        c:\windows\system32\nvvsvc.exe
2015-04-08 21:30 . 2013-02-15 22:23        62608        ----a-w-        c:\windows\system32\nvshext.dll
2015-04-08 21:30 . 2013-02-15 22:23        2558608        ----a-w-        c:\windows\system32\nvsvcr.dll
2015-04-08 21:30 . 2013-02-15 22:23        385168        ----a-w-        c:\windows\system32\nvmctray.dll
2015-04-08 17:52 . 2013-02-15 22:23        4336074        ----a-w-        c:\windows\system32\nvcoproc.bin
2015-04-08 09:32 . 2013-03-16 18:16        348672        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2015-04-08 09:32 . 2013-03-16 18:11        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2015-04-05 06:22 . 2013-10-26 22:49        778928        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-05 06:22 . 2013-10-26 22:49        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-28 03:44 . 2014-06-18 16:33        1316000        ----a-w-        c:\windows\SysWow64\nvspbridge.dll
2015-03-28 03:44 . 2013-11-21 20:48        1316000        ----a-w-        c:\windows\SysWow64\nvspcap.dll
2015-03-28 03:43 . 2014-06-18 16:33        1756424        ----a-w-        c:\windows\system32\nvspbridge64.dll
2015-03-28 03:43 . 2013-11-21 20:48        1570672        ----a-w-        c:\windows\system32\nvspcap64.dll
2015-03-10 12:36 . 2014-09-08 14:09        44088        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2015-03-10 12:36 . 2014-09-08 14:09        132120        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2015-03-10 12:36 . 2014-09-08 14:09        128536        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2015-02-05 21:01 . 2015-02-11 13:14        1895240        ----a-w-        c:\windows\system32\nvdispco6434752.dll
2015-02-05 21:01 . 2015-02-11 13:14        1557648        ----a-w-        c:\windows\system32\nvdispgenco6434752.dll
2015-01-30 17:49 . 2015-01-30 17:49        23256        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-02-13 3093624]
"AdobeBridge"="" [BU]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-04-13 2889408]
"Spotify Web Helper"="c:\users\Hesher\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-04-08 2018360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-03-31 726320]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-03-16 129272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 MAGIX StartUp Analyze Service;MAGIX StartUp Analyze Service;c:\program files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MXSAS.exe;c:\program files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MXSAS.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys;c:\windows\SYSNATIVE\Drivers\lgandadb.sys [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 PorscheWheelFilterUsb;PorscheWheelFilterUsb;c:\windows\system32\DRIVERS\PWFilterUsb.sys;c:\windows\SYSNATIVE\DRIVERS\PWFilterUsb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RealtekCU;RealtekCU;c:\program files (x86)\Sitecom\WiFi USB adapter N300 Driver and Utility\RtlService.exe;c:\program files (x86)\Sitecom\WiFi USB adapter N300 Driver and Utility\RtlService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - AppleCharger
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-04 15:39        1061704        ----a-w-        c:\program files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-26 06:22]
.
2015-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-04 18:55]
.
2015-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-04 18:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-03-28 1570672]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-03-28 2673296]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-09 13672152]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mail.ru/cnt/10445?gp=blackbear7
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mSearch Page = about:blank
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{912B627C-19E2-44B6-B981-5B5ECC460940}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{10921475-03CE-4E04-90CE-E2E7EF20C814} - (no file)
AddRemove-{501451DE-5808-4599-B544-8BD0915B6B24}_is1 - c:\program files (x86)\FreeRIP\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va015]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
  94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}"=hex:51,66,7a,6c,4c,1d,38,12,27,28,80,
  ea,f2,9b,77,08,dc,cc,8d,48,4c,7b,c9,f2
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:36,e0,45,b5,66,05,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,d1,2b,bc,a4,f6,32,40,83,6c,0c,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,d1,2b,bc,a4,f6,32,40,83,6c,0c,\
.
[HKEY_USERS\S-1-5-21-1373372224-1858701567-1832733131-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1373372224-1858701567-1832733131-1000\Software\SecuROM\License information*]
"datasecu"=hex:e4,dc,46,cf,ee,2c,aa,59,74,b3,12,80,0e,74,7f,de,8b,fc,fa,e5,d3,
  62,58,4c,0e,2e,b4,9f,81,bc,77,87,27,79,b7,57,13,52,1b,e7,00,fe,1a,93,fb,54,\
"rkeysecu"=hex:8c,47,53,25,bd,fc,96,71,d5,fa,09,14,3d,17,f9,b6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Sitecom\WiFi USB adapter N300 Driver and Utility\RtWlan.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-04-15  16:27:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-04-15 14:27
.
Vor Suchlauf: 26 Verzeichnis(se), 340.004.925.440 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 339.886.206.976 Bytes frei
.
- - End Of File - - F26E25167428666A5E59F926D1996338
A36C5E4F47E84449FF07ED3517B43A31

schrauber 15.04.2015 20:16
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Hesher999 15.04.2015 21:56
Das hab ich alles schon gemacht, jedoch habe ich heute meinen PC gestartet und es war immernoch da und er kommt mir verdammt langsam vor :/

schrauber 16.04.2015 11:02
Wann hast Du das gemacht? Wo sind die Logfiles davon?

Hesher999 16.04.2015 15:00
ADW:

Code:
# AdwCleaner v4.201 - Bericht erstellt 16/04/2015 um 15:45:45
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-15.1 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : Hesher - HESHER-PC
# Gestarted von : C:\Users\Hesher\Downloads\AdwCleaner_4.201 (1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v


-\\ Google Chrome v41.0.2272.118

[C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] : hxxp://search.conduit.com/?ctid=CT3320691&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP59FEC16C-AB31-4576-8B9B-7FF00AF1EE96&SSPV=

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [43153 Bytes] - [14/04/2015 19:25:18]
AdwCleaner[R1].txt - [1207 Bytes] - [16/04/2015 15:43:21]
AdwCleaner[S0].txt - [9706 Bytes] - [14/04/2015 19:26:17]
AdwCleaner[S1].txt - [1127 Bytes] - [16/04/2015 15:45:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1186  Bytes] ##########
JRT:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.4 (04.13.2015:1)
OS: Windows 7 Ultimate x64
Ran by Hesher on 16.04.2015 at 15:51:21,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.04.2015 at 15:54:33,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by Hesher (administrator) on HESHER-PC on 16-04-2015 15:55:45
Running from C:\Users\Hesher\Downloads
Loaded Profiles: Hesher (Available profiles: Hesher)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Hesher\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-13] ()
HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\...\Run: [Spotify Web Helper] => C:\Users\Hesher\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-08] (Spotify Ltd)
HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)
GroupPolicy-x32: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=blackbear7
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2014-08-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-08-28] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.95.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{912B627C-19E2-44B6-B981-5B5ECC460940}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Hesher\AppData\Roaming\Mozilla\Firefox\Profiles\aFQpYlvG.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-05] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-08-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-08-28] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-05] ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-02-13] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1373372224-1858701567-1832733131-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hesher\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1373372224-1858701567-1832733131-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-02-13] (Pando Networks)
FF Extension: Avira Browser Safety - C:\Users\Hesher\AppData\Roaming\Mozilla\Firefox\Profiles\aFQpYlvG.default\Extensions\abs@avira.com [2014-09-08]

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3320691&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP59FEC16C-AB31-4576-8B9B-7FF00AF1EE96&SSPV=
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Profile: C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-04]
CHR Extension: (YouTube) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-04]
CHR Extension: (GeoGebra) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2014-10-01]
CHR Extension: (Battlefield Heroes) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2013-04-15]
CHR Extension: (Google Search) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-04]
CHR Extension: (FoxyProxy Standard) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2014-01-23]
CHR Extension: (Dark atmosphere) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfpikgkkfdoabncoileilaglepbpdhek [2014-10-26]
CHR Extension: (AdBlock) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Defau

schrauber 16.04.2015 21:25
FRST bitte nochmal, das Log ist nicht komplett.

ProcessExplorer als Ersatz für den Windows Taskmanager installieren

Lade Dir den Process Explorer als Ersatz für den Taskmanager herunter und installiere ihn, hier findest Du eine Anleitung. Das ist ein wesentlich leistungsfähigerer Ersatz für den Windows-Taskmanager. Im Menü unter "Options" kannst Du den ProcessExplorer dauerhaft als Ersatz für den Taskmanager einrichten (Replace Taskmanager). Das ist sehr empfehlenswert, weil der ProcessExplorer erheblich mehr Funktionen als der Taskmanager hat. Wenn Du diese Einstellung gemacht hast, öffnet sich mit der Tastenkombination STRG + ALT + Entf. nicht mehr der Taskmanager, sondern der ProcessExplorer. Das kann jederzeit durch Abhaken dieser Einstellung wieder rückgängig gemacht werden.

Was wir jetzt konkret brauchen: In jeder Zeile steht ein Prozess, ein paar der Zeilen sind keine richtigen Prozesse, sondern nur Pseudoprozesse für die Tätigkeit des Windos-Kernels. Im Menü View => Select Columns wird ein Dialog geöffnet, in dem Du auswählen kannst, welche Spalten mit Informationen zu den Prozessen angezeigt werden sollen. In dem gehe in das Register "Process Performance" und stelle sicher, dass dort "CPU Usage" angehakt ist, "CPU History" wäre ebenfalls sinnvoll. Unter "CPU Usage" wird der aktuelle Wert der Prozessorauslastung für jeden Prozess angezeigt (im Tabellentitel steht nur kurz "CPU"), "CPU History" blendet für jeden Prozess ein Diagramm ein, das eine Kurve mit der Prozessorauslastung für die letzte Zeit anzeigt.

Damit sollte es Dir möglich sein, zu identifizieren, welcher Prozess Deine CPU in Trab hält. Mache einen Doppelklick auf den Prozess. Du kannst von dem ganzen auch einen Screenshot machen und ihn als Anhang mit Deiner Antwort hochladen (auf "Erweitert" unter dem Textfeld klicken und über "Anhänge verwalten" auf Deinem Rechner suchen lassen und über "Hochladen" anhängen).

Hesher999 16.04.2015 21:37
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by Hesher (administrator) on HESHER-PC on 16-04-2015 22:30:30
Running from C:\Users\Hesher\Downloads
Loaded Profiles: Hesher (Available profiles: Hesher)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(TeamSpeak Systems GmbH) C:\Users\Hesher\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Hesher\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-13] ()
HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\...\Run: [Spotify Web Helper] => C:\Users\Hesher\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-08] (Spotify Ltd)
HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)
GroupPolicy-x32: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1373372224-1858701567-1832733131-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=blackbear7
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2014-08-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-08-28] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.95.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{912B627C-19E2-44B6-B981-5B5ECC460940}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Hesher\AppData\Roaming\Mozilla\Firefox\Profiles\aFQpYlvG.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-05] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-08-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-08-28] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-05] ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-02-13] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1373372224-1858701567-1832733131-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hesher\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1373372224-1858701567-1832733131-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-02-13] (Pando Networks)
FF Extension: Avira Browser Safety - C:\Users\Hesher\AppData\Roaming\Mozilla\Firefox\Profiles\aFQpYlvG.default\Extensions\abs@avira.com [2014-09-08]

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3320691&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP59FEC16C-AB31-4576-8B9B-7FF00AF1EE96&SSPV=
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Profile: C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-04]
CHR Extension: (YouTube) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-04]
CHR Extension: (GeoGebra) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2014-10-01]
CHR Extension: (Battlefield Heroes) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2013-04-15]
CHR Extension: (Google Search) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-04]
CHR Extension: (FoxyProxy Standard) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2014-01-23]
CHR Extension: (Dark atmosphere) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfpikgkkfdoabncoileilaglepbpdhek [2014-10-26]
CHR Extension: (AdBlock) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-14]
CHR Extension: (Break The Wall) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhfgnobmdkblmbdahcnpajbjnfmknpn [2013-03-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Hesher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-04]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-31] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-03] ()
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-11-24] (EasyAntiCheat Ltd)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-03-30] (Electronic Arts)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-01] ()
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-04-05] ()
S2 RealtekCU; C:\Program Files (x86)\Sitecom\WiFi USB adapter N300 Driver and Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 MAGIX StartUp Analyze Service; C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MXSAS.exe [X]
S2 sppsvc; %SystemRoot%\system32\sppsvc.exe [X]
S4 sppuinotify; %SystemRoot%\system32\sppuinotify.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 PorscheWheelFilterUsb; C:\Windows\System32\DRIVERS\PWFilterUsb.sys [58448 2010-12-15] (Windows (R) Codename Longhorn DDK provider)
S3 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [676864 2010-01-06] (Realtek Semiconductor Corporation                          ) [File not signed]
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1525904 2012-12-18] (Realtek Semiconductor Corporation                          )
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 androidusb; System32\Drivers\lgandadb.sys [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz132; \??\C:\Users\Hesher\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 15:56 - 2015-04-16 15:56 - 00026374 _____ () C:\Users\Hesher\Downloads\Addition.txt
2015-04-16 15:55 - 2015-04-16 22:30 - 00018017 _____ () C:\Users\Hesher\Downloads\FRST.txt
2015-04-16 15:44 - 2015-04-16 15:44 - 02097664 _____ (Farbar) C:\Users\Hesher\Downloads\FRST64 (1).exe
2015-04-16 15:42 - 2015-04-16 15:42 - 02217984 _____ () C:\Users\Hesher\Downloads\AdwCleaner_4.201 (1).exe
2015-04-16 13:24 - 2015-04-16 13:24 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-16 13:24 - 2015-04-16 13:24 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-16 13:24 - 2015-04-16 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-16 13:23 - 2015-04-16 13:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-16 13:23 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-16 13:23 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-16 13:23 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-16 13:22 - 2015-04-16 13:22 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Hesher\Downloads\mbam-setup-2.1.4.1018 (1).exe
2015-04-15 16:45 - 2015-04-15 16:45 - 02687136 _____ (Thisisu) C:\Users\Hesher\Downloads\JRT (1).exe
2015-04-15 16:27 - 2015-04-15 16:27 - 00022168 _____ () C:\ComboFix.txt
2015-04-15 15:56 - 2015-04-15 16:28 - 00000000 ____D () C:\ComboFix
2015-04-14 19:33 - 2015-04-14 19:33 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HESHER-PC-Windows-7-Ultimate-(64-bit).dat
2015-04-14 19:33 - 2015-04-14 19:33 - 00000000 ____D () C:\RegBackup
2015-04-14 19:31 - 2015-04-14 19:32 - 02687136 _____ (Thisisu) C:\Users\Hesher\Desktop\JRT.exe
2015-04-14 19:00 - 2015-04-16 15:45 - 00000000 ____D () C:\AdwCleaner
2015-04-14 18:59 - 2015-04-14 18:59 - 02217984 _____ () C:\Users\Hesher\Downloads\AdwCleaner_4.201.exe
2015-04-14 18:54 - 2015-04-14 18:54 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Hesher\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-14 18:24 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-14 18:24 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-14 18:24 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-14 18:24 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-14 18:24 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-14 18:24 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-14 18:24 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-14 18:24 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-14 18:23 - 2015-04-15 16:28 - 00000000 ____D () C:\Qoobox
2015-04-14 18:23 - 2015-04-14 18:48 - 00000000 ____D () C:\Windows\erdnt
2015-04-14 18:22 - 2015-04-15 15:47 - 05618457 ____R (Swearware) C:\Users\Hesher\Downloads\ComboFix.exe
2015-04-14 17:58 - 2015-04-16 16:01 - 00000080 _____ () C:\Users\Hesher\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-04-14 16:49 - 2015-04-14 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-14 16:45 - 2015-04-14 16:45 - 01142128 _____ () C:\Users\Hesher\Downloads\SteamSetup (1).exe
2015-04-14 16:12 - 2015-04-08 22:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-14 16:08 - 2015-04-09 02:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-14 16:08 - 2015-04-09 02:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-14 16:08 - 2015-04-09 02:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-14 16:07 - 2015-04-09 02:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-14 16:07 - 2015-04-09 02:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-14 16:07 - 2015-04-09 02:58 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-14 16:02 - 2015-04-16 22:30 - 00000000 ____D () C:\FRST
2015-04-14 16:01 - 2015-04-14 16:01 - 02096640 _____ (Farbar) C:\Users\Hesher\Downloads\FRST64.exe
2015-04-14 14:58 - 2015-04-16 15:51 - 00000000 ____D () C:\Users\Hesher\AppData\Local\PMB Files
2015-04-14 14:57 - 2015-04-16 15:47 - 00904812 _____ () C:\Windows\setupact.log
2015-04-14 14:57 - 2015-04-16 15:46 - 00002674 _____ () C:\Windows\PFRO.log
2015-04-14 14:57 - 2015-04-14 14:57 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-14 14:56 - 2015-04-14 14:56 - 00000533 _____ () C:\Users\Hesher\Documents\Uninstall STAR WARS The Old Republic.log
2015-04-14 14:46 - 2015-04-14 14:52 - 00000000 ____D () C:\Users\Hesher\AppData\Local\AviraSpeedup
2015-04-14 14:40 - 2015-04-14 14:40 - 01190415 _____ () C:\Users\Hesher\Downloads\ProcessExplorer.zip
2015-04-14 13:52 - 2015-04-14 13:52 - 01203488 _____ () C:\Users\Hesher\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-04-14 02:39 - 2015-04-14 20:12 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-11 17:56 - 2015-04-11 17:56 - 00001199 _____ () C:\Users\Public\Desktop\Play Euro Truck Simulator 2 Multiplayer.lnk
2015-04-11 17:56 - 2015-04-11 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 Multiplayer
2015-04-11 17:55 - 2015-04-11 17:56 - 00000000 ____D () C:\Program Files (x86)\Euro Truck Simulator 2 Multiplayer
2015-04-08 20:04 - 2015-04-16 13:44 - 00000000 ____D () C:\Users\Hesher\AppData\Local\Spotify
2015-04-08 20:04 - 2015-04-08 20:04 - 00001805 _____ () C:\Users\Hesher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-08 20:03 - 2015-04-16 13:44 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\Spotify
2015-04-05 22:04 - 2015-04-05 22:05 - 00000000 ____D () C:\Users\Hesher\Documents\Battlefield 3
2015-04-05 22:03 - 2015-04-08 11:32 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-04-05 22:03 - 2015-04-05 22:09 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-04-04 23:22 - 2015-04-04 23:22 - 00003122 _____ () C:\Windows\System32\Tasks\{DCB06167-B428-425E-B4B6-4F173F4A0EB6}
2015-04-04 19:53 - 2015-04-04 19:53 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\Need for Speed World
2015-04-04 17:25 - 2015-04-04 17:25 - 00000000 ____D () C:\Users\Hesher\Documents\NFS Undercover
2015-03-31 18:57 - 2015-03-31 18:57 - 00000000 ____D () C:\Users\Hesher\AppData\Local\LogMeIn
2015-03-30 21:52 - 2015-04-10 22:34 - 00000000 ____D () C:\Users\Hesher\Documents\ManiaPlanet
2015-03-30 21:52 - 2015-04-10 22:34 - 00000000 ____D () C:\ProgramData\ManiaPlanet
2015-03-30 15:25 - 2015-03-30 15:25 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\Drivers\hamachi.sys
2015-03-28 21:28 - 2015-03-31 16:27 - 00000000 ____D () C:\Users\Hesher\Documents\TrackMania
2015-03-28 21:28 - 2015-03-28 22:15 - 00000000 ____D () C:\ProgramData\TrackMania
2015-03-25 21:14 - 2015-03-25 21:39 - 00000000 ____D () C:\Program Files (x86)\Wolfenstein - Enemy Territory
2015-03-24 21:15 - 2015-03-24 21:15 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\steam.transformice.com
2015-03-22 21:27 - 2015-03-22 21:27 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\system32CmdLineExt.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 22:28 - 2013-02-17 17:18 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-16 22:24 - 2013-08-14 10:21 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\TS3Client
2015-04-16 21:57 - 2013-10-27 00:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-16 21:46 - 2013-02-04 20:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-16 21:38 - 2013-02-04 20:55 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-16 15:50 - 2013-02-16 00:51 - 02002395 _____ () C:\Windows\WindowsUpdate.log
2015-04-16 15:46 - 2013-02-16 00:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-16 15:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-15 21:02 - 2013-02-04 21:08 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\Skype
2015-04-15 16:28 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-15 16:15 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-14 20:12 - 2013-02-26 21:15 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-14 18:48 - 2013-02-04 19:23 - 00000000 ___RD () C:\Users\Hesher\Desktop\Programme
2015-04-14 18:30 - 2014-02-16 10:29 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-14 16:45 - 2013-02-16 00:25 - 00000000 ____D () C:\Users\Hesher
2015-04-14 16:27 - 2014-09-22 18:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-04-14 16:27 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-14 16:26 - 2014-09-08 16:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-14 16:13 - 2013-11-21 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-14 16:09 - 2013-02-16 00:22 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-14 14:57 - 2009-07-14 06:45 - 05045704 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-14 14:51 - 2015-01-21 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
2015-04-14 14:51 - 2014-07-26 21:44 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CreepTD
2015-04-14 14:51 - 2014-05-01 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
2015-04-14 14:51 - 2013-09-05 21:26 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-04-14 14:51 - 2013-09-05 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-04-14 14:51 - 2013-06-23 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rFactor
2015-04-14 14:51 - 2013-03-13 17:26 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IVMP
2015-04-14 14:51 - 2013-02-04 22:15 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-04-14 14:46 - 2013-02-17 18:46 - 00122288 _____ () C:\Users\Hesher\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-14 14:34 - 2013-04-09 18:11 - 00007598 _____ () C:\Users\Hesher\AppData\Local\Resmon.ResmonCfg
2015-04-14 14:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-14 13:42 - 2013-04-01 23:45 - 00000000 ____D () C:\Users\Hesher\AppData\Local\Rockstar Games
2015-04-14 13:42 - 2013-02-04 17:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-14 02:39 - 2013-03-12 15:57 - 00000000 ____D () C:\Users\Hesher\Documents\Rockstar Games
2015-04-13 21:42 - 2014-07-05 10:03 - 00000000 ____D () C:\Users\Hesher\Documents\Euro Truck Simulator 2
2015-04-13 16:25 - 2013-02-04 19:20 - 00000000 ___RD () C:\Users\Hesher\Desktop\Schule
2015-04-12 14:47 - 2013-02-16 09:14 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-04-12 14:47 - 2013-02-16 09:14 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-04-12 14:47 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 16:40 - 2013-02-08 13:37 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\.minecraft
2015-04-09 13:36 - 2014-09-08 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-09 13:36 - 2013-10-07 21:49 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-09 11:41 - 2013-04-28 01:36 - 00000000 ____D () C:\ProgramData\Origin
2015-04-09 02:58 - 2014-01-08 12:33 - 00029329 _____ () C:\Windows\system32\nvinfo.pb
2015-04-09 02:58 - 2012-10-10 22:23 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-09 02:58 - 2012-10-10 22:23 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-09 02:58 - 2012-10-10 22:22 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-08 23:30 - 2013-02-16 00:23 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-08 23:30 - 2013-02-16 00:23 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-08 23:30 - 2013-02-16 00:23 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-08 23:30 - 2013-02-16 00:23 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-08 23:30 - 2013-02-16 00:23 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-08 23:30 - 2013-02-16 00:23 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-08 19:52 - 2013-02-16 00:23 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-08 14:45 - 2013-09-29 16:56 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-04-08 13:47 - 2014-12-08 14:35 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\concept design
2015-04-08 11:32 - 2013-03-16 20:16 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-04-08 11:32 - 2013-03-16 20:11 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-04-06 12:59 - 2014-10-29 17:52 - 00300544 ___SH () C:\Users\Hesher\Desktop\Thumbs.db
2015-04-05 08:22 - 2014-10-22 08:55 - 00000000 ____D () C:\Users\Hesher\AppData\Local\Adobe
2015-04-05 08:22 - 2013-10-27 00:49 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-05 08:22 - 2013-10-27 00:49 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-05 08:22 - 2013-10-27 00:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-04 17:57 - 2013-05-27 22:42 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-04-04 17:57 - 2013-05-13 17:24 - 00000000 ____D () C:\Users\Hesher\AppData\Local\Electronic_Arts_Inc
2015-04-04 17:24 - 2013-03-16 20:15 - 00000000 ____D () C:\Users\Hesher\AppData\Local\PunkBuster
2015-03-31 15:44 - 2014-09-08 16:15 - 00000000 ____D () C:\Users\Hesher\AppData\Roaming\Avira
2015-03-31 15:43 - 2014-09-08 16:01 - 00000000 ____D () C:\ProgramData\Avira
2015-03-30 20:31 - 2013-09-29 16:52 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-28 22:20 - 2015-02-10 09:18 - 00000000 ____D () C:\Users\Hesher\AppData\Local\VirtualStore
2015-03-28 05:44 - 2014-06-18 18:33 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 05:44 - 2013-11-21 22:48 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 05:43 - 2014-06-18 18:33 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 05:43 - 2013-11-21 22:48 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-25 20:41 - 2014-07-18 22:46 - 00000000 ____D () C:\Users\Hesher\Documents\DVDVideoSoft
2015-03-21 20:20 - 2013-04-27 20:37 - 00000000 ____D () C:\Users\Hesher\Documents\My Games
2015-03-17 21:38 - 2015-01-24 20:51 - 00000000 ____D () C:\Program Files (x86)\Supraball

==================== Files in the root of some directories =======

2014-01-28 14:40 - 2014-01-28 14:40 - 0000624 _____ () C:\Users\Hesher\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-05-15 21:38 - 2013-05-15 21:38 - 0000014 _____ () C:\Users\Hesher\AppData\Roaming\dx.ini
2014-08-25 18:59 - 2014-08-25 21:25 - 0000096 _____ () C:\Users\Hesher\AppData\Roaming\LauncherSettings_live.cfg
2014-04-16 12:01 - 2014-04-16 12:01 - 0000798 _____ () C:\Users\Hesher\AppData\Local\recently-used.xbel
2013-04-09 18:11 - 2015-04-14 14:34 - 0007598 _____ () C:\Users\Hesher\AppData\Local\Resmon.ResmonCfg
2014-05-10 18:20 - 2014-12-08 14:32 - 0001534 _____ () C:\ProgramData\ss.ini

Some content of TEMP:
====================
C:\Users\Hesher\AppData\Local\Temp\avgnt.exe
C:\Users\Hesher\AppData\Local\Temp\procexp64.exe
C:\Users\Hesher\AppData\Local\Temp\Quarantine.exe
C:\Users\Hesher\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 00:00

==================== End Of Log ============================
--- --- ---

--- --- ---


Hast du eine Idee warum das ganze nach nem Neustart wieder auftritt?

Nachdem ich die Programm hab drüber laufen lassen, ist auch wie alles normal und die CPU Auslastung pendelt sich bei 3% ein, nach einem Neustart jedoch nicht mehr :/

schrauber 17.04.2015 09:37
Screenshot wie oben beschrieben mit Process Explorer bitte.

Hesher999 17.04.2015 12:35
http://www.pic-upload.de/view-267527...12-82.jpg.html

http://www.pic-upload.de/view-267527...19-50.jpg.html


hxxp://www.pic-upload.de/view-26752716/Dwm-2015-04-17-13-28-12-82.jpg.html

hxxp://www.pic-upload.de/view-26752715/Dwm-2015-04-17-13-28-19-50.jpg.html

schrauber 17.04.2015 20:07
Bitte ganz normal hier im Thema anhängen, solche Uploadseiten sind bei mir grundsätzlich gesperrt :)

Hesher999 17.04.2015 22:16
Liste der Anhänge anzeigen (Anzahl: 2)
So da sind se...


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:13 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131