| |
| |||||||
Log-Analyse und Auswertung: System restore virus/trojaner auf meinem Pc / performance probleme & leistungsverlussWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.09.2014, 11:09
| #3 |
| |  System restore virus/trojaner auf meinem Pc / performance probleme & leistungsverluss FRST Logfile:
__________________FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Marlon (administrator) on MARLON-PC on 19-09-2014 11:55:50
Running from C:\Users\Marlon\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Systweak) C:\Program Files (x86)\Right Backup\RightBackup.exe
(Uniblue Systems Limited) C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Systweak) C:\Program Files (x86)\Right Backup\RBClientService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(GOOBZO) C:\Program Files (x86)\YouTube Accelerator\YouTubeAcceleratorService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKU\S-1-5-21-471005485-1555930460-907018246-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-471005485-1555930460-907018246-1001\...\Policies\Explorer: [Run] "C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\IEUpdate\ntkrnlpa.exe"
HKU\S-1-5-21-471005485-1555930460-907018246-1001\...\MountPoints2: {1d636f89-c193-11e3-b5e5-806e6f6e6963} - E:\WARLauncher.exe
Startup: C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ntkrnlpa.lnk
ShortcutTarget: ntkrnlpa.lnk -> C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\IEUpdate\ntkrnlpa.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: http=127.0.0.1:37214
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - {A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1402817210&from=cor&uid=395049983_1052499_500CDD21&q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://search.findwide.com/serp?guid={EFE9049E-FA49-4C33-A1E2-0592B8769702}&action=default_search&k={searchTerms}
SearchScopes: HKCU - {A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1402817210&from=cor&uid=395049983_1052499_500CDD21&q={searchTerms}
SearchScopes: HKCU - {C853684C-4033-4337-B7C7-A2E882CBA5DB} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10959
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper64.dll (Goobzo Ltd.)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: IEExtension.Extension -> {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper.dll (Goobzo Ltd.)
Toolbar: HKCU - No Name - {13F7E48A-AF65-4480-BD2A-CDF5B0929521} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
FireFox:
========
FF ProfilePath: C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default
FF DefaultSearchEngine: Zoo Search
FF SearchEngineOrder.3: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Webzen.com/NPBrowserExt -> C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\user.js
FF SearchPlugin: C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: CostMin - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\rvanh8.gusu@hpilhjvye-.edu [2014-04-19]
FF Extension: Site Matcher - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\sitematcher_srcs@sitematcher_srcs.com [2014-07-22]
FF Extension: WEB.DE MailCheck - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\toolbar@web.de [2014-07-09]
FF Extension: Youtube Accelerator Helper - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\{4C59F3E5-BBD0-4344-8DD2-30866FA0B31E} [2014-07-08]
FF Extension: Zoo Toolbar - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\{6e6e7f45-c4ea-4a0d-b25f-42ff7e3fd96c} [2014-08-01]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-07-09]
FF Extension: MEGA - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\firefox@mega.co.nz.xpi [2014-04-19]
FF Extension: Adblock Plus - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-09]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{bd199e27-5053-4798-be04-8686f2b93a72}] - C:\Program Files (x86)\Security Guard\securityguard.xpi
FF Extension: No Name - C:\Program Files (x86)\Security Guard\securityguard.xpi [2014-06-20]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-05-04]
FF Extension: No Name - C:\Program Files\V-bates\Firefox [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\firefoxmini@go.im.xpi [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\c1b9d306-75ba-4390-8a8b-76b504015572@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com [Not Found]
FF Extension: No Name - C:\Users\Marlon\AppData\Roaming\Mozilla\Firefox\Profiles\yqbllmp7.default\extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=MA5757798-50F6-48A0-ACA7-958B73E64B59&SearchSource=55&CUI=&UM=6&UP=SPA9ED7C43-B5A3-445A-A5FA-AF2D857C347F&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=MA5757798-50F6-48A0-ACA7-958B73E64B59&SearchSource=55&CUI=&UM=6&UP=SPA9ED7C43-B5A3-445A-A5FA-AF2D857C347F&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchProvider: Default -> Trovi search
CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=MA5757798-50F6-48A0-ACA7-958B73E64B59&SearchSource=58&CUI=&UM=6&UP=SPA9ED7C43-B5A3-445A-A5FA-AF2D857C347F&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-08]
CHR Extension: (Google Drive) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-08]
CHR Extension: (YouTube) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-08]
CHR Extension: (Google-Suche) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-08]
CHR Extension: (Tampermonkey) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-08-11]
CHR Extension: (HTTPS Everywhere) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-08-11]
CHR Extension: (AdBlock) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-11]
CHR Extension: (PHD-V1.4) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgomjifbpjfhpodjhihemafahhmegbek [2014-08-11]
CHR Extension: (Google Wallet) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-08]
CHR Extension: (ScriptSafe) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-08-11]
CHR Extension: (Google Mail) - C:\Users\Marlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-08]
CHR HKLM-x32\...\Chrome\Extension: [onljdobepbepmeogglgcegfflcmibdpk] - C:\Program Files (x86)\Security Guard\securityguard.crx [2014-06-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-05-20] (Perfect World Entertainment Inc)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-09] ()
R2 RBClientService; C:\Program Files (x86)\Right Backup\RBClientService.exe [48240 2014-07-11] (Systweak)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
R2 YouTubeAcceleratorService; C:\Program Files (x86)\YouTube Accelerator\YouTubeAcceleratorService.exe [1510248 2014-07-08] (GOOBZO)
S2 671c50b0; "C:\Windows\system32\rundll32.exe" "c:\progra~3\browse~1\BrowserSystemEnahncerSvc.dll",service
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-11] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 RegFltrX64; C:\Users\Marlon\AppData\Local\DashboardDirect3dNet\RegFltrX64.sys [18064 2014-06-04] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)
S3 wolfkr; C:\AeriaGames\WolfTeam-DE\avital\wolfk64.sys [86352 2014-04-20] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-19 11:55 - 2014-09-19 11:56 - 00018233 _____ () C:\Users\Marlon\Downloads\FRST.txt
2014-09-19 11:55 - 2014-09-19 11:56 - 00000000 ____D () C:\FRST
2014-09-19 11:55 - 2014-09-19 11:55 - 02105856 _____ (Farbar) C:\Users\Marlon\Downloads\FRST64.exe
2014-09-18 23:57 - 2014-09-18 23:57 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-18 23:48 - 2014-09-18 23:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Marlon\Downloads\tdsskiller.exe
2014-09-18 23:38 - 2014-09-18 23:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marlon\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-16 23:23 - 2014-09-18 22:56 - 00000000 ____D () C:\Users\Marlon\Documents\ArcheAge
2014-09-16 23:23 - 2014-09-16 23:23 - 00000000 ____D () C:\ArcheAge
2014-09-16 15:07 - 2014-09-16 15:07 - 00000000 ____D () C:\ProgramData\CanonBJ
2014-09-16 14:30 - 2014-09-18 23:17 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-09-16 14:30 - 2014-09-18 23:16 - 00000000 ____D () C:\Users\Marlon\AppData\Local\Glyph
2014-09-16 12:24 - 2014-09-18 23:17 - 00000000 ____D () C:\Program Files (x86)\BEWERBUNGSMASTER
2014-09-16 12:24 - 2014-09-18 23:16 - 00000000 ____D () C:\Users\Marlon\AppData\Local\BewerbungsMaster
2014-09-16 12:24 - 2014-09-16 12:37 - 00000000 ____D () C:\Users\Marlon\Documents\BewerbungsMaster
2014-09-16 12:24 - 2014-09-16 12:24 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-09-16 11:33 - 2014-09-16 12:36 - 00001149 _____ () C:\Users\Marlon\Desktop\Neues Textdokument.txt
2014-09-16 11:32 - 2014-09-18 23:16 - 00000000 ____D () C:\Users\Marlon\Documents\Notes
2014-09-16 11:32 - 2014-09-16 11:32 - 00004544 _____ () C:\Users\Marlon\Desktop\Neues Journal-Dokument.jnt
2014-09-15 18:28 - 2014-09-15 18:28 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\StunlockStudios
2014-09-13 20:34 - 2014-09-13 20:34 - 00000000 ____D () C:\Users\Marlon\AppData\Local\SCE
2014-09-13 18:24 - 2014-09-13 18:24 - 00000000 ____D () C:\Users\Marlon\AppData\Local\Red 5 Studios
2014-09-13 18:23 - 2014-09-13 18:23 - 00000000 ____D () C:\Users\Marlon\Documents\Firefall
2014-09-13 18:23 - 2014-09-13 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2014-09-13 18:23 - 2014-09-13 18:23 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org
2014-09-12 18:30 - 2014-09-12 18:33 - 00000000 ____D () C:\Users\Marlon\Documents\Strife
2014-09-12 18:30 - 2014-09-12 18:30 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-12 18:25 - 2014-09-18 23:17 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-09-12 18:06 - 2014-09-12 18:20 - 1778312128 _____ () C:\Users\Marlon\Downloads\StrifeWindows-0.4.0.2.exe
2014-09-12 16:50 - 2014-09-12 16:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2014-09-12 03:08 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 03:08 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 03:08 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 03:08 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 03:08 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 03:08 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 03:08 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 03:08 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 03:08 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 03:08 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 03:08 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 03:08 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 03:08 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 03:08 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 03:08 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 03:08 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 03:08 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 03:08 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 03:08 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 03:08 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 03:08 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 03:08 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 03:08 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 03:08 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 03:08 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 03:08 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 03:08 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 03:08 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 03:08 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 03:08 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 03:08 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 03:08 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 03:08 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 03:08 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 03:08 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 03:08 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 03:08 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 03:08 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 03:08 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 03:08 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 03:08 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 03:08 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 03:08 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 03:08 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 03:08 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 03:08 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 03:08 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 03:08 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 03:08 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 03:08 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 03:08 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 03:08 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 03:08 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 03:08 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 03:08 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 03:08 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 03:01 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 03:01 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 23:20 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 23:20 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 23:20 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 23:20 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 23:20 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 23:20 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 23:20 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 23:20 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 23:20 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 23:20 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 23:20 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-11 07:58 - 2014-09-11 07:58 - 00291464 _____ () C:\Windows\Minidump\091114-16598-01.dmp
2014-09-10 22:03 - 2014-09-10 22:03 - 00291432 _____ () C:\Windows\Minidump\091014-19936-01.dmp
2014-09-10 19:06 - 2014-09-10 19:06 - 00291432 _____ () C:\Windows\Minidump\091014-20061-01.dmp
2014-09-10 17:00 - 2014-09-12 14:43 - 00000000 ____D () C:\Users\Marlon\AppData\Local\wf-launcher
2014-09-10 17:00 - 2014-09-12 13:55 - 00000000 ____D () C:\ProgramData\GFACE
2014-09-10 16:59 - 2014-09-10 16:59 - 00001910 _____ () C:\Users\Marlon\Desktop\Warface Launcher.lnk
2014-09-10 16:59 - 2014-09-10 16:59 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warface Launcher
2014-09-10 16:58 - 2014-09-10 16:58 - 00000000 ____D () C:\Program Files (x86)\Crytek
2014-09-10 16:56 - 2014-09-10 16:57 - 29280872 _____ () C:\Users\Marlon\Downloads\warface-launcher.exe
2014-09-09 23:09 - 2014-09-09 23:09 - 00291456 _____ () C:\Windows\Minidump\090914-18330-01.dmp
2014-09-09 20:23 - 2014-09-09 20:23 - 00290864 _____ () C:\Windows\Minidump\090914-21574-01.dmp
2014-09-09 17:40 - 2014-09-09 17:40 - 00291432 _____ () C:\Windows\Minidump\090914-21840-01.dmp
2014-09-09 07:49 - 2014-09-09 07:49 - 00290176 _____ () C:\Windows\Minidump\090914-26239-01.dmp
2014-09-05 03:08 - 2014-09-05 20:30 - 00000000 ____D () C:\ProgramData\AnexAvop
2014-09-04 19:58 - 2014-09-10 15:56 - 00001800 _____ () C:\Users\Marlon\Downloads\HO-SystemBot-Default.cfg
2014-09-04 19:54 - 2014-09-10 15:55 - 00000140 _____ () C:\Users\Marlon\Downloads\Loader.cfg
2014-09-04 19:53 - 2014-09-04 19:53 - 04918272 _____ () C:\Users\Marlon\Downloads\ET2IBS3ogx.exe
2014-09-04 19:22 - 2014-09-18 23:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-04 19:22 - 2014-09-18 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-04 19:22 - 2014-09-11 08:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 19:22 - 2014-09-04 19:22 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-04 19:22 - 2014-09-04 19:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-04 19:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-04 19:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-04 19:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-04 19:21 - 2014-09-04 19:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marlon\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-04 18:45 - 2014-09-04 18:45 - 00000000 ____D () C:\Users\Marlon\AppData\Local\RocketTab
2014-09-04 13:16 - 2014-09-04 13:17 - 00291488 _____ () C:\Windows\Minidump\090414-22245-01.dmp
2014-09-04 13:05 - 2014-09-04 13:05 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\rightbackup
2014-09-03 21:54 - 2014-09-04 16:59 - 00001800 _____ () C:\Users\Marlon\Desktop\HO-SystemBot-Default.cfg
2014-09-03 21:50 - 2014-09-03 21:50 - 04918272 _____ () C:\Users\Marlon\Downloads\NMBn63TJRs.exe
2014-09-03 21:46 - 2014-09-03 21:46 - 07188536 _____ (Microsoft Corporation) C:\Users\Marlon\Downloads\vcredist_x64.exe
2014-09-03 21:44 - 2014-09-03 21:45 - 01417568 _____ (Microsoft Corporation) C:\Users\Marlon\Downloads\vcredist_arm.exe
2014-09-03 20:33 - 2014-09-19 11:48 - 00003066 _____ () C:\Windows\System32\Tasks\Right Backup_startup
2014-09-03 20:32 - 2014-09-05 20:28 - 00000000 ____D () C:\Users\Marlon\AppData\Local\5532
2014-09-03 20:32 - 2014-09-03 20:32 - 00000000 ____D () C:\rbtemp
2014-09-03 20:31 - 2014-09-05 20:28 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\VOPackage
2014-09-03 20:31 - 2014-09-05 20:28 - 00000000 ____D () C:\ProgramData\Systweak
2014-09-03 20:31 - 2014-09-03 20:32 - 00000000 ____D () C:\Program Files (x86)\Right Backup
2014-09-03 20:31 - 2014-09-03 20:31 - 00001050 _____ () C:\Users\Public\Desktop\Right Backup.lnk
2014-09-03 20:31 - 2014-09-03 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
2014-09-03 20:30 - 2014-09-05 20:01 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\System Speedup
2014-09-03 20:30 - 2014-09-05 20:00 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup
2014-09-03 20:28 - 2014-09-03 20:29 - 00523840 _____ (Popeler.-.Installer · sl) C:\Users\Marlon\Downloads\Setup (3).exe
2014-09-03 20:28 - 2014-09-03 20:28 - 00523840 _____ (Popeler.-.Installer · sl) C:\Users\Marlon\Downloads\Setup (2).exe
2014-09-03 14:46 - 2014-09-03 14:47 - 00291488 _____ () C:\Windows\Minidump\090314-20545-01.dmp
2014-09-02 23:51 - 2014-09-02 23:51 - 00291488 _____ () C:\Windows\Minidump\090214-18751-01.dmp
2014-09-02 13:29 - 2014-09-02 13:29 - 00000000 ____D () C:\Users\Marlon\Desktop\Praktikum Marlon
2014-09-01 20:56 - 2014-09-01 20:56 - 00291520 _____ () C:\Windows\Minidump\090114-25272-01.dmp
2014-09-01 01:02 - 2014-09-01 01:04 - 00000000 ____D () C:\Users\Marlon\Documents\Dawngate
2014-09-01 00:56 - 2014-09-01 01:04 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\DawngateData
2014-09-01 00:55 - 2014-09-01 01:01 - 00002158 _____ () C:\Users\Public\Desktop\Dawngate.lnk
2014-09-01 00:55 - 2014-09-01 00:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dawngate
2014-09-01 00:55 - 2014-09-01 00:55 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-09-01 00:50 - 2014-09-01 00:51 - 08638464 _____ () C:\Users\Marlon\Downloads\Dawngate_en_us.msi
2014-09-01 00:50 - 2014-09-01 00:51 - 08638464 _____ () C:\Users\Marlon\Downloads\Dawngate_en_us (2).msi
2014-09-01 00:50 - 2014-09-01 00:51 - 08638464 _____ () C:\Users\Marlon\Downloads\Dawngate_en_us (1).msi
2014-08-29 18:42 - 2014-08-29 18:42 - 00001031 _____ () C:\Users\Public\Desktop\Hazard Ops.lnk
2014-08-29 18:42 - 2014-08-29 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hazard Ops
2014-08-29 18:35 - 2014-08-29 19:22 - 00000000 ____D () C:\Program Files (x86)\Hazard Ops
2014-08-28 15:05 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 15:05 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 15:05 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-23 10:20 - 2014-08-23 10:20 - 00288616 _____ () C:\Windows\Minidump\082314-19063-01.dmp
2014-08-22 19:52 - 2014-08-22 19:52 - 00000222 _____ () C:\Users\Marlon\Desktop\Heroes & Generals.url
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-19 11:56 - 2014-09-19 11:55 - 00018233 _____ () C:\Users\Marlon\Downloads\FRST.txt
2014-09-19 11:56 - 2014-09-19 11:55 - 00000000 ____D () C:\FRST
2014-09-19 11:55 - 2014-09-19 11:55 - 02105856 _____ (Farbar) C:\Users\Marlon\Downloads\FRST64.exe
2014-09-19 11:55 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-19 11:55 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-19 11:52 - 2014-04-12 18:01 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Skype
2014-09-19 11:52 - 2014-04-11 18:08 - 01469212 _____ () C:\Windows\WindowsUpdate.log
2014-09-19 11:48 - 2014-09-03 20:33 - 00003066 _____ () C:\Windows\System32\Tasks\Right Backup_startup
2014-09-19 11:48 - 2014-04-20 00:13 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-19 11:47 - 2014-08-08 02:15 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-19 11:47 - 2014-07-06 15:47 - 00000274 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
2014-09-19 11:47 - 2014-04-11 19:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-19 11:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-19 11:47 - 2009-07-14 06:51 - 00067590 _____ () C:\Windows\setupact.log
2014-09-19 00:39 - 2014-04-16 19:42 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\TS3Client
2014-09-19 00:28 - 2014-04-11 18:51 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EA090C64-35D7-4F70-A0E2-B241302D0DD2}
2014-09-19 00:22 - 2014-06-27 16:20 - 00000000 ____D () C:\Users\Marlon\AppData\Local\DashboardDirect3dNet
2014-09-19 00:22 - 2014-04-20 00:10 - 00000000 ____D () C:\Program Files (x86)\Pirrit
2014-09-19 00:20 - 2014-08-08 02:15 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-19 00:12 - 2014-04-12 07:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-18 23:57 - 2014-09-18 23:57 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-18 23:48 - 2014-09-18 23:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Marlon\Downloads\tdsskiller.exe
2014-09-18 23:48 - 2014-07-06 15:47 - 00000280 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-09-18 23:41 - 2014-09-04 19:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-18 23:39 - 2011-04-12 09:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-09-18 23:39 - 2011-04-12 09:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-09-18 23:39 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-18 23:38 - 2014-09-18 23:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marlon\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-18 23:32 - 2014-09-04 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-18 23:32 - 2014-04-11 18:12 - 00000000 ____D () C:\Users\Marlon
2014-09-18 23:17 - 2014-09-16 14:30 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-09-18 23:17 - 2014-09-16 12:24 - 00000000 ____D () C:\Program Files (x86)\BEWERBUNGSMASTER
2014-09-18 23:17 - 2014-09-12 18:25 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-09-18 23:17 - 2014-07-08 14:40 - 00000000 ____D () C:\ProgramData\YTAHelper
2014-09-18 23:17 - 2014-05-30 09:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-18 23:17 - 2014-05-16 17:48 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\vlc
2014-09-18 23:17 - 2014-05-10 16:51 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-18 23:17 - 2014-05-09 17:44 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-18 23:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-18 23:16 - 2014-09-16 14:30 - 00000000 ____D () C:\Users\Marlon\AppData\Local\Glyph
2014-09-18 23:16 - 2014-09-16 12:24 - 00000000 ____D () C:\Users\Marlon\AppData\Local\BewerbungsMaster
2014-09-18 23:16 - 2014-09-16 11:32 - 00000000 ____D () C:\Users\Marlon\Documents\Notes
2014-09-18 23:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-09-18 22:56 - 2014-09-16 23:23 - 00000000 ____D () C:\Users\Marlon\Documents\ArcheAge
2014-09-17 18:00 - 2014-05-10 16:51 - 00000000 ____D () C:\Users\Marlon\AppData\Local\PMB Files
2014-09-16 23:28 - 2014-05-09 17:23 - 00000000 ____D () C:\Program Files (x86)\GamersFirst
2014-09-16 23:23 - 2014-09-16 23:23 - 00000000 ____D () C:\ArcheAge
2014-09-16 15:07 - 2014-09-16 15:07 - 00000000 ____D () C:\ProgramData\CanonBJ
2014-09-16 12:37 - 2014-09-16 12:24 - 00000000 ____D () C:\Users\Marlon\Documents\BewerbungsMaster
2014-09-16 12:36 - 2014-09-16 11:33 - 00001149 _____ () C:\Users\Marlon\Desktop\Neues Textdokument.txt
2014-09-16 12:24 - 2014-09-16 12:24 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BewerbungsMaster
2014-09-16 11:32 - 2014-09-16 11:32 - 00004544 _____ () C:\Users\Marlon\Desktop\Neues Journal-Dokument.jnt
2014-09-15 18:28 - 2014-09-15 18:28 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\StunlockStudios
2014-09-13 20:34 - 2014-09-13 20:34 - 00000000 ____D () C:\Users\Marlon\AppData\Local\SCE
2014-09-13 18:24 - 2014-09-13 18:24 - 00000000 ____D () C:\Users\Marlon\AppData\Local\Red 5 Studios
2014-09-13 18:23 - 2014-09-13 18:23 - 00000000 ____D () C:\Users\Marlon\Documents\Firefall
2014-09-13 18:23 - 2014-09-13 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2014-09-13 18:23 - 2014-09-13 18:23 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org
2014-09-12 18:33 - 2014-09-12 18:30 - 00000000 ____D () C:\Users\Marlon\Documents\Strife
2014-09-12 18:30 - 2014-09-12 18:30 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-12 18:20 - 2014-09-12 18:06 - 1778312128 _____ () C:\Users\Marlon\Downloads\StrifeWindows-0.4.0.2.exe
2014-09-12 16:50 - 2014-09-12 16:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2014-09-12 16:33 - 2014-04-12 06:32 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Awesomium
2014-09-12 15:16 - 2014-05-24 13:56 - 00000000 ____D () C:\Users\Marlon\AppData\Local\NexonLauncher
2014-09-12 14:43 - 2014-09-10 17:00 - 00000000 ____D () C:\Users\Marlon\AppData\Local\wf-launcher
2014-09-12 13:55 - 2014-09-10 17:00 - 00000000 ____D () C:\ProgramData\GFACE
2014-09-12 03:07 - 2014-04-11 20:11 - 01591896 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 03:06 - 2014-04-11 18:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 03:02 - 2014-04-11 18:58 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 03:01 - 2014-05-08 19:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 08:19 - 2014-09-04 19:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 07:58 - 2014-09-11 07:58 - 00291464 _____ () C:\Windows\Minidump\091114-16598-01.dmp
2014-09-11 07:58 - 2014-04-26 12:09 - 00000000 ____D () C:\Windows\Minidump
2014-09-11 07:58 - 2014-04-26 12:08 - 370797455 _____ () C:\Windows\MEMORY.DMP
2014-09-10 22:03 - 2014-09-10 22:03 - 00291432 _____ () C:\Windows\Minidump\091014-19936-01.dmp
2014-09-10 19:06 - 2014-09-10 19:06 - 00291432 _____ () C:\Windows\Minidump\091014-20061-01.dmp
2014-09-10 16:59 - 2014-09-10 16:59 - 00001910 _____ () C:\Users\Marlon\Desktop\Warface Launcher.lnk
2014-09-10 16:59 - 2014-09-10 16:59 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warface Launcher
2014-09-10 16:58 - 2014-09-10 16:58 - 00000000 ____D () C:\Program Files (x86)\Crytek
2014-09-10 16:57 - 2014-09-10 16:56 - 29280872 _____ () C:\Users\Marlon\Downloads\warface-launcher.exe
2014-09-10 15:56 - 2014-09-04 19:58 - 00001800 _____ () C:\Users\Marlon\Downloads\HO-SystemBot-Default.cfg
2014-09-10 15:55 - 2014-09-04 19:54 - 00000140 _____ () C:\Users\Marlon\Downloads\Loader.cfg
2014-09-10 13:12 - 2014-04-12 07:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 13:12 - 2014-04-12 07:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 13:12 - 2014-04-12 07:32 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 23:09 - 2014-09-09 23:09 - 00291456 _____ () C:\Windows\Minidump\090914-18330-01.dmp
2014-09-09 20:23 - 2014-09-09 20:23 - 00290864 _____ () C:\Windows\Minidump\090914-21574-01.dmp
2014-09-09 17:40 - 2014-09-09 17:40 - 00291432 _____ () C:\Windows\Minidump\090914-21840-01.dmp
2014-09-09 17:40 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-09 07:49 - 2014-09-09 07:49 - 00290176 _____ () C:\Windows\Minidump\090914-26239-01.dmp
2014-09-07 12:28 - 2010-11-21 05:47 - 00451622 _____ () C:\Windows\PFRO.log
2014-09-05 20:30 - 2014-09-05 03:08 - 00000000 ____D () C:\ProgramData\AnexAvop
2014-09-05 20:29 - 2014-04-19 23:35 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Systweak
2014-09-05 20:28 - 2014-09-03 20:32 - 00000000 ____D () C:\Users\Marlon\AppData\Local\5532
2014-09-05 20:28 - 2014-09-03 20:31 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\VOPackage
2014-09-05 20:28 - 2014-09-03 20:31 - 00000000 ____D () C:\ProgramData\Systweak
2014-09-05 20:28 - 2014-08-11 00:02 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-09-05 20:28 - 2014-07-08 14:39 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-05 20:28 - 2014-07-06 15:54 - 00000000 ____D () C:\Program Files (x86)\iRobinHood
2014-09-05 20:01 - 2014-09-03 20:30 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\System Speedup
2014-09-05 20:00 - 2014-09-03 20:30 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup
2014-09-05 04:10 - 2014-09-11 23:20 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-11 23:20 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-05 02:04 - 2014-08-11 00:03 - 00000000 ____D () C:\ProgramData\ygpDOMp
2014-09-04 19:53 - 2014-09-04 19:53 - 04918272 _____ () C:\Users\Marlon\Downloads\ET2IBS3ogx.exe
2014-09-04 19:28 - 2014-07-08 15:30 - 00000000 ____D () C:\Program Files (x86)\Security Guard
2014-09-04 19:28 - 2014-07-06 15:53 - 00000000 ____D () C:\Program Files (x86)\SoftwareUpdater
2014-09-04 19:28 - 2014-06-15 09:26 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\sweet-page
2014-09-04 19:28 - 2014-04-19 17:28 - 00000000 ____D () C:\ProgramData\WPM
2014-09-04 19:22 - 2014-09-04 19:22 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-04 19:22 - 2014-09-04 19:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-04 19:21 - 2014-09-04 19:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marlon\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-04 18:45 - 2014-09-04 18:45 - 00000000 ____D () C:\Users\Marlon\AppData\Local\RocketTab
2014-09-04 16:59 - 2014-09-03 21:54 - 00001800 _____ () C:\Users\Marlon\Desktop\HO-SystemBot-Default.cfg
2014-09-04 13:17 - 2014-09-04 13:16 - 00291488 _____ () C:\Windows\Minidump\090414-22245-01.dmp
2014-09-04 13:05 - 2014-09-04 13:05 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\rightbackup
2014-09-03 21:50 - 2014-09-03 21:50 - 04918272 _____ () C:\Users\Marlon\Downloads\NMBn63TJRs.exe
2014-09-03 21:46 - 2014-09-03 21:46 - 07188536 _____ (Microsoft Corporation) C:\Users\Marlon\Downloads\vcredist_x64.exe
2014-09-03 21:45 - 2014-09-03 21:44 - 01417568 _____ (Microsoft Corporation) C:\Users\Marlon\Downloads\vcredist_arm.exe
2014-09-03 20:32 - 2014-09-03 20:32 - 00000000 ____D () C:\rbtemp
2014-09-03 20:32 - 2014-09-03 20:31 - 00000000 ____D () C:\Program Files (x86)\Right Backup
2014-09-03 20:31 - 2014-09-03 20:31 - 00001050 _____ () C:\Users\Public\Desktop\Right Backup.lnk
2014-09-03 20:31 - 2014-09-03 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
2014-09-03 20:29 - 2014-09-03 20:28 - 00523840 _____ (Popeler.-.Installer · sl) C:\Users\Marlon\Downloads\Setup (3).exe
2014-09-03 20:28 - 2014-09-03 20:28 - 00523840 _____ (Popeler.-.Installer · sl) C:\Users\Marlon\Downloads\Setup (2).exe
2014-09-03 14:47 - 2014-09-03 14:46 - 00291488 _____ () C:\Windows\Minidump\090314-20545-01.dmp
2014-09-02 23:51 - 2014-09-02 23:51 - 00291488 _____ () C:\Windows\Minidump\090214-18751-01.dmp
2014-09-02 13:29 - 2014-09-02 13:29 - 00000000 ____D () C:\Users\Marlon\Desktop\Praktikum Marlon
2014-09-01 20:56 - 2014-09-01 20:56 - 00291520 _____ () C:\Windows\Minidump\090114-25272-01.dmp
2014-09-01 01:04 - 2014-09-01 01:02 - 00000000 ____D () C:\Users\Marlon\Documents\Dawngate
2014-09-01 01:04 - 2014-09-01 00:56 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\DawngateData
2014-09-01 01:01 - 2014-09-01 00:55 - 00002158 _____ () C:\Users\Public\Desktop\Dawngate.lnk
2014-09-01 00:55 - 2014-09-01 00:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dawngate
2014-09-01 00:55 - 2014-09-01 00:55 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-09-01 00:55 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-01 00:51 - 2014-09-01 00:50 - 08638464 _____ () C:\Users\Marlon\Downloads\Dawngate_en_us.msi
2014-09-01 00:51 - 2014-09-01 00:50 - 08638464 _____ () C:\Users\Marlon\Downloads\Dawngate_en_us (2).msi
2014-09-01 00:51 - 2014-09-01 00:50 - 08638464 _____ () C:\Users\Marlon\Downloads\Dawngate_en_us (1).msi
2014-08-31 03:51 - 2014-06-14 08:34 - 00000000 ____D () C:\Users\Marlon\AppData\Local\QQSM
2014-08-29 19:22 - 2014-08-29 18:35 - 00000000 ____D () C:\Program Files (x86)\Hazard Ops
2014-08-29 18:42 - 2014-08-29 18:42 - 00001031 _____ () C:\Users\Public\Desktop\Hazard Ops.lnk
2014-08-29 18:42 - 2014-08-29 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hazard Ops
2014-08-29 00:39 - 2009-07-14 06:45 - 00268536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 16:00 - 2014-05-17 19:38 - 00000000 ____D () C:\Users\Marlon\Documents\My Games
2014-08-28 16:00 - 2014-04-11 19:35 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-08-28 15:56 - 2014-04-25 17:14 - 00116083 _____ () C:\Windows\DirectX.log
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 10:20 - 2014-08-23 10:20 - 00288616 _____ () C:\Windows\Minidump\082314-19063-01.dmp
2014-08-23 04:07 - 2014-08-28 15:05 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 15:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 15:05 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 19:52 - 2014-08-22 19:52 - 00000222 _____ () C:\Users\Marlon\Desktop\Heroes & Generals.url
2014-08-22 19:52 - 2014-05-30 10:18 - 00000000 ____D () C:\Users\Marlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
Some content of TEMP:
====================
C:\Users\Marlon\AppData\Local\Temp\25cc40ac237f9326beca4170b7056e46.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-06 06:25
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- [/CODE] FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Marlon at 2014-09-19 11:56:45
Running from C:\Users\Marlon\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1 Media Converter version 1.0.0 (HKLM-x32\...\{29A9E262-AC6E-4B40-816F-2C4AC55549F8}_is1) (Version: 1.0.0 - OneFloor App,Inc)
1 Media Player version 2.2.0 (HKLM-x32\...\{6C566E3B-CBFB-4A3C-A8B6-88EA54DE7CA8}_is1) (Version: 2.2.0 - OneFloorApp Ltd.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Bloodline Champions (HKLM-x32\...\Steam App 6370) (Version: - Stunlock Studios)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
C9 (HKLM-x32\...\C9(Continent of the Ninth Seal)_is1) (Version: - WEBZEN)
C9 (HKLM-x32\...\Steam App 212390) (Version: - Cloud 9 Studio)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Dawngate (HKLM-x32\...\{9E238DAC-8A8B-46C4-B2D0-FD9903514095}) (Version: 187.42.53.0 - Electronic Arts, Inc.)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Drakensang Online (HKLM-x32\...\Drakensang Online) (Version: - )
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
Free YouTube to MP3 Converter version 3.12.34.430 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.)
Gameforge Live 2.0.3 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.3 - Gameforge)
GamersFirst LIVE! (HKCU\...\GamersFirst LIVE!) (Version: - GamersFirst)
Genymotion version 2.2.2 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.2.2 - Genymobile)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hazard Ops (HKLM-x32\...\{F70DE052-CFFD-4DCB-8DA3-3ECAAFBB7D15}}_is1) (Version: 0.0.5.3 - Infernum Productions AG)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)
Java Packages (HKCU\...\Java Packages) (Version: - ) <==== ATTENTION
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden
Oracle VM VirtualBox 4.2.12 (HKLM\...\{0C1DE303-E41B-44BA-8ABA-B7F09D857001}) (Version: 4.2.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Panzar (HKLM-x32\...\{4FF82163-423A-43CE-898D-3B60D19A5E8F}_is1) (Version: 1.0 - Panzar)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.1.3.32950 - Grinding Gear Games)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Prime World version 9.14.0 (HKLM-x32\...\{F6F3C462-2729-4555-8A95-CC317A90F8FF}_is1) (Version: 9.14.0 - Nival)
RIFT (HKCU\...\RIFT) (Version: - Trion Worlds, Inc.)
Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4398 - Systweak Software)
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version: - )
SavingsAurora (HKCU\...\gxxqa) (Version: - ) <==== ATTENTION
Security Guard (HKLM-x32\...\Security Guard) (Version: - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.3.9 - Uniblue Systems Limited) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
System Speedup (HKLM-x32\...\System Speedup_is1) (Version: 2.1 - systemspeedup.com)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
uPlayer (HKLM-x32\...\{06810DC6-3501-40FE-BCB3-1A7BE6398A36}) (Version: 1.0.0 - Full Spectrum Interactive)
VideoLAN VLC media player 0.8.2 (HKLM-x32\...\VLC media player) (Version: 0.8.2 - VideoLAN Team)
Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
Warframe (HKLM-x32\...\{CD733352-5102-4212-8561-6A0CDF496DE7}) (Version: 1.0.0 - Digital Extremes)
WEBZEN Browser Extension (HKLM-x32\...\{95723791-2C44-454B-9220-C65D47D70E9C}) (Version: 1.12.010 - WEBZEN)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR 5.10 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WolfTeam-DE (HKLM-x32\...\WolfTeam-DE) (Version: - )
YouTube Accelerator (HKLM-x32\...\YouTube Accelerator) (Version: 3394(build_88) - Goobzo Ltd.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
12-09-2014 14:49:17 Installed Microsoft XNA Framework Redistributable 3.1
12-09-2014 16:27:58 DirectX wurde installiert
16-09-2014 18:03:15 Windows Update
16-09-2014 21:41:23 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
16-09-2014 21:42:38 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
18-09-2014 20:49:07 Wiederherstellungsvorgang
18-09-2014 21:08:57 Windows Update
18-09-2014 21:10:09 Wiederherstellungsvorgang
18-09-2014 21:38:58 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-04-20 00:10 - 00008909 ____A C:\Windows\system32\Drivers\etc\hosts
216.239.32.20 google.com
216.239.32.20 google.com www.google.ad
216.239.32.20 google.com www.google.ae
216.239.32.20 google.com www.google.com.af
216.239.32.20 google.com www.google.com.ag
216.239.32.20 google.com www.google.com.ai
216.239.32.20 google.com www.google.al
216.239.32.20 google.com www.google.am
216.239.32.20 google.com www.google.co.ao
216.239.32.20 google.com www.google.com.ar
216.239.32.20 google.com www.google.as
216.239.32.20 google.com www.google.at
216.239.32.20 google.com www.google.com.au
216.239.32.20 google.com www.google.az
216.239.32.20 google.com www.google.ba
216.239.32.20 google.com www.google.com.bd
216.239.32.20 google.com www.google.be
216.239.32.20 google.com www.google.bf
216.239.32.20 google.com www.google.bg
216.239.32.20 google.com www.google.com.bh
216.239.32.20 google.com www.google.bi
216.239.32.20 google.com www.google.bj
216.239.32.20 google.com www.google.com.bn
216.239.32.20 google.com www.google.com.bo
216.239.32.20 google.com www.google.com.br
216.239.32.20 google.com www.google.bs
216.239.32.20 google.com www.google.bt
216.239.32.20 google.com www.google.co.bw
216.239.32.20 google.com www.google.by
There are 162 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0A9E4713-889E-4B46-BDD9-55E0AD5ED5AF} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {0B546462-2BBD-4265-A7E3-33803F49CF39} - System32\Tasks\YTAHelper => C:\Program Files (x86)\YTAHelper\YTAHelper.exe [2014-06-15] (Goobzo LTD) <==== ATTENTION
Task: {31303B7D-797C-4E2A-A89D-51FA8E82935C} - \SPBIW_UpdateTask_Time_333339363935303830352d3237575a236c6c3255342a41 No Task File <==== ATTENTION
Task: {38AE9A86-5972-4AE4-A6CF-61988342550E} - \SPDriver No Task File <==== ATTENTION
Task: {3F65660C-D125-476E-954B-C320ECC14B6B} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 No Task File <==== ATTENTION
Task: {404450E9-CDC2-4E96-8143-A3344F60328E} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {43981BD6-65CE-42C1-A15C-F93BC5559B13} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-06-18] (Uniblue Systems Limited) <==== ATTENTION
Task: {46296773-145C-492A-AE10-CDFEDE4DA865} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {4872C38A-58A1-4F3A-ACF2-43172FE33EAD} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {49610218-A0B8-46DA-9999-71E04F16B5F9} - System32\Tasks\Browser Updater\Browser Updater => C:\Program Files (x86)\ZooToolbar\WPackageUpdate.exe
Task: {5336C78F-4F3D-46A1-8ED1-F4F438B97BC5} - System32\Tasks\YTAUpdate_logon => C:\Program Files (x86)\YouTube Accelerator\Updater.exe [2014-07-08] (Goobzo) <==== ATTENTION
Task: {620CE989-A4B1-435B-82B8-44583E8C383B} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {69D8798B-EFBF-4863-BA85-5654F35D6D59} - \RocketTab No Task File <==== ATTENTION
Task: {6A6EE148-CC94-490F-A56E-973DE2E28A9E} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\ZooToolbar\WConnectorDirect.exe <==== ATTENTION
Task: {6B1B3635-B859-46DE-89E3-6A67B1058E5F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-08] (Google Inc.)
Task: {8BA398A9-032E-48A0-B55B-C35CE9EC9D79} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-08] (Google Inc.)
Task: {9E2CC040-5571-486E-AC65-BE09F48EA35E} - System32\Tasks\UNELEVATE_12599 => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe <==== ATTENTION
Task: {AC52E715-BFD7-43F4-A524-E858ADEC6C88} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-03-20] (TuneUp Software)
Task: {B2E7D4B8-212C-461B-8EC1-7ED16FF3A4CA} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\ZooToolbar\WSystemKeeper.exe
Task: {C62FE617-50D9-45C8-9980-FD198EC9B53C} - System32\Tasks\YTAUpdate => C:\Program Files (x86)\YouTube Accelerator\Updater.exe [2014-07-08] (Goobzo) <==== ATTENTION
Task: {DFED1601-5173-4012-B777-5BE35F28FA34} - \ShopperPro No Task File <==== ATTENTION
Task: {E3E0841C-E2E4-4105-83C1-D5FABF919329} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {FE496842-3510-4725-929F-133FFFA7CCAF} - System32\Tasks\Right Backup_startup => C:\Program Files (x86)\Right Backup\RightBackup.exe [2014-07-11] (Systweak)
Task: {FF8DE74B-2DAD-4271-84B6-60EDA6BE267A} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-06-18] (Uniblue Systems Limited) <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-04-11 19:36 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-02 21:41 - 2014-05-09 17:41 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-20 14:44 - 2014-03-20 14:44 - 00675640 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2014-09-03 20:31 - 2013-08-02 19:21 - 00886272 _____ () C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll
2014-07-06 15:47 - 2013-06-06 10:43 - 26034688 _____ () C:\Program Files (x86)\Uniblue\SpeedUpMyPC\libcef.dll
2014-07-06 15:47 - 2014-06-18 11:28 - 00452720 _____ () C:\Program Files (x86)\Uniblue\SpeedUpMyPC\x86\Trackerbird.py.clr4.dll
2014-08-08 02:16 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-08-08 02:16 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-08-08 02:16 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-08-08 02:16 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-08-08 02:16 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\07941175.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\07941175.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: BlockAndSurf => 2
MSCONFIG\Services: IePluginService => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LPTSystemUpdater => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: PirritDesktop => 2
MSCONFIG\Services: PirritUpdater => 2
MSCONFIG\Services: Update PlurPush => 2
MSCONFIG\Services: Util PlurPush => 2
MSCONFIG\Services: Wpm => 2
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/19/2014 11:51:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x41c
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (09/19/2014 11:49:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/19/2014 00:25:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xaa8
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (09/19/2014 00:24:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/18/2014 11:57:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xa5c
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (09/18/2014 11:36:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x1340
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (09/18/2014 11:33:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/18/2014 11:33:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363
Name des fehlerhaften Moduls: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363
Ausnahmecode: 0x40000015
Fehleroffset: 0x0007da8a
ID des fehlerhaften Prozesses: 0xa30
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3
Error: (09/18/2014 11:33:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 3.0.2.0, Zeitstempel: 0x5339cec3
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x8a0
Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0
Pfad der fehlerhaften Anwendung: mbamscheduler.exe1
Pfad des fehlerhaften Moduls: mbamscheduler.exe2
Berichtskennung: mbamscheduler.exe3
Error: (09/18/2014 11:07:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xd70
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
System errors:
=============
Error: (09/19/2014 11:48:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Browser System Enahncer erreicht.
Error: (09/19/2014 11:47:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Automatische WLAN-Konfiguration" ist vom Dienst "Extensible Authentication-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/19/2014 11:47:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Extensible Authentication-Protokoll" ist vom Dienst "CNG-Schlüsselisolation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (09/19/2014 00:23:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Browser System Enahncer erreicht.
Error: (09/19/2014 00:22:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Automatische WLAN-Konfiguration" ist vom Dienst "Extensible Authentication-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/19/2014 00:22:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Extensible Authentication-Protokoll" ist vom Dienst "CNG-Schlüsselisolation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (09/18/2014 11:34:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/18/2014 11:34:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DashboardDirect3dNet.exe" wurde nicht richtig gestartet.
Error: (09/18/2014 11:33:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/18/2014 11:33:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.
Microsoft Office Sessions:
=========================
Error: (09/19/2014 11:51:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd41c01cfd3ef3fc8dab0C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dll7f53ab10-3fe2-11e4-9a0a-20cf30cd27b6
Error: (09/19/2014 11:49:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/19/2014 00:25:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdaa801cfd38f64ec6600C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dlla5dc44a0-3f82-11e4-9b9e-20cf30cd27b6
Error: (09/19/2014 00:24:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/18/2014 11:57:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fda5c01cfd38b949344e0C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dlld305ee80-3f7e-11e4-9446-eedd2dc3729c
Error: (09/18/2014 11:36:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd134001cfd38890156540C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dllce7e4ae0-3f7b-11e4-9446-20cf30cd27b6
Error: (09/18/2014 11:33:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/18/2014 11:33:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8aa3001cfd388235c3460C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe6a755070-3f7b-11e4-9446-20cf30cd27b6
Error: (09/18/2014 11:33:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd8a001cfd38819647260C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dll606ba480-3f7b-11e4-9446-20cf30cd27b6
Error: (09/18/2014 11:07:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdd7001cfd3848d1f8a40C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dllcae6b1a0-3f77-11e4-a390-eedd2dc3729c
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X4 645 Processor
Percentage of memory in use: 59%
Total physical RAM: 3327.23 MB
Available physical RAM: 1352.38 MB
Total Pagefile: 6652.63 MB
Available Pagefile: 4466.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:488.28 GB) (Free:113.05 GB) NTFS
Drive d: () (Fixed) (Total:97.66 GB) (Free:91.78 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D3270B59)
Partition 1: (Active) - (Size=345.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Ich kann mein anti malware programm nicht mehr öffnen ( Malwarebytes anti- malware ) wird ständig geblockt. gibts auch einen anderen weg den scan log zu posten? |
| Themen zu System restore virus/trojaner auf meinem Pc / performance probleme & leistungsverluss |
| bat, fehlercode 0x40000015, fehlercode windows, geblockt, grafikkarte, kopieren, langsam, league of legends, leistungsverlust, malware, mobogenie, mobogenie entfernen, nicht mehr, performance, performanceprobleme, steam, sweet-page, sweet-page entfernen, system, system restore entfernen, system restore virus, trojaner, verzweifelt, viren scanner |
Baum-Darstellung