Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   CPU Auslastung 99% (https://www.trojaner-board.de/166667-cpu-auslastung-99-a.html)

notfloppy 04.05.2015 18:55
CPU Auslastung 99%
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo Leute!

Erstmal schon im vorhinein Danke dass man sich die Zeit nimmt mir zu helfen.

Nun zu meinem Anliegen:
Bin heute durch Zufall auf den taskmanager gekommen und habe entsetzt festgestellt dass bei mir eine CPU Auslastung von 99% besteht. Habe natürlich sofort kontrolliert welcher Prozess der Übeltäter ist. Nur wird mir im Fenster Prozesse eine Auslastung von ~70% angezeigt. Wovon etwa die Hälfte auf den taskmanager selber entfallen

Da ich leider gestern durch Zufall auf eine etwas zwielichtigere Seite geraten bin dachte ich natürlich sofort an irgendein Schadprogramm und hab das System scannen lassen. Jedoch ergebnislos.

Da ich nun mit meinem Latein am Ende war hab ich begonnen etwas im Internet zu recherchieren. Dabei bin ich auf dieses Forum gestoßen, wo andere User ähnliche Probleme zu berichten hatten.

Diesen Usern wurde meist als erstes geraten den Process Explorer zu installieren. Gemacht getan. Jedoch zeigt dieser überhaupt nichts an was nicht normal wäre. Damit meine ich allen voran eine CPU-Usage die im grünen Bereich liegt. (Screenshot angefügt)

Bin jetzt relativ unschlüssig welchen Angaben ich trauen kann, und was ich jetzt tun kann/soll?

Würde mich freuen wenn man mir auf die Sprünge helfen kann!


Jetzt noch ein paar Systemangaben:
  • Windows 8.0 64 Bit
  • Intel i5-4200U 1,6
  • 8GB RAM
  • Avira

Warlord711 04.05.2015 19:45
Fakt ist, der Taskmanager von Windows selbst war schon immer Käse, der von Win 8 ist schon "etwas" besser aber immer noch funktionsarm.

Um deinen Rechner zu prüfen bitte folgendes:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


notfloppy 04.05.2015 20:17
Liste der Anhänge anzeigen (Anzahl: 1)
Danke für die rasche Antwort!

Habe beides hier mal angehängt:

Warlord711 04.05.2015 21:26
Ach mein Fehler:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Cursor zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307


Bitte alle Logs etc. immer in # [CODE]xxx[/CODE] posten. Kannst du das grad noch machen ?

notfloppy 04.05.2015 22:10
FRST



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by xyz (administrator) on xyz20 on 04-05-2015 21:13:16
Running from C:\Users\Sim\Downloads
Loaded Profiles: xyz &  (Available profiles: xyz)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Pokki) C:\Users\Sim\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016432 2013-03-07] (Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-10-07] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] (Atheros Communications)
HKU\S-1-5-21-945060312-3283971298-776109054-1002\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-945060312-3283971298-776109054-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-28] (Electronic Arts)
HKU\S-1-5-21-945060312-3283971298-776109054-1002\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2013-09-30] ()
HKU\S-1-5-21-945060312-3283971298-776109054-1002\...\Run: [Power2GoExpress8] => [X]
HKU\S-1-5-21-945060312-3283971298-776109054-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-945060312-3283971298-776109054-1002\...\RunOnce: [Application Restart #3] => C:\Users\Sim\AppData\Local\Pokki\Engine\pokki.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-ph (the data entry has 536 more characters).
HKU\S-1-5-21-945060312-3283971298-776109054-1002\...\RunOnce: [Application Restart #2] => C:\Users\Sim\AppData\Local\Pokki\Engine\HostAppService.exe [7851848 2015-04-14] (Pokki)
HKU\S-1-5-21-945060312-3283971298-776109054-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-945060312-3283971298-776109054-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-28] (Electronic Arts)
HKU\S-1-5-21-945060312-3283971298-776109054-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2013-09-30] ()
HKU\S-1-5-21-945060312-3283971298-776109054-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Power2GoExpress8] => [X]
HKU\S-1-5-21-945060312-3283971298-776109054-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-945060312-3283971298-776109054-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #3] => C:\Users\Sim\AppData\Local\Pokki\Engine\pokki.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-ph (the data entry has 536 more characters).
HKU\S-1-5-21-945060312-3283971298-776109054-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #2] => C:\Users\Sim\AppData\Local\Pokki\Engine\HostAppService.exe [7851848 2015-04-14] (Pokki)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-04-09] (NVIDIA Corporation)
AppInit_DLLs-x32: :\windows\syswow64\nvinit.dll => ":\windows\syswow64\nvinit.dll" File Not Found
AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-04-09] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-945060312-3283971298-776109054-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKU\S-1-5-21-945060312-3283971298-776109054-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-945060312-3283971298-776109054-1002 -> DefaultScope {265D709C-7E90-4D31-8C07-577E52E333DC} URL =
SearchScopes: HKU\S-1-5-21-945060312-3283971298-776109054-1002 -> {265D709C-7E90-4D31-8C07-577E52E333DC} URL =
SearchScopes: HKU\S-1-5-21-945060312-3283971298-776109054-1002 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-945060312-3283971298-776109054-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {265D709C-7E90-4D31-8C07-577E52E333DC} URL =
SearchScopes: HKU\S-1-5-21-945060312-3283971298-776109054-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {265D709C-7E90-4D31-8C07-577E52E333DC} URL =
SearchScopes: HKU\S-1-5-21-945060312-3283971298-776109054-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://at.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-02-28] (Qualcomm Atheros Commnucations)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-12] (Microsoft Corporation.)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-12] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12] (Microsoft Corporation.)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll [2014-04-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll [2014-04-04] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-03-06] ()

Chrome:
=======
CHR HomePage: Profile 1 -> https://www.facebook.com/AwkwardGymMomentsPage?fref=nf
CHR StartupUrls: Profile 1 -> "https://www.facebook.com/"
CHR Profile: C:\Users\Sim\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Sim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-24]
CHR Extension: (Google Drive) - C:\Users\Sim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-24]
CHR Extension: (YouTube) - C:\Users\Sim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-24]
CHR Extension: (Google Search) - C:\Users\Sim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-24]
CHR Extension: (BetaFish Adblocker) - C:\Users\Sim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-15]
CHR Extension: (Hola Better Internet) - C:\Users\Sim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-07-19]
CHR Extension: (Bookmark Manager) - C:\Users\Sim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\Sim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-24]
CHR Extension: (Gmail) - C:\Users\Sim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [93408 2015-03-17] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-04] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-26] ()
S3 Survarium-Steam Update Service; C:\Program Files (x86)\Steam\steamapps\common\Survarium\game\binaries\x86\survarium_service.exe [97912 2015-04-29] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-04] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation)
R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-07] (Synaptics Incorporated)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-04 21:13 - 2015-05-04 21:13 - 00023635 _____ () C:\Users\Sim\Downloads\FRST.txt
2015-05-04 21:12 - 2015-05-04 21:13 - 00000000 ____D () C:\FRST
2015-05-04 21:12 - 2015-05-04 21:12 - 02101248 _____ (Farbar) C:\Users\Sim\Downloads\FRST64.exe
2015-05-04 19:32 - 2015-05-04 19:32 - 01125626 _____ () C:\Users\Sim\Downloads\ProcessExplorer_16.5.zip
2015-05-04 19:31 - 2015-05-04 19:31 - 01203488 _____ () C:\Users\Sim\Downloads\Process Explorer - CHIP-Installer.exe
2015-05-04 19:18 - 2015-05-04 19:18 - 00007608 _____ () C:\Users\Sim\AppData\Local\Resmon.ResmonCfg
2015-05-04 18:58 - 2015-05-04 19:01 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-05-04 18:58 - 2015-05-04 18:58 - 02931056 _____ () C:\Users\Sim\Downloads\SecurityTaskManager_Setup.exe
2015-05-04 18:58 - 2015-05-04 18:58 - 00001162 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-05-04 18:58 - 2015-05-04 18:58 - 00001151 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-05-04 18:58 - 2015-05-04 18:58 - 00001139 _____ () C:\Users\Public\Desktop\Security Task Manager.lnk
2015-05-04 18:58 - 2015-05-04 18:58 - 00000000 ____D () C:\Users\Sim\AppData\Local\SecTaskMan
2015-05-04 18:58 - 2015-05-04 18:58 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2015-05-04 02:09 - 2015-05-04 02:09 - 00000828 _____ () C:\Users\Sim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-05-04 02:09 - 2015-05-04 02:09 - 00000780 _____ () C:\Users\Sim\Desktop\Tor.lnk
2015-05-04 02:09 - 2015-05-04 02:09 - 00000000 ____D () C:\Users\Sim\Desktop\Tor Browser
2015-05-04 02:07 - 2015-05-04 02:08 - 36211392 _____ () C:\Users\Sim\Downloads\torbrowser-install-4.5_de.exe
2015-04-26 17:42 - 2015-04-26 17:42 - 00001268 _____ () C:\Users\Sim\Desktop\Revo Uninstaller.lnk
2015-04-26 17:42 - 2015-04-26 17:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-26 17:41 - 2015-04-26 17:42 - 01203488 _____ () C:\Users\Sim\Downloads\Revo Uninstaller - CHIP-Installer.exe
2015-04-26 17:38 - 2015-05-04 19:08 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-26 17:38 - 2015-04-26 17:38 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-26 17:38 - 2015-04-26 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-26 17:38 - 2015-04-26 17:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-26 17:38 - 2015-04-26 17:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-26 17:38 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-26 17:38 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-26 17:38 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-26 17:36 - 2015-04-26 17:36 - 01203488 _____ () C:\Users\Sim\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-04-26 15:23 - 2015-04-26 15:23 - 02071768 _____ () C:\Users\Sim\Downloads\AdAware116WebInstaller.exe
2015-04-25 17:21 - 2015-04-25 17:21 - 00880208 _____ (Google Inc.) C:\Users\Sim\Downloads\GoogleEarthSetup (1).exe
2015-04-23 21:07 - 2015-04-23 21:07 - 00000000 ____D () C:\Windows\SysWOW64\NV
2015-04-23 21:07 - 2015-04-23 21:07 - 00000000 ____D () C:\Windows\system32\NV
2015-04-23 21:06 - 2015-04-08 23:30 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-23 21:06 - 2015-04-08 23:30 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-23 21:06 - 2015-04-08 23:30 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-23 21:06 - 2015-04-08 23:30 - 01047696 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-04-23 21:06 - 2015-04-08 23:30 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-23 21:06 - 2015-04-08 23:30 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-23 21:06 - 2015-04-08 23:30 - 00075080 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-04-23 21:06 - 2015-04-08 23:30 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-23 21:06 - 2015-04-08 19:52 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-23 20:59 - 2015-04-09 02:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-23 20:59 - 2015-04-09 02:58 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-04-23 20:59 - 2015-04-09 02:58 - 00029329 _____ () C:\Windows\system32\nvinfo.pb
2015-04-23 20:47 - 2014-11-22 12:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-04-23 20:47 - 2014-11-22 12:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-04-19 22:13 - 2015-04-19 22:18 - 00089709 _____ () C:\Users\Sim\Documents\Das Angebot der Versicherungen.pptx
2015-04-16 15:14 - 2015-04-16 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Survarium-Steam
2015-04-16 15:08 - 2015-05-03 23:21 - 00000000 ____D () C:\Users\Sim\Documents\Survarium-Steam
2015-04-16 14:00 - 2015-04-16 16:12 - 00000222 _____ () C:\Users\Sim\Desktop\Survarium.url
2015-04-15 09:42 - 2015-03-23 07:19 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 09:42 - 2015-03-23 07:17 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 09:42 - 2015-03-23 07:17 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 09:42 - 2015-03-23 07:17 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 09:42 - 2015-03-23 07:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 09:42 - 2015-03-23 07:17 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 09:42 - 2015-03-23 00:04 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 09:35 - 2015-03-17 09:00 - 06971712 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 09:35 - 2015-03-17 08:52 - 01822696 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 09:35 - 2015-03-17 06:45 - 01409496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 09:35 - 2015-03-10 07:28 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 09:35 - 2015-03-10 07:28 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 09:35 - 2015-03-10 07:28 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 09:35 - 2015-03-10 07:27 - 19292672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 09:35 - 2015-03-10 07:27 - 15409152 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 09:35 - 2015-03-10 07:27 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 09:35 - 2015-03-10 07:27 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-15 09:35 - 2015-03-10 07:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 09:35 - 2015-03-10 07:27 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 09:35 - 2015-03-10 05:49 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 09:35 - 2015-03-10 05:49 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 09:35 - 2015-03-10 05:49 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 09:35 - 2015-03-10 05:49 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 09:35 - 2015-03-10 05:49 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-15 09:35 - 2015-03-10 05:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 09:35 - 2015-03-10 05:49 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 09:35 - 2015-03-10 05:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 09:35 - 2015-03-10 05:48 - 13767680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 09:34 - 2015-02-24 09:58 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 09:29 - 2015-03-14 10:07 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-15 09:29 - 2015-03-14 08:33 - 00891904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-15 09:20 - 2015-03-04 09:29 - 00361280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-15 09:20 - 2015-03-04 08:39 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 09:20 - 2015-03-04 06:52 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-11 23:59 - 2015-04-12 00:03 - 94188634 _____ () C:\Users\Sim\Downloads\Vitebsk.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-04 21:10 - 2013-09-30 16:24 - 01217882 _____ () C:\Windows\WindowsUpdate.log
2015-05-04 21:07 - 2014-02-20 14:31 - 00000000 ____D () C:\Users\Sim\AppData\Local\Pokki
2015-05-04 21:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2015-05-04 19:58 - 2014-02-21 00:52 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-945060312-3283971298-776109054-1002
2015-05-04 19:56 - 2014-02-20 14:46 - 00000000 ____D () C:\Users\Sim\AppData\Local\Deployment
2015-05-04 19:54 - 2015-01-15 18:39 - 00080896 ___SH () C:\Users\Sim\Desktop\Thumbs.db
2015-05-04 19:24 - 2014-04-04 15:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-04 19:24 - 2014-02-20 14:47 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-04 19:12 - 2013-10-01 02:07 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2015-05-04 19:12 - 2013-10-01 02:07 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2015-05-04 19:12 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-04 19:08 - 2014-12-06 17:17 - 00000000 ____D () C:\Users\Sim\AppData\Roaming\Skype
2015-05-04 19:08 - 2014-02-20 17:46 - 00000000 ____D () C:\ProgramData\Origin
2015-05-04 19:06 - 2014-02-20 14:47 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-04 19:05 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-04 19:05 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-04 19:04 - 2014-02-20 14:31 - 00000000 ____D () C:\Users\Sim
2015-05-03 23:03 - 2014-02-20 19:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-02 15:24 - 2014-02-20 14:48 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-30 08:04 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2015-04-27 17:29 - 2013-08-02 16:50 - 00348150 _____ () C:\Windows\PFRO.log
2015-04-26 17:57 - 2014-02-20 14:47 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-23 21:07 - 2013-09-30 16:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-23 21:06 - 2013-09-30 16:35 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-23 21:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\Help
2015-04-23 21:05 - 2013-09-30 16:35 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-23 20:47 - 2012-07-26 09:21 - 02732717 _____ () C:\Windows\setupact.log
2015-04-20 11:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AppCompat
2015-04-18 12:34 - 2014-12-13 16:03 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-18 12:34 - 2014-07-18 23:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 14:44 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-16 14:00 - 2014-02-20 23:16 - 00000000 ____D () C:\Users\Sim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-15 10:31 - 2014-03-06 09:31 - 00000000 ____D () C:\Users\Sim\Documents\Schule
2015-04-15 10:06 - 2014-11-23 17:20 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 10:06 - 2014-11-23 17:20 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 09:58 - 2014-02-21 19:39 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 09:54 - 2014-02-21 19:39 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 09:53 - 2014-02-20 16:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-14 00:07 - 2014-04-15 15:54 - 00791520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 00:07 - 2014-04-15 15:54 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-10 10:37 - 2014-04-21 22:09 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 10:37 - 2014-04-21 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-10 10:37 - 2014-04-21 22:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-09 11:44 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-07 21:45 - 2014-04-21 22:15 - 00000000 ____D () C:\Users\Sim\AppData\Roaming\Avira
2015-04-07 21:44 - 2014-04-21 22:09 - 00000000 ____D () C:\ProgramData\Avira

==================== Files in the root of some directories =======

2015-02-24 00:20 - 2015-02-24 00:20 - 0002602 _____ () C:\Users\Sim\AppData\Local\recently-used.xbel
2015-05-04 19:18 - 2015-05-04 19:18 - 0007608 _____ () C:\Users\Sim\AppData\Local\Resmon.ResmonCfg
2013-09-30 16:53 - 2013-09-30 16:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Sim\AppData\Local\Temp\AutoRun.exe
C:\Users\Sim\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Sim\AppData\Local\Temp\avgnt.exe
C:\Users\Sim\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Sim\AppData\Local\Temp\Intel_Technology_Access_Software.exe
C:\Users\Sim\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Sim\AppData\Local\Temp\lowproc.exe
C:\Users\Sim\AppData\Local\Temp\oct4CDF.tmp.exe
C:\Users\Sim\AppData\Local\Temp\oct8175.tmp.exe
C:\Users\Sim\AppData\Local\Temp\oct8471.tmp.exe
C:\Users\Sim\AppData\Local\Temp\oct858D.tmp.exe
C:\Users\Sim\AppData\Local\Temp\oct8842.tmp.exe
C:\Users\Sim\AppData\Local\Temp\oct9869.tmp.exe
C:\Users\Sim\AppData\Local\Temp\octA465.tmp.exe
C:\Users\Sim\AppData\Local\Temp\octA80C.tmp.exe
C:\Users\Sim\AppData\Local\Temp\octBD64.tmp.exe
C:\Users\Sim\AppData\Local\Temp\octC1E5.tmp.exe
C:\Users\Sim\AppData\Local\Temp\octC3D.tmp.exe
C:\Users\Sim\AppData\Local\Temp\octDB35.tmp.exe
C:\Users\Sim\AppData\Local\Temp\octEAC7.tmp.exe
C:\Users\Sim\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sim\AppData\Local\Temp\SRLDetectionLibrary3053168005904237360.dll
C:\Users\Sim\AppData\Local\Temp\stubhelper.dll
C:\Users\Sim\AppData\Local\Temp\tmp1A45.tmp.exe
C:\Users\Sim\AppData\Local\Temp\tmp640E.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-01 14:21

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

[/CODE]


Add


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by xyz at 2015-05-04 21:14:10
Running from C:\Users\Sim\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-945060312-3283971298-776109054-500 - Administrator - Disabled)
Gast (S-1-5-21-945060312-3283971298-776109054-501 - Limited - Disabled)
xyz (S-1-5-21-945060312-3283971298-776109054-1002 - Administrator - Enabled) => C:\Users\Sim

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Games (HKU\S-1-5-21-945060312-3283971298-776109054-1002\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.7.42206 - Pokki)
Acer Games (HKU\S-1-5-21-945060312-3283971298-776109054-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.7.42206 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
ArmA 2 Free Uninstall (HKLM-x32\...\ArmA 2) (Version:  - )
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Battlefield™ Hardline Beta (HKLM-x32\...\{599276A7-F45D-40B1-A0B6-CF132A1CAD49}) (Version: 1.0.0.5 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BattlEye (A2Free) Uninstall (HKLM-x32\...\BattlEye A2 Free) (Version:  - )
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
BitComet 1.37 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.37 - CometNetwork)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Free YouTube to MP3 Converter version 3.12.27.225 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.27.225 - DVDVideoSoft Ltd.)
FUSSBALL MANAGER 12 (HKLM-x32\...\FUSSBALL MANAGER 12) (Version: 1.0.0.0 - Electronic Arts)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Goodgame Big Farm (HKU\S-1-5-21-945060312-3283971298-776109054-1002\...\Pokki_146973192f4e3d4ad8e10238e5e444db3822111b) (Version: v1.0.5 - Pokki)
Goodgame Big Farm (HKU\S-1-5-21-945060312-3283971298-776109054-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki_146973192f4e3d4ad8e10238e5e444db3822111b) (Version: v1.0.5 - Pokki)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
Host App Service (HKU\S-1-5-21-945060312-3283971298-776109054-1002\...\Pokki) (Version: 0.269.7.611 - Pokki)
Host App Service (HKU\S-1-5-21-945060312-3283971298-776109054-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki) (Version: 0.269.7.611 - Pokki)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3165 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Technology Access (HKLM-x32\...\{efc54997-dfa9-44b1-afac-3a7ac4f45730}) (Version: 1.3.6.1042 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
JFK Reloaded 1.1 (HKLM-x32\...\JFK Reloaded) (Version: 1.1 - JFK Reloaded)
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MegaTrainer eXperience V1.2.6.8 (HKLM-x32\...\MegaTrainer eXperience_is1) (Version:  - )
Men of War: Assault Squad 2 (HKLM-x32\...\Steam App 244450) (Version:  - Digitalmindsoft)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) Hidden
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-945060312-3283971298-776109054-1002\...\Pokki_Start_Menu) (Version: 0.269.7.611 - Pokki)
Pokki Start Menu (HKU\S-1-5-21-945060312-3283971298-776109054-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki_Start_Menu) (Version: 0.269.7.611 - Pokki)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.43 - Qualcomm Atheros)
R.U.S.E (HKLM-x32\...\Steam App 21970) (Version:  - Eugen Systems)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
Security Task Manager 2.0d (HKLM-x32\...\Security Task Manager) (Version: 2.0d - Neuber Software)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SimCity 4 Deluxe (HKLM-x32\...\{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}) (Version:  - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 8.1.0.17 - WildTangent, Inc.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stranded Deep (HKLM-x32\...\Steam App 313120) (Version:  - Beam Team Games)
Survarium (HKLM-x32\...\Steam App 355840) (Version:  - Vostok Games)
Survarium-Steam (HKLM-x32\...\{A3D9343D-77CD-4bf4-A47A-F87B3BE985B4}_is1) (Version: 0.28b - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.31 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{705216C1-BA52-4B16-AFE4-4143B340D62D}) (Version: 6.0.12.6 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts)
Tropico 5 (HKU\S-1-5-21-945060312-3283971298-776109054-1002\...\Tropico5) (Version: 1.08 - Kalypso Media)
Tropico 5 (HKU\S-1-5-21-945060312-3283971298-776109054-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Tropico5) (Version: 1.08 - Kalypso Media)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VirtualDJ Home FREE (HKLM-x32\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.2 - WildTangent) Hidden
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

23-04-2015 21:07:27 NVIDIA PhysX wird entfernt
25-04-2015 15:12:13 Removed Google Earth
26-04-2015 17:46:38 Revo Uninstaller's restore point - Google Earth

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2DB3C9BE-9D90-4304-BCCF-0D63D4A133F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-20] (Google Inc.)
Task: {4DA9DDB2-922F-4ED0-97D2-37D7743216F1} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {708B950F-0A27-40F5-A7BA-90DF697D3C1C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {727B6C20-2DA5-4322-8DD8-C72A5080B09A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-04] (Adobe Systems Incorporated)
Task: {819C0E6B-C399-4A1D-91F4-837AC730F658} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {81B05E40-5C58-45C1-9111-24056E87EDA1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-20] (Google Inc.)
Task: {90736AF9-DC4B-49D1-A790-658BC3FA5764} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {9B63BCE4-6563-4B06-8E62-CC1BDCCB638B} - System32\Tasks\{6456124D-018C-429D-9C45-3D2F638061A2} => pcalua.exe -a C:\Users\Sim\Downloads\fm12_datensatz_deutschland.exe -d C:\Users\Sim\Downloads
Task: {A4B456F7-F527-423D-89FD-08DEDEE54244} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {AC8DD519-7334-447E-BED6-A595E16A00E0} - System32\Tasks\{C44DCB10-18F8-4216-9B89-2DF2A01F9075} => pcalua.exe -a C:\Users\Sim\Downloads\fm12_datensatz_austria.exe -d C:\Users\Sim\Downloads
Task: {D727F8AA-67AA-401F-B38A-7B6A6D4AAAE8} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-04-26] (Acer Incorporate)
Task: {E5A44E6C-ED8F-46DC-B30F-0BD9D140CC0A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {F500E436-3A64-4C44-BE85-8D7A18B94516} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-04-23 20:59 - 2015-04-09 02:58 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-04-23 21:06 - 2015-04-08 23:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-17 14:43 - 2015-03-17 14:43 - 00087552 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2015-02-08 12:20 - 2015-02-08 12:20 - 01793248 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\cpprest120_1_4.dll
2015-03-17 15:15 - 2015-03-17 15:15 - 00355040 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
2014-07-30 22:04 - 2014-08-26 16:58 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-02-28 18:05 - 2013-02-28 18:05 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-02-28 18:02 - 2013-02-28 18:02 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-02-28 18:06 - 2013-02-28 18:06 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2013-09-30 16:59 - 2013-09-30 16:59 - 01193176 _____ () C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
2015-04-23 20:48 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-07-18 12:37 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-04-23 20:59 - 2015-04-09 02:58 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-09-30 16:29 - 2013-03-20 09:47 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-09-30 17:11 - 2013-02-20 22:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-05-02 15:24 - 2015-04-28 04:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-05-02 15:24 - 2015-04-28 04:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Sim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news-1751121550
AlternateDataStreams: C:\Users\Sim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages-431041656
AlternateDataStreams: C:\Users\Sim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-250898981
AlternateDataStreams: C:\Users\Sim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-215113587

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-945060312-3283971298-776109054-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Sim\Pictures\rdr-desert.png
HKU\S-1-5-21-945060312-3283971298-776109054-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Sim\Pictures\rdr-desert.png
DNS Servers: 217.16.112.21 - 217.16.112.22

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0B126A4D-141F-437B-8389-F0EDFF950381}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{943CB904-1369-4F49-B49B-6A97A0FE898A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{3C892728-D5D2-47C4-922F-9281532775F5}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{A2359000-C880-444C-948B-DC98D608FC17}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{6305B91E-3774-482B-B6D9-A6372410AFC5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{09B7A506-DAAF-4DA7-9144-CCABF0FDBA99}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E77B0EEE-700F-4382-A139-8AC0829CBD26}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{8D97D518-2FEB-4F61-96EA-623106C9FA87}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{9507C182-E0BA-47F8-9E66-C62AFD7149F5}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{642C2D30-3581-4C8B-A4CC-7842EA55AB37}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{87F4B691-9188-4013-86E8-AFDE94D6713D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{C2206555-5764-49AA-A461-1B579CE1A488}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{C910D424-9E6A-43D1-8FC5-655C070A974A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{4D81A8B8-E37E-4A02-BFE4-0BACCF4FE02F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{3497A89A-DBEB-4501-8753-7DC7919B4A4D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{8514DE52-2ACA-4079-AADA-18A8EDB10424}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{9F4F8212-04BB-4DCA-9655-0ACD65CCF570}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{7E67E3EE-B24E-4277-9442-691DE5643718}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{0CAFC4E5-6AD7-46CF-941E-D2CE2A5C4CE7}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{E6EC1408-431C-4511-88DF-CD05992F78A0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{73E3B68E-7E5A-477E-BD56-E92F5E54C2DC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{E6858E3E-A6E7-4D5F-BB73-4D09E6D8911F}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{40BD8FC9-953F-4CB8-8F8B-239D986F54B5}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{C470AB3A-604E-456E-94EA-607048F55619}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{B376537B-64B5-4986-9020-1E5B6375CB7F}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{C5C24A13-C326-435F-94CA-49D26A65E6FB}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{EBC7CFA2-F4E4-4944-AFAC-D04B3C8FB05D}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{B7C64A29-AFB9-4B1F-B915-AD3E34AA6D76}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{E35B7E35-7E1C-4362-B7C3-A79A7CCA1901}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{4F25C6A2-76C3-4278-BDC2-C9E96DD7D746}] => (Allow) C:\Program Files (x86)\Bohemia Interactive\ArmA 2 Free\arma2free.exe
FirewallRules: [{5153A7A9-3524-41A6-BA69-FCD94E4C71F9}] => (Allow) C:\Program Files (x86)\Bohemia Interactive\ArmA 2 Free\arma2free.exe
FirewallRules: [{9BE3A22A-F9BE-4D76-876F-0C3DEB4EEEE0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{38A19A42-69D3-4582-8E03-81D67E4DE29B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{92716416-D897-40FA-91D1-80902013341C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{63BE5186-5CCE-4C4F-B0D2-2ED627C3DF58}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{1890B3F4-F5CC-49C6-B57F-590DEDEE8A20}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{51A0B00D-4E60-46E6-8674-C4198C4C4CEA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A109A818-B81D-4402-9868-B745621A438F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2269C446-35FE-4FF7-B7D4-3D936E70E609}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{561440F9-7EDF-4BEF-9FBC-8CC9125C8847}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3B4ED63C-E955-4041-AF93-A698052C5525}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{96139EA3-206B-4926-A9FE-2E143F185102}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{E597EDFE-28B0-496A-8D2B-0CB5BC67B6B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{1ECF50A9-75BF-4327-8220-F840C2EDB66D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\State of Decay\StateOfDecay.exe
FirewallRules: [{3E20DDB2-7B85-47BC-9BCF-4E68A41067EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\State of Decay\StateOfDecay.exe
FirewallRules: [{054E1704-5B9D-44E8-AC32-DEBC19B8926C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\R.U.S.E\Ruse.exe
FirewallRules: [{4BFA6AD2-BC2E-40D3-A007-1A4E31AA0D35}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\R.U.S.E\Ruse.exe
FirewallRules: [{BB30C408-17E2-4CAC-A2C1-A4424E6D0AD5}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{535A58F4-73AE-4352-96CE-1D7597F7976B}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{1D896B95-EE15-4843-AE42-13CDACCFBBC8}] => (Allow) C:\Program Files (x86)\Origin Games\BFH Beta\bfh.exe
FirewallRules: [{1ACA8AE3-7DFA-45A0-A7A1-F894EDCC383C}] => (Allow) C:\Program Files (x86)\Origin Games\BFH Beta\bfh.exe
FirewallRules: [TCP Query User{6DD8C724-EC4D-470D-A9A4-4F283F9F32FE}C:\users\sim\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sim\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{086BE684-EE7B-4293-B53A-EBC07A38E77C}C:\users\sim\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sim\appdata\roaming\spotify\spotify.exe
FirewallRules: [{969F2F0E-B5C8-4919-B48E-756823C8B22F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{FB0F0E88-B894-4447-B91C-377A0C9F5936}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{095DC8F2-3274-44AF-841C-0C39D61D7897}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C4FAFEEB-33A2-4784-8040-1B3AE537A9E6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9ABE06EA-28A6-421B-AFC1-354E105377A0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1B11AEF6-22CD-4B10-B76A-3205E4AA71F7}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{63BBEBB3-3FF0-4392-9442-1FA51F929D75}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{5FC02FBC-2339-4103-A6B8-3185854A4E7E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0323C5A7-B62F-4382-814F-E04F724F6B55}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{2485621C-0C7E-4BC1-B0CC-B0251534D55E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{7EBAFCF9-AF07-41B3-9CB5-BEFDB19AB7B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{4C9E0B41-0873-49E2-876C-764066D5E933}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{190F7A33-4B66-436C-BB60-76B4BD96390D}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{9D16E7E9-9A97-426B-AA4B-F99B375E827C}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{E8B07B63-C40B-42F8-AC05-C367DCB24207}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{2A8BD44F-7A3D-4E67-9B48-DD3C7F0A129B}C:\program files (x86)\steam\steamapps\common\r.u.s.e\uplaybrowser\uplaybrowser.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\r.u.s.e\uplaybrowser\uplaybrowser.exe
FirewallRules: [UDP Query User{62C66E51-353A-4498-ACF3-893CE8A4EB2C}C:\program files (x86)\steam\steamapps\common\r.u.s.e\uplaybrowser\uplaybrowser.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\r.u.s.e\uplaybrowser\uplaybrowser.exe
FirewallRules: [{892A0395-CE33-4925-98A3-7DA4C052CB7F}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{4A2FD771-2408-45D9-B83D-1478DEECE8E5}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{457A572C-68C9-481A-AA5E-0784DC751A3B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{4CDA6E0A-DF64-45AD-BF4F-D948E0BB5A61}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{CB1F31B1-F025-48BF-9B16-E7538CA9D9B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOpsMP.exe
FirewallRules: [{06D757DC-F17A-4078-9D93-D3CD0571DAA2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOpsMP.exe
FirewallRules: [TCP Query User{6102C5DF-845F-4A6B-A884-9CE9120F4120}C:\games\counter-strike\hl.exe] => (Block) C:\games\counter-strike\hl.exe
FirewallRules: [UDP Query User{5688FE3B-E7C9-4B26-87B2-046406B27330}C:\games\counter-strike\hl.exe] => (Block) C:\games\counter-strike\hl.exe
FirewallRules: [TCP Query User{13029CD6-AE15-4441-B2D3-F17C9EAA6D09}C:\games\counter-strike\hltv.exe] => (Allow) C:\games\counter-strike\hltv.exe
FirewallRules: [UDP Query User{55CF087D-42C3-46F0-B44F-29763FBFDEF2}C:\games\counter-strike\hltv.exe] => (Allow) C:\games\counter-strike\hltv.exe
FirewallRules: [TCP Query User{6AEE6ED8-E16D-46A2-B25E-49D56608ABEE}C:\games\counter-strike\hlds.exe] => (Allow) C:\games\counter-strike\hlds.exe
FirewallRules: [UDP Query User{9514DB18-A51E-4C70-A188-1E5284A92F3A}C:\games\counter-strike\hlds.exe] => (Allow) C:\games\counter-strike\hlds.exe
FirewallRules: [TCP Query User{C358B2E8-0D91-48B4-AD7E-DCA304FFD80D}C:\games\counter-strike\hl.exe] => (Allow) C:\games\counter-strike\hl.exe
FirewallRules: [UDP Query User{993B6BF6-1593-4903-A96A-021A51264C57}C:\games\counter-strike\hl.exe] => (Allow) C:\games\counter-strike\hl.exe
FirewallRules: [{8942B2FB-940A-4F4B-A228-A4B5B7D2DCA8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Men of War Assault Squad 2\mowas_2.exe
FirewallRules: [{6D45DBA6-B896-4319-B1D0-CCFBAF6380E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Men of War Assault Squad 2\mowas_2.exe
FirewallRules: [{4A309CA0-06D9-4D68-993C-2ED542237575}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Men of War Assault Squad 2\mowas_2_ed.exe
FirewallRules: [{B230BFE2-C43F-4EA4-AFFB-0DD42A95DC88}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Men of War Assault Squad 2\mowas_2_ed.exe
FirewallRules: [{FA80CF91-2049-43C1-9FF6-AA817B425EF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\temp\survarium_launcher.exe
FirewallRules: [{18240A1A-8859-4CD9-8C8F-81B5810FA7BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{D05B9CA8-703D-4765-9747-B3A404C38D9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{2A631A35-366B-4531-8F2E-31CC598A70BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{AF0FCCB8-DD82-4962-A233-231863F25B05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{44F49D24-D748-4511-8DEE-89BACF851C79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\game\binaries\x86\survarium.exe
FirewallRules: [{909D67AE-1138-410A-8345-D85861367396}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\game\binaries\x86\survarium.exe
FirewallRules: [TCP Query User{8E54C752-9699-418E-A86B-730DC824C27B}C:\program files (x86)\steam\steamapps\common\survarium\game\binaries\x86\survarium.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\survarium\game\binaries\x86\survarium.exe
FirewallRules: [UDP Query User{957167C3-F38D-4D74-B2C7-76DCFCD949BA}C:\program files (x86)\steam\steamapps\common\survarium\game\binaries\x86\survarium.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\survarium\game\binaries\x86\survarium.exe
FirewallRules: [{D6A1BF2D-B0F4-46C5-A65C-D138DC1F23F5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/04/2015 07:04:40 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (05/04/2015 04:42:58 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (05/04/2015 02:14:18 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (05/04/2015 02:03:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/04/2015 01:18:48 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (05/04/2015 03:08:44 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (05/03/2015 11:01:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Stranded_Deep_x64.exe, Version: 4.6.4.63619, Zeitstempel: 0x55115341
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.17313, Zeitstempel: 0x5507a832
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000001019
ID des fehlerhaften Prozesses: 0x113c
Startzeit der fehlerhaften Anwendung: 0xStranded_Deep_x64.exe0
Pfad der fehlerhaften Anwendung: Stranded_Deep_x64.exe1
Pfad des fehlerhaften Moduls: Stranded_Deep_x64.exe2
Berichtskennung: Stranded_Deep_x64.exe3
Vollständiger Name des fehlerhaften Pakets: Stranded_Deep_x64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Stranded_Deep_x64.exe5

Error: (05/03/2015 06:57:09 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (05/03/2015 02:37:30 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (05/03/2015 03:39:32 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]


System errors:
=============
Error: (05/04/2015 07:05:57 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "McAfee AP Service" ist von folgendem Dienst abhängig: mfevtp. Dieser Dienst ist möglicherweise nicht installiert.

Error: (05/04/2015 07:05:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/02/2015 09:15:32 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "McAfee AP Service" ist von folgendem Dienst abhängig: mfevtp. Dieser Dienst ist möglicherweise nicht installiert.

Error: (05/02/2015 09:15:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/02/2015 09:15:16 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎02.‎05.‎2015 um 21:08:30 unerwartet heruntergefahren.

Error: (04/29/2015 01:04:09 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "McAfee AP Service" ist von folgendem Dienst abhängig: mfevtp. Dieser Dienst ist möglicherweise nicht installiert.

Error: (04/29/2015 01:04:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (04/29/2015 01:03:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎29.‎04.‎2015 um 12:31:17 unerwartet heruntergefahren.

Error: (04/29/2015 09:38:26 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.56
registriert werden. Der Computer mit IP-Adresse 192.168.0.231 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (04/27/2015 05:30:44 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "McAfee AP Service" ist von folgendem Dienst abhängig: mfevtp. Dieser Dienst ist möglicherweise nicht installiert.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-04-26 14:54:28.477
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe with signing level Unsigned while the system requires signing level 6 or better to load.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 27%
Total physical RAM: 8072.27 MB
Available physical RAM: 5840.16 MB
Total Pagefile: 10760.27 MB
Available Pagefile: 8259.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.51 GB) (Free:255.41 GB) NTFS
Drive e: () (Removable) (Total:14.98 GB) (Free:14.54 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 50B90715)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================

Warlord711 05.05.2015 13:23
Sieht eigentlich ok aus.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

emptytemp:
reboot:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.


Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

notfloppy 08.05.2015 19:17
Ich hab bisher aus Zeitnot nur den 1. Schritt ausführen können. Jedoch scheint das Problem damit so weit behoben worden zu sein. Die Auslastung ist jetzt im grünen Bereich

Code:
# AdwCleaner v4.203 - Bericht erstellt 08/05/2015 um 20:02:32
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-08.1 [Server]
# Betriebssystem : Windows 8  (x64)
# Benutzername :
# Gestarted von : C:\Users\Sim\Downloads\AdwCleaner_4.203.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\avayvaxxvae
Ordner Gelöscht : C:\avaavxvyex
Ordner Gelöscht : C:\ProgramData\SecTaskMan
Ordner Gelöscht : C:\ProgramData\pokki
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Sim\AppData\Local\SecTaskMan
Ordner Gelöscht : C:\Users\Sim\AppData\Local\pokki
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Sim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Directory\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Drive\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\lnkfile\shell\pokki
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKCU\Software\SecuredDownload
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu

***** [ Internetbrowser ] *****

-\\ Internet Explorer v10.0.9200.17267


-\\ Google Chrome v42.0.2311.135


Soll ich sicherheitshalber die anderen Schritte auch noch ausführen?

Warlord711 11.05.2015 13:03
Ja bitte ;)

notfloppy 11.05.2015 13:22
Danke für die Tipps. Aber ich glaube ich kann mir das getrost sparen.

Der PC zickt herum und will keine .exe´s wie zB Spiele mehr starten. Da ich dafür keine ordentliche Lösung gefunden habe und ich glücklicherweise bis auf 2-3 GB an Dokumenten und ein paar Dutzend GB an Spieldateien nichts untentbehrliches auf der Festplatte habe, werd ich mich wohl zum Wochenende hin daran machen Windows neu zu installieren.

Sollte wohl sämtliche Probleme beheben?

Warlord711 11.05.2015 15:39
Windows neu installieren ist natürlich auch eine Lösung. Letztendlich deine Entscheidung, ich bin nur hier um zu helfen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:04 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19