Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-05-2014
Ran by vlad at 2014-05-19 14:20:45
Running from C:\Users\vlad\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Antichamber (HKLM\...\Steam App 219890) (Version: - Alexander Bruce)
Arma: Cold War Assault (HKLM\...\Steam App 65790) (Version: - Bohemia Interactive)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2018 - Avast Software)
BattleBlock Theater (HKLM\...\Steam App 238460) (Version: - The Behemoth)
BioShock (HKLM\...\Steam App 7670) (Version: - 2K Boston)
BioShock 2 (HKLM\...\Steam App 8850) (Version: - 2K Marin)
BioShock Infinite (HKLM\...\Steam App 8870) (Version: - Irrational Games)
Borderlands (HKLM\...\Steam App 8980) (Version: - Gearbox Software)
Borderlands 2 (HKLM\...\Steam App 49520) (Version: - Gearbox Software)
Cave Story Deluxe (HKLM\...\Cave Story Deluxe) (Version: - )
Cry of Fear (HKLM\...\Steam App 223710) (Version: - Team Psykskallar)
Crysis (HKLM\...\Steam App 17300) (Version: - Crytek)
Disney-Pixar WALL-E (HKLM\...\{B94C6815-7BCC-4124-AC39-9208A06FFFA7}) (Version: 1.00.0000 - THQ)
Dojotech Spotify Recorder (HKLM\...\{D149DB2E-392E-48CC-8036-88BECC09C50A}) (Version: 3.2 - Dojotech Software)
Don't Starve (HKLM\...\Steam App 219740) (Version: - Klei Entertainment)
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
Driver Booster (HKLM\...\Driver Booster_is1) (Version: 1.2 - IObit)
Edna & Harvey: Harvey's New Eyes (HKLM\...\Steam App 219910) (Version: - Daedalic Entertainment)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FINAL FANTASY VII (HKLM\...\Steam App 39140) (Version: - Square Enix)
Free System Utilities (HKLM\...\{b70d03b1-2a07-4c32-beef-79d2d13a5bee}) (Version: 1.1.3.0 - Covus Freemium GmbH)
Free SystemUtilities (Version: 1.1.3.0 - Covus Freemium GmbH) Hidden
Game Dev Tycoon (HKLM\...\Steam App 239820) (Version: - Greenheart Games)
GameSpy Comrade (HKLM\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Garry's Mod (HKLM\...\Steam App 4000) (Version: - Garry)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM\...\Steam App 12210) (Version: - Rockstar North)
Greenfish Icon Editor Pro 3.31 (HKLM\...\{27135B83-5AFF-42A3-BCEB-E689BE9E2090}_is1) (Version: - Greenfish Corporation)
Half-Life (HKLM\...\Steam App 70) (Version: - Valve)
Half-Life 2 (HKLM\...\Steam App 220) (Version: - Valve)
Half-Life 2: Episode One (HKLM\...\Steam App 380) (Version: - Valve)
Half-Life 2: Episode Two (HKLM\...\Steam App 420) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM\...\Steam App 340) (Version: - Valve)
Half-Life: Blue Shift (HKLM\...\Steam App 130) (Version: - Gearbox Software)
Half-Life: Opposing Force (HKLM\...\Steam App 50) (Version: - Gearbox Software)
Hamachi 1.0.3.0 (HKLM\...\Hamachi) (Version: - )
Hitman 2: Silent Assassin (HKLM\...\Steam App 6850) (Version: - IO Interactive)
Hitman: Absolution (HKLM\...\Steam App 203140) (Version: - IO Interactive)
Hitman: Blood Money (HKLM\...\Steam App 6860) (Version: - IO Interactive)
Hitman: Codename 47 (HKLM\...\Steam App 6900) (Version: - IO Interactive)
Hitman: Contracts (HKLM\...\Steam App 247430) (Version: - )
Hitman: Sniper Challenge (HKLM\...\Steam App 205930) (Version: - IO Interactive)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 45 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Just Cause (HKLM\...\Steam App 6880) (Version: - Avalanche)
Just Cause 2 (HKLM\...\Steam App 8190) (Version: - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM\...\Steam App 259080) (Version: - JC2-MP Team)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve)
lightshot-5.1.0.15 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.0.15 - Skillbrains)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MEDUSA NX USB 5.1 Gaming Headset (HKLM\...\C-Media CM106 Like Sound Driver) (Version: - )
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (HKLM\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 24.0 (x86 de) (HKLM\...\Mozilla Firefox 24.0 (x86 de)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
My Game Long Name (HKLM\...\UDK-ca5c1d5d-d51e-436b-b5ea-a8b1d7131cb6) (Version: - Epic Games, Inc.)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
Outlast (HKLM\...\Steam App 238320) (Version: - Red Barrels)
Overwolf (HKLM\...\{0A337036-B73E-4C85-8D32-3851F84B7CFE}) (Version: 0.46.271 - Overwolf)
Plus-HD-3.8 (HKLM\...\Plus-HD-3.8) (Version: 1.27.153.11 - Plus HD) <==== ATTENTION
Portal (HKLM\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM\...\Steam App 620) (Version: - Valve)
POSTAL 2 (HKLM\...\Steam App 223470) (Version: - Running With Scissors)
Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Q.U.B.E. (HKLM\...\Steam App 203730) (Version: - Toxic Games)
Razer Game Booster (HKLM\...\Razer Game Booster_is1) (Version: 4.1.59.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM\...\Steam App 236830) (Version: - )
Reus (HKLM\...\Steam App 222730) (Version: - Abbey Games)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM\...\Steam App 35450) (Version: - Tripwire Interactive)
Rogue Legacy (HKLM\...\Steam App 241600) (Version: - Cellar Door Games)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
SketchUp 2013 (HKLM\...\{2C0777B8-E91F-45AA-976B-7EB6B40E5400}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version: - Valve)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Starbound (HKLM\...\Steam App 211820) (Version: - )
State of Decay (HKLM\...\Steam App 241540) (Version: - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Update kb70007 (Version: 1.0.0 - MSR) Hidden
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
The Binding of Isaac (HKLM\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Plan (HKLM\...\Steam App 250600) (Version: - Krillbite Studio)
The Sims(TM) 3 (HKLM\...\Steam App 47890) (Version: - The Sims Studio)
The Stanley Parable (HKLM\...\Steam App 221910) (Version: - Galactic Cafe)
The Walking Dead (HKLM\...\Steam App 207610) (Version: - )
The Walking Dead: Season Two (HKLM\...\Steam App 261030) (Version: - Telltale Games)
Thomas Was Alone (HKLM\...\Steam App 220780) (Version: - Mike Bithell)
Tomb Raider (HKLM\...\Steam App 203160) (Version: - Crystal Dynamics)
Tomb Raider (VI): The Angel of Darkness (HKLM\...\Steam App 225020) (Version: - Core Design)
Tomb Raider I (HKLM\...\Steam App 224960) (Version: - Core Design)
Tomb Raider II (HKLM\...\Steam App 225300) (Version: - Core Design)
Tomb Raider III: Adventures of Lara Croft (HKLM\...\Steam App 225320) (Version: - Core Design)
Tomb Raider: Anniversary (HKLM\...\Steam App 8000) (Version: - Crystal Dynamics)
Tomb Raider: Chronicles (HKLM\...\Steam App 225000) (Version: - Core Design)
Tomb Raider: Legend (HKLM\...\Steam App 7000) (Version: - Crystal Dynamics)
Tomb Raider: The Last Revelation (HKLM\...\Steam App 224980) (Version: - Core Design)
Tomb Raider: Underworld (HKLM\...\Steam App 8140) (Version: - Crystal Dynamics)
Unreal Development Kit: 2012-10 (HKLM\...\UDK-9a945cf0-3152-4d4f-a428-35aebc522f71) (Version: - Epic Games, Inc.)
Update for Microsoft .NET Framework 4.5 (KB2750147) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805221) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805226) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Restore Points =========================
11-05-2014 19:56:35 Free System Utilities 11.05.2014 21:56:32
15-05-2014 05:11:16 Removed IObit Apps Toolbar v9.1.
15-05-2014 05:12:23 Removed IObit Apps Toolbar v9.1.
15-05-2014 12:06:14 Removed IObit Apps Toolbar v9.1.
15-05-2014 12:09:22 Removed PlayReady PC Runtime X86
15-05-2014 12:11:38 Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU wird entfernt
15-05-2014 12:31:28 Removed Adobe Shockwave Player 11.6.
15-05-2014 12:42:10 Revo Uninstaller's restore point - IObit Apps Toolbar v9.1
15-05-2014 12:42:32 Removed IObit Apps Toolbar v9.1.
15-05-2014 12:52:40 Revo Uninstaller's restore point - Adobe Flash Player 13 ActiveX
15-05-2014 12:53:29 Revo Uninstaller's restore point - Adobe Flash Player 13 Plugin
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0B5B728B-C893-48CD-9612-C161319287B5} - System32\Tasks\Freemium1ClickMaint => C:\Program Files\Covus Freemium\Free System Utilities\1Click.exe [2013-10-09] (Covus Freemium GmbH)
Task: {43A1A5BA-F03D-4D1F-AB04-73507EF3A8FC} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe [2014-01-10] (IObit)
Task: {546B77E0-2D16-4A99-BE50-BF9A98E0A69D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-13] (Google Inc.)
Task: {597B8412-CAD4-4CF9-9F0E-1AEC902EFD5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-13] (Google Inc.)
Task: {6425BDED-C0D8-49F5-AFEB-3613AFF6F841} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe
Task: {964E9CCF-D038-4D07-8107-8C1B071B4148} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: {CBD415AA-B846-4F3F-AF3E-EDBD7E9136D9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-22] (AVAST Software)
Task: {D8DE037A-B9D5-4AD5-BD12-CC71EB7F3D81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {EF8E9ECD-32D9-4E3F-B9E1-C328774C6DA8} - System32\Tasks\update-S-1-5-21-4018679884-465560905-3469409432-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-4018679884-465560905-3469409432-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe
==================== Loaded Modules (whitelisted) =============
2013-12-07 16:39 - 2014-03-04 14:34 - 00109000 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-10-21 13:43 - 2013-10-20 08:08 - 02136576 _____ () C:\Program Files\AVAST Software\Avast\defs\13102000\algo.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2013-10-21 13:43 - 2013-10-21 13:43 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-17 12:02 - 2014-04-22 00:55 - 00340480 _____ () C:\Program Files\Steam\libavresample-1.dll
2014-05-17 12:02 - 2014-04-22 00:55 - 00471552 _____ () C:\Program Files\Steam\libavutil-53.dll
2014-05-17 12:03 - 2014-04-01 00:09 - 00754688 _____ () C:\Program Files\Steam\SDL2.dll
2014-05-17 12:02 - 2014-04-24 00:01 - 01092288 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
2014-05-17 12:02 - 2014-03-03 21:15 - 20626624 _____ () C:\Program Files\Steam\bin\libcef.dll
2014-05-17 12:02 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files\Steam\bin\avcodec-53.dll
2014-05-17 12:02 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files\Steam\bin\avutil-51.dll
2014-05-17 12:02 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files\Steam\bin\avformat-53.dll
2014-05-11 20:29 - 2014-05-08 15:23 - 00018944 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
2014-05-11 20:29 - 2014-05-08 15:23 - 00064000 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\InstallerLibrary.dll
2014-05-11 20:29 - 2014-05-08 15:23 - 00016896 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\Installer.dll
2014-05-11 20:29 - 2014-05-19 13:55 - 00086528 _____ () C:\Program Files\MSR\Privoxy\mgwz.dll
2014-05-14 14:40 - 2014-05-08 01:29 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
2014-05-14 14:40 - 2014-05-08 01:29 - 00674632 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\libglesv2.dll
2014-05-14 14:40 - 2014-05-08 01:29 - 00093000 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\libegl.dll
2014-05-14 14:40 - 2014-05-08 01:29 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\pdf.dll
2014-05-14 14:40 - 2014-05-08 01:29 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
2014-05-14 14:40 - 2014-05-08 01:29 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: DrvUpdater => C:\Users\vlad\AppData\Roaming\DRPSu\DrvUpdater.exe /hide
MSCONFIG\startupreg: Overwolf => C:\Program Files\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Spotify => "C:\Users\vlad\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\vlad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/19/2014 01:56:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/19/2014 01:42:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/18/2014 06:11:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/18/2014 06:06:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/17/2014 11:45:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/16/2014 10:52:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/16/2014 05:03:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/16/2014 01:54:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.500, Zeitstempel: 0x533d8de2
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x69737265
ID des fehlerhaften Prozesses: 0x8c4
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (05/16/2014 01:53:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/16/2014 01:51:35 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
System errors:
=============
Error: (05/19/2014 01:57:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/19/2014 01:55:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 19.05.2014 um 13:53:47 unerwartet heruntergefahren.
Error: (05/19/2014 01:42:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/19/2014 01:41:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SystemUpdatekb70007" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/19/2014 01:41:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SystemUpdatekb70007 erreicht.
Error: (05/18/2014 06:10:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/18/2014 06:10:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/18/2014 06:10:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.
Error: (05/18/2014 06:07:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/17/2014 11:44:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (05/19/2014 01:56:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/19/2014 01:42:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/18/2014 06:11:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/18/2014 06:06:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/17/2014 11:45:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/16/2014 10:52:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/16/2014 05:03:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/16/2014 01:54:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.500533d8de2unknown0.0.0.000000000c0000005697372658c401cf70fd2e3d108cC:\Program Files\Malwarebytes Anti-Malware\mbam.exeunknowndcf2a07d-dcf0-11e3-a2a4-3085a94274df
Error: (05/16/2014 01:53:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/16/2014 01:51:35 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
==================== Memory info ===========================
Percentage of memory in use: 51%
Total physical RAM: 3198.12 MB
Available physical RAM: 1545.27 MB
Total Pagefile: 6394.53 MB
Available Pagefile: 4334.38 MB
Total Virtual: 3071.88 MB
Available Virtual: 2930.77 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:501.43 GB) NTFS
Drive d: (WALL-E) (CDROM) (Total:3.49 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 61C89B35)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
==================== End Of Log ============================ Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:16 on 19/05/2014 (vlad)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=769f41f36249694aba45ac46bc8f7b01
# engine=18300
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-17 12:08:32
# local_time=2014-05-17 02:08:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 76 169642 18556051 0 0
# compatibility_mode=5893 16776573 100 94 7949 151959703 0 0
# scanned=440132
# found=2
# cleaned=2
# scan_time=6362
sh=91A36ECC07C1A2FDFC46A22BE61580DB05B9A07B ft=1 fh=3949443ec6f71fd1 vn="Win32/OutBrowse.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-4018679884-465560905-3469409432-1000\$RBLUKMS.exe"
sh=91A36ECC07C1A2FDFC46A22BE61580DB05B9A07B ft=1 fh=3949443ec6f71fd1 vn="Win32/OutBrowse.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-4018679884-465560905-3469409432-1000\$RPYBXW7.exe"
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014
Ran by vlad (administrator) on VLAD-PC on 19-05-2014 14:20:20
Running from C:\Users\vlad\Desktop
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Spotify Ltd) C:\Users\vlad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Razer Inc.) C:\Program Files\Razer\Razer Game Booster\RzKLService.exe
() C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(The Privoxy team - www.privoxy.org) C:\Program Files\MSR\Privoxy\privoxy.exe
(Skillbrains) C:\Users\vlad\AppData\Local\Skillbrains\lightshot\5.1.0.15\Lightshot.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6667992 2014-04-16] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-22] (AVAST Software)
HKLM\...\Run: [Cm106Sound] => RunDll32 cm106.cpl,CMICtrlWnd
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [1081112 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1825984 2014-04-24] (Valve Corporation)
HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [Spotify Web Helper] => C:\Users\vlad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-16] (Spotify Ltd)
HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [LightShot] => C:\Users\vlad\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226592 2014-03-06] ()
HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\MountPoints2: {0991ce67-33f1-11e3-a25e-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\MountPoints2: {632248a1-446a-11e3-a955-3085a94274df} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled ()
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\vlad\AppData\Roaming\Mozilla\Firefox\Profiles\l31jvc68.default-1400128695494
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-13]
Chrome:
=======
CHR HomePage:
CHR StartupUrls: "https://www.google.de/", "hxxp://www.v9.com/?type=hppp&ts=1400067628&from=irs&uid=HitachiXHDS721010DLE630_MSE523RP09LKLH09LKLHX&i=psd&t=342815dbc", "hxxp://www.msn.com/?pc=AV01"
CHR Extension: (Google Docs) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-13]
CHR Extension: (Adblock Plus) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-12]
CHR Extension: (Google Wallet) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-13]
CHR Extension: (SiteBlock) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2014-05-12]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-22] (AVAST Software)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2011-07-26] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19405768 2014-04-02] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [18360 2013-11-11] (Overwolf Ltd)
R2 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)
R2 SystemUpdatekb70007; C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] ()
==================== Drivers (Whitelisted) ====================
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [57856 2012-10-25] (Alcor Micro, Corp.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-22] ()
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2013-10-14] (LogMeIn, Inc.)
S3 JRAID; C:\Windows\system32\drivers\jraid.sys [93096 2009-07-18] (JMicron Technology Corp.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30984 2013-01-03] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-21] (NVIDIA Corporation)
S3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1515520 2009-10-01] (C-Media Electronics Inc)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2011-07-26] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2011-07-26] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2011-07-26] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2011-07-26] (Microsoft Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-19 14:20 - 2014-05-19 14:20 - 00012605 _____ () C:\Users\vlad\Desktop\FRST.txt
2014-05-19 14:20 - 2014-05-19 14:20 - 00000000 ____D () C:\FRST
2014-05-19 14:18 - 2014-05-19 14:18 - 01056768 _____ (Farbar) C:\Users\vlad\Desktop\FRST.exe
2014-05-19 14:16 - 2014-05-19 14:17 - 00000470 _____ () C:\Users\vlad\Downloads\defogger_disable.log
2014-05-19 14:16 - 2014-05-19 14:16 - 00000000 _____ () C:\Users\vlad\defogger_reenable
2014-05-19 14:15 - 2014-05-19 14:15 - 00050477 _____ () C:\Users\vlad\Downloads\Defogger.exe
2014-05-17 16:29 - 2014-05-17 16:29 - 00529265 _____ () C:\Users\vlad\Downloads\epsxe170.zip
2014-05-17 16:20 - 2014-05-17 16:20 - 00000215 _____ () C:\Users\vlad\Desktop\Arma Cold War Assault.url
2014-05-17 12:18 - 2014-05-17 12:18 - 00000000 ____D () C:\Program Files\ESET
2014-05-15 20:57 - 2014-05-15 20:57 - 00000216 _____ () C:\Users\vlad\Desktop\BattleBlock Theater.url
2014-05-15 14:00 - 2014-05-15 14:00 - 01141680 _____ () C:\Users\vlad\Downloads\SteamSetup.exe
2014-05-15 07:12 - 2014-05-15 14:09 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-14 23:04 - 2014-05-14 23:04 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu (1).exe
2014-05-14 20:42 - 2014-05-14 20:42 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu.exe
2014-05-14 20:39 - 2014-05-14 20:39 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-05-14 20:34 - 2014-05-14 20:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\vlad\Downloads\revosetup.exe
2014-05-14 20:34 - 2014-05-14 20:34 - 00001222 _____ () C:\Users\vlad\Downloads\Revo Uninstaller.lnk
2014-05-14 20:34 - 2014-05-14 20:34 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-14 20:14 - 2014-05-14 20:23 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-14 20:13 - 2014-05-14 20:13 - 10094400 _____ (SurfRight B.V.) C:\Users\vlad\Downloads\HitmanPro.exe
2014-05-14 19:55 - 2014-05-19 13:58 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 19:55 - 2014-05-14 19:55 - 00001060 _____ () C:\Users\vlad\Downloads\Malwarebytes Anti-Malware.lnk
2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-14 19:54 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-14 19:54 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-14 19:54 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-14 19:53 - 2014-05-14 19:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-14 19:47 - 2014-05-14 19:47 - 01016261 _____ (Thisisu) C:\Users\vlad\Downloads\JRT (1).exe
2014-05-14 19:47 - 2014-05-14 19:47 - 00000000 ____D () C:\Windows\ERUNT
2014-05-14 19:46 - 2014-05-14 19:46 - 01016261 _____ (Thisisu) C:\Users\vlad\Downloads\JRT.exe
2014-05-14 19:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-14 19:39 - 2014-05-14 22:44 - 00000000 ____D () C:\AdwCleaner
2014-05-14 19:30 - 2014-05-14 19:30 - 01325827 _____ () C:\Users\vlad\Downloads\adwcleaner_3.208.exe
2014-05-14 19:28 - 2014-05-14 19:28 - 00002102 _____ () C:\sc-cleaner.txt
2014-05-14 19:27 - 2014-05-14 19:27 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\vlad\Downloads\sc-cleaner.exe
2014-05-14 18:30 - 2014-05-17 20:32 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock2Steam
2014-05-14 18:30 - 2014-05-14 18:30 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock2
2014-05-12 19:55 - 2014-05-12 19:55 - 00000216 _____ () C:\Users\vlad\Desktop\The Plan.url
2014-05-11 20:27 - 2014-05-11 20:29 - 00000000 ____D () C:\Program Files\MSR
2014-05-11 20:27 - 2014-05-11 20:27 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\InetStat
2014-05-11 20:26 - 2014-05-11 20:26 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Wise
2014-05-09 23:43 - 2014-05-14 18:25 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock
2014-05-09 23:43 - 2014-05-09 23:48 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock
2014-05-09 23:42 - 2014-05-09 23:43 - 00123394 _____ () C:\Windows\DirectX.log
2014-05-09 20:53 - 2014-05-18 18:30 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock Infinite.url
2014-05-09 20:53 - 2014-05-09 20:53 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock 2.url
2014-05-09 20:52 - 2014-05-09 20:52 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock.url
2014-05-09 20:46 - 2014-05-09 20:46 - 00000216 _____ () C:\Users\vlad\Desktop\POSTAL 2.url
2014-04-28 18:14 - 2014-04-28 18:14 - 00000000 ____D () C:\Users\vlad\AppData\Local\CrashRpt
2014-04-24 13:06 - 2014-04-24 13:06 - 00000216 _____ () C:\Users\vlad\Desktop\Red Orchestra 2 Heroes of Stalingrad - Single Player.url
2014-04-24 13:06 - 2014-04-24 13:06 - 00000215 _____ () C:\Users\vlad\Desktop\Rising StormRed Orchestra 2 Multiplayer.url
2014-04-22 04:48 - 2014-04-22 04:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-22 04:48 - 2014-04-22 04:48 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
==================== One Month Modified Files and Folders =======
2014-05-19 14:20 - 2014-05-19 14:20 - 00012605 _____ () C:\Users\vlad\Desktop\FRST.txt
2014-05-19 14:20 - 2014-05-19 14:20 - 00000000 ____D () C:\FRST
2014-05-19 14:18 - 2014-05-19 14:18 - 01056768 _____ (Farbar) C:\Users\vlad\Desktop\FRST.exe
2014-05-19 14:17 - 2014-05-19 14:16 - 00000470 _____ () C:\Users\vlad\Downloads\defogger_disable.log
2014-05-19 14:16 - 2014-05-19 14:16 - 00000000 _____ () C:\Users\vlad\defogger_reenable
2014-05-19 14:16 - 2013-10-13 12:53 - 00000000 ____D () C:\Users\vlad
2014-05-19 14:15 - 2014-05-19 14:15 - 00050477 _____ () C:\Users\vlad\Downloads\Defogger.exe
2014-05-19 14:15 - 2013-10-14 15:13 - 00001420 _____ () C:\Users\vlad\Desktop\Notizen.txt
2014-05-19 14:08 - 2013-10-14 15:27 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Skype
2014-05-19 14:03 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-19 14:03 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-19 13:58 - 2014-05-14 19:55 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 13:57 - 2013-11-03 11:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-19 13:55 - 2014-03-29 12:54 - 00015485 _____ () C:\Windows\setupact.log
2014-05-19 13:55 - 2013-12-07 16:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-19 13:55 - 2013-10-14 15:32 - 00000000 ____D () C:\Program Files\Steam
2014-05-19 13:55 - 2013-10-13 13:41 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-19 13:55 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-19 13:50 - 2013-10-14 21:11 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Spotify
2014-05-18 22:35 - 2013-10-13 13:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-18 21:24 - 2014-02-22 21:30 - 00000374 _____ () C:\Windows\Tasks\update-sys.job
2014-05-18 20:26 - 2014-02-22 21:30 - 00000374 _____ () C:\Windows\Tasks\update-S-1-5-21-4018679884-465560905-3469409432-1000.job
2014-05-18 19:03 - 2013-10-14 15:43 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\.minecraft
2014-05-18 18:30 - 2014-05-09 20:53 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock Infinite.url
2014-05-17 20:32 - 2014-05-14 18:30 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock2Steam
2014-05-17 16:29 - 2014-05-17 16:29 - 00529265 _____ () C:\Users\vlad\Downloads\epsxe170.zip
2014-05-17 16:20 - 2014-05-17 16:20 - 00000215 _____ () C:\Users\vlad\Desktop\Arma Cold War Assault.url
2014-05-17 12:18 - 2014-05-17 12:18 - 00000000 ____D () C:\Program Files\ESET
2014-05-16 22:51 - 2013-12-02 14:08 - 00000000 ____D () C:\ProgramData\ProductData
2014-05-16 17:07 - 2013-10-14 21:14 - 00000000 ____D () C:\Users\vlad\AppData\Local\Spotify
2014-05-15 20:57 - 2014-05-15 20:57 - 00000216 _____ () C:\Users\vlad\Desktop\BattleBlock Theater.url
2014-05-15 15:01 - 2014-03-29 12:53 - 00012994 _____ () C:\Windows\PFRO.log
2014-05-15 14:32 - 2013-10-13 12:52 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-15 14:09 - 2014-05-15 07:12 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-15 14:07 - 2013-10-14 15:48 - 00000000 ____D () C:\Users\vlad\Desktop\Zeug
2014-05-15 14:00 - 2014-05-15 14:00 - 01141680 _____ () C:\Users\vlad\Downloads\SteamSetup.exe
2014-05-15 13:47 - 2013-12-28 19:17 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 13:47 - 2013-10-13 13:18 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 13:47 - 2013-10-13 13:18 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 07:17 - 2013-10-13 12:26 - 01766109 _____ () C:\Windows\WindowsUpdate.log
2014-05-15 07:16 - 2013-10-14 16:06 - 00002551 _____ () C:\Users\Public\Desktop\Free System Utilities.lnk
2014-05-15 07:11 - 2013-10-13 13:08 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\DRPSu
2014-05-15 06:43 - 2013-10-13 12:55 - 00001435 _____ () C:\Users\vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-15 06:39 - 2013-10-13 13:42 - 00002109 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-14 23:04 - 2014-05-14 23:04 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu (1).exe
2014-05-14 22:44 - 2014-05-14 19:39 - 00000000 ____D () C:\AdwCleaner
2014-05-14 22:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\TAPI
2014-05-14 20:42 - 2014-05-14 20:42 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu.exe
2014-05-14 20:39 - 2014-05-14 20:39 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-05-14 20:34 - 2014-05-14 20:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\vlad\Downloads\revosetup.exe
2014-05-14 20:34 - 2014-05-14 20:34 - 00001222 _____ () C:\Users\vlad\Downloads\Revo Uninstaller.lnk
2014-05-14 20:34 - 2014-05-14 20:34 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-14 20:23 - 2014-05-14 20:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-14 20:13 - 2014-05-14 20:13 - 10094400 _____ (SurfRight B.V.) C:\Users\vlad\Downloads\HitmanPro.exe
2014-05-14 19:55 - 2014-05-14 19:55 - 00001060 _____ () C:\Users\vlad\Downloads\Malwarebytes Anti-Malware.lnk
2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-14 19:53 - 2014-05-14 19:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-14 19:47 - 2014-05-14 19:47 - 01016261 _____ (Thisisu) C:\Users\vlad\Downloads\JRT (1).exe
2014-05-14 19:47 - 2014-05-14 19:47 - 00000000 ____D () C:\Windows\ERUNT
2014-05-14 19:46 - 2014-05-14 19:46 - 01016261 _____ (Thisisu) C:\Users\vlad\Downloads\JRT.exe
2014-05-14 19:30 - 2014-05-14 19:30 - 01325827 _____ () C:\Users\vlad\Downloads\adwcleaner_3.208.exe
2014-05-14 19:28 - 2014-05-14 19:28 - 00002102 _____ () C:\sc-cleaner.txt
2014-05-14 19:27 - 2014-05-14 19:27 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\vlad\Downloads\sc-cleaner.exe
2014-05-14 18:30 - 2014-05-14 18:30 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock2
2014-05-14 18:25 - 2014-05-09 23:43 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock
2014-05-14 13:58 - 2013-11-03 11:40 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 13:58 - 2013-10-13 12:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 21:56 - 2013-10-14 15:39 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\vlc
2014-05-12 19:55 - 2014-05-12 19:55 - 00000216 _____ () C:\Users\vlad\Desktop\The Plan.url
2014-05-12 14:58 - 2013-10-13 12:56 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-12 14:58 - 2013-10-13 12:56 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-11 21:19 - 2013-10-14 23:43 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Hamachi
2014-05-11 20:32 - 2013-12-02 16:31 - 00000000 ____D () C:\Users\vlad\Desktop\ROM's
2014-05-11 20:29 - 2014-05-11 20:27 - 00000000 ____D () C:\Program Files\MSR
2014-05-11 20:27 - 2014-05-11 20:27 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\InetStat
2014-05-11 20:26 - 2014-05-11 20:26 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Wise
2014-05-11 20:09 - 2013-10-13 13:45 - 00000000 ____D () C:\Users\vlad\Desktop\Hintergrundbilder
2014-05-10 12:28 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-09 23:48 - 2014-05-09 23:43 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock
2014-05-09 23:43 - 2014-05-09 23:42 - 00123394 _____ () C:\Windows\DirectX.log
2014-05-09 20:53 - 2014-05-09 20:53 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock 2.url
2014-05-09 20:52 - 2014-05-09 20:52 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock.url
2014-05-09 20:46 - 2014-05-09 20:46 - 00000216 _____ () C:\Users\vlad\Desktop\POSTAL 2.url
2014-05-03 15:08 - 2013-10-14 15:48 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\ftblauncher
2014-05-03 15:08 - 2013-10-14 15:46 - 04588972 _____ () C:\Users\vlad\Desktop\Feed the Beast.exe
2014-05-01 21:13 - 2013-10-14 15:56 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\.technic
2014-05-01 18:23 - 2013-10-22 15:52 - 00000000 ____D () C:\Users\vlad\Desktop\Server
2014-05-01 18:21 - 2013-10-14 15:48 - 02346942 _____ () C:\Users\vlad\Desktop\Tekkit.exe
2014-04-28 18:14 - 2014-04-28 18:14 - 00000000 ____D () C:\Users\vlad\AppData\Local\CrashRpt
2014-04-28 18:13 - 2013-10-14 18:33 - 00000000 ____D () C:\Users\vlad\Documents\My Games
2014-04-25 21:35 - 2013-10-14 15:32 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-04-24 13:06 - 2014-04-24 13:06 - 00000216 _____ () C:\Users\vlad\Desktop\Red Orchestra 2 Heroes of Stalingrad - Single Player.url
2014-04-24 13:06 - 2014-04-24 13:06 - 00000215 _____ () C:\Users\vlad\Desktop\Rising StormRed Orchestra 2 Multiplayer.url
2014-04-22 20:20 - 2013-10-15 20:14 - 00000000 ____D () C:\Riot Games
2014-04-22 04:48 - 2014-04-22 04:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-22 04:48 - 2014-04-22 04:48 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-22 04:48 - 2013-10-13 13:18 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400154447337
2014-04-22 04:48 - 2013-10-13 13:18 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400154447337
2014-04-22 04:48 - 2013-10-13 13:18 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-22 04:48 - 2013-10-13 13:18 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-22 04:48 - 2013-10-13 13:18 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-22 04:48 - 2013-10-13 13:18 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-22 04:48 - 2013-10-13 13:18 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-22 04:48 - 2013-10-13 13:18 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
Some content of TEMP:
====================
C:\Users\vlad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7tahgf.dll
C:\Users\vlad\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2011-07-26 01:49] - [2011-07-26 01:49] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746
C:\Windows\system32\winlogon.exe
[2011-08-15 16:45] - [2011-08-15 16:45] - 0286720 ____A (Microsoft Corporation) 58AACDEE236690C090A86B5A34EC4B77
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe
[2011-07-26 01:46] - [2011-07-26 01:46] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2011-07-26 01:07] - [2011-07-26 01:07] - 0376832 ____A (Microsoft Corporation) FAFD0AE107BF665CB457608831814B0C
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\system32\Drivers\volsnap.sys
[2011-07-26 02:14] - [2011-07-26 02:14] - 0246144 ____A (Microsoft Corporation) C2232C62CD2E44E40CDADD00BBCFE366
LastRegBack: 2014-05-03 13:59
==================== End Of Log ============================ --- --- --- Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-19 14:48:25
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721010DLE630 rev.MS2OA610 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\vlad\AppData\Local\Temp\kxldypob.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xCF226AA0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xCF22757E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xCF2335C8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xCF233614]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xCF2337AE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xCF233536]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0xCF2DD6D2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xCF23357E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xCF227AB4]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThreadEx [0xCF227CD0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xCF233768]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xCF22836C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xCF226B06]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xCF22BB40]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xCF2266F2]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xCF2DD7B2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xCF226B6C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xCF22BF36]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xCF228E54]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xCF2335F2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xCF233636]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xCF2337D2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xCF23355C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xCF22B43A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xCF2336E6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xCF2335A6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xCF22B822]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xCF23378C]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xCF2DD556]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xCF228CC8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0xCF2289D6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xCF226BD2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xCF226C38]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0xCF2DD8AE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xCF22678C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xCF22695E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xCF2268EC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xCF228536]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xCF228698]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xCF2269E6]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0xCF2DD624]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xCF2281C6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xCF226C9E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xCF2275DA]
INT 0x51 ? C40FBA58
INT 0x52 ? C40607D8
INT 0x61 ? C40FB558
INT 0x62 ? C2FA7058
INT 0x72 ? C2FA72D8
INT 0x82 ? C2FA77D8
INT 0x92 ? C2FA7558
INT 0xA2 ? C4060CD8
INT 0xB1 ? C2FA7CD8
INT 0xB2 ? C4060558
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackComplete + 1441 E303FE95 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 E3079522 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB E3080760 4 Bytes [A0, 6A, 22, CF]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 E30807E8 4 Bytes [7E, 75, 22, CF] {JLE 0x77; AND CL, BH}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 E308083C 8 Bytes [C8, 35, 23, CF, 14, 36, 23, ...] {ENTER 0x2335, 0xcf; ADC AL, 0x36; AND ECX, EDI}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 E3080848 4 Bytes [AE, 37, 23, CF] {SCASB ; AAA ; AND ECX, EDI}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF E3080864 4 Bytes [36, 35, 23, CF]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 E323C87F 4 Bytes CALL CF229517 \SystemRoot\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 E32565DD 4 Bytes CALL CF22952D \SystemRoot\system32\drivers\aswSnx.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[492] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[572] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[580] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Windows\system32\services.exe[620] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1552] kernel32.dll!SetUnhandledExceptionFilter 76B7F4EB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1552] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1756] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Windows\Explorer.EXE[1784] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1924] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[1936] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2112] kernel32.dll!SetUnhandledExceptionFilter 76B7F4EB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2112] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[2140] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[2156] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe[2376] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2460] kernel32.dll!GetBinaryTypeW + 70 76B969E4 1 Byte [62]
.text ...
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{0991CE64-33F1-11E3-A25E-806E6F6E6963} 3290915520
Reg HKLM\SOFTWARE\Classes\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32@ %SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}
---- EOF - GMER 2.1 ---- Code:
<?xml version="1.0" encoding="UTF-16"?>
-<mbam-log>
-<header>
<date>2014/05/14 20:06:40 +0200</date>
<log>mbam-log-2014-05-14 (19-56-54).xml</log>
<isadmin>yes</isadmin>
</header>
-<engine>
<version>2.00.1.1004</version>
<rules-database>v2014.05.14.08</rules-database>
<swissarmy-database>v2014.03.27.01</swissarmy-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
-<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x86</arch>
<username>vlad</username>
<filesys>NTFS</filesys>
</system>
-<summary>
<type>threat</type>
<result>completed</result>
<objects>236753</objects>
<time>583</time>
<processes>0</processes>
<modules>0</modules>
<keys>2</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>3</files>
<sectors>0</sectors>
</summary>
-<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<shuriken>enabled</shuriken>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
-<items>
-<key>
<path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path>
<vendor>PUP.Optional.SupTab.A</vendor>
<action>success</action>
<hash>ada30d44295293a3075868bf59a96e92</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\Plus-HD-3.8</path>
<vendor>PUP.Optional.PlusHD.A</vendor>
<action>success</action>
<hash>86cace83166593a361c30c90ea18a759</hash>
</key>
-<file>
<path>C:\$Recycle.Bin\S-1-5-21-4018679884-465560905-3469409432-1000\$R1JS5TN.exe</path>
<vendor>PUP.Optional.OutBrowse</vendor>
<action>success</action>
<hash>ea66aba6d2a9340256fcde9bc73a669a</hash>
</file>
-<file>
<path>C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage</path>
<vendor>PUP.Optional.Superfish.A</vendor>
<action>success</action>
<hash>81cf18392c4fac8a62a4552b847e45bb</hash>
</file>
-<file>
<path>C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Preferences</path>
<vendor>PUP.Optional.V9.A</vendor>
<action>replaced</action>
<baddata> "startup_urls": [ "https://www.google.de/", "hxxp://www.v9.com/?type=hppp&ts=1400067628&from=irs&uid=HitachiXHDS721010DLE630_MSE523RP09LKLH09LKLHX&i=psd&t=342815dbc" ],</baddata>
<gooddata/>
<hash>30203d14e39869cd162ce1945aaa8a76</hash>
</file>
</items>
</mbam-log> |