| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Zu hohe Systemauslastung im Leerlauf, Unangekündigtes Herunterfahren!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.10.2014, 21:31
| #1 |
| |  Zu hohe Systemauslastung im Leerlauf, Unangekündigtes Herunterfahren! Liebes Trojaner-Board Team, schon öfters konnte als Mitleser einige meiner Probleme lösen, mit diesem muss ich mich jetzt allerdings ans Forum wenden. Seit einiger Zeit läuft mein System unrund - ob ich mir etwas eingefangen habe weiss ich nicht. Trotz Neustart habe ich eine Prozessorauslastung von 60 ~ 70% bei ca. 80 grad (laut cpuCool) im Leerlauf. Im Taskmanager lässt sich nichts merkwürdiges feststellen. Zudem fährt er sich, vermutlich aufgrund der Überhitzung, ohne Fehlermeldung herunter. Das letzte mal während der GMER überprüfung. Zu guter letzt habe ich gerne mal einen CTD bei Skyrim mit einem ''BEX'' Error. Mein System ist mittlerweile 4 Jahre alt. Zu Weihnachten werd ich mir ein neues gönnen - bis dahin sollte es jedoch noch laufen. Fällt euch irgendwas seltsames auf? EDIT: Der Arbeitsspeicher ist gleichbleibend. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-10-2014
Ran by SchanDam (administrator) on PC on 05-10-2014 21:41:36
Running from C:\Users\SchanDam\Downloads
Loaded Profile: SchanDam (Available profiles: SchanDam)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Thermaltake) C:\Program Files\Tt eSPORTS\Tt eSPORTS Level 10 M\L10mMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-29] (AVAST Software)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [6210840 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [Tt eSPORTS Level 10 M Gaming Mouse] => C:\Program Files\Tt eSPORTS\Tt eSPORTS Level 10 M\L10mMonitor.exe [123360 2012-12-28] (Thermaltake)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKU\S-1-5-21-1157352705-3489334921-3881099159-1000\...\MountPoints2: {d5f140c3-40c8-11e4-9264-d0278801c2da} - F:\autorun.exe
HKU\S-1-5-21-1157352705-3489334921-3881099159-1000\...\MountPoints2: {d5f140d1-40c8-11e4-9264-d0278801c2da} - E:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-11-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x573C75BB6BD6CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_frg01_14_24_ff&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzztDtC0CtB0D0AyEtAtDtCtN0D0Tzu0SzzzytCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0C0A0EyBtC0BtDtG0CyBtCyDtGyE0E0EyCtGzytBtA0BtGyEyC0EtC0AyEtAyDtBtCzytD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DtAyCyE0FyDyDtGyBtAyEyCtG0E0A0EyEtG0Azzzz0BtGyD0EyDtD0DyEtD0AtDtBzz0C2QtN1B1L1H1Ezu1O2U1M1B&cr=863074080&ir=
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_frg01_14_24_ff&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzztDtC0CtB0D0AyEtAtDtCtN0D0Tzu0SzzzytCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0C0A0EyBtC0BtDtG0CyBtCyDtGyE0E0EyCtGzytBtA0BtGyEyC0EtC0AyEtAyDtBtCzytD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DtAyCyE0FyDyDtGyBtAyEyCtG0E0A0EyEtG0Azzzz0BtGyD0EyDtD0DyEtD0AtDtBzz0C2QtN1B1L1H1Ezu1O2U1M1B&cr=863074080&ir=
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\SchanDam\AppData\Roaming\Mozilla\Firefox\Profiles\0jab5e4i.default
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus Pop-up Addon - C:\Users\SchanDam\AppData\Roaming\Mozilla\Firefox\Profiles\0jab5e4i.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-02-24]
FF Extension: Adblock Plus - C:\Users\SchanDam\AppData\Roaming\Mozilla\Firefox\Profiles\0jab5e4i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-30]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-31]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-21]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-21] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [916800 2014-09-17] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18045760 2014-09-17] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-02-14] ()
S3 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-21] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-21] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-21] ()
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
S3 MAUSBFASTTRACKPRO; C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys [158600 2010-12-07] (Avid Technology, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-05] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [95304 2012-03-25] (MotioninJoy)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32928 2014-09-04] (NVIDIA Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net)
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-05 21:41 - 2014-10-05 21:42 - 00013294 _____ () C:\Users\SchanDam\Downloads\FRST.txt
2014-10-05 21:40 - 2014-10-05 21:41 - 00000000 ____D () C:\FRST
2014-10-05 21:40 - 2014-10-05 21:40 - 01100800 _____ (Farbar) C:\Users\SchanDam\Downloads\FRST.exe
2014-10-05 20:43 - 2014-10-05 20:45 - 00000000 ____D () C:\Users\SchanDam\Downloads\backups
2014-10-05 20:39 - 2014-10-05 20:44 - 00005813 _____ () C:\Users\SchanDam\Downloads\hijackthis.log
2014-10-05 20:37 - 2014-10-05 20:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\SchanDam\Downloads\HiJackThis204.exe
2014-10-05 20:33 - 2014-10-05 21:14 - 00000336 _____ () C:\Windows\setupact.log
2014-10-05 20:33 - 2014-10-05 20:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-05 01:43 - 2014-10-05 20:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-05 01:43 - 2014-10-05 01:43 - 00001024 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-05 01:43 - 2014-10-05 01:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-05 01:43 - 2014-10-05 01:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-05 01:43 - 2014-10-05 01:43 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-10-05 01:43 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-05 01:43 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-05 01:43 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-02 02:36 - 2014-10-02 20:16 - 00002207 _____ () C:\Users\SchanDam\Desktop\Skyrim (SKSE).lnk
2014-10-02 01:16 - 2014-10-02 01:16 - 00001326 _____ () C:\Users\SchanDam\Desktop\Steamapps.lnk
2014-10-01 16:02 - 2014-10-01 16:08 - 00000000 ____D () C:\Users\SchanDam\AppData\Local\NVIDIA Corporation
2014-10-01 16:02 - 2014-09-17 04:10 - 02193560 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2014-10-01 16:02 - 2014-09-17 04:10 - 01291280 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll
2014-10-01 16:01 - 2014-10-02 20:51 - 00000032 _____ () C:\Users\SchanDam\Desktop\fsda.txt
2014-10-01 16:01 - 2014-10-01 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-10-01 16:01 - 2014-10-01 16:01 - 00000000 ____D () C:\Program Files\AGEIA Technologies
2014-10-01 16:00 - 2014-09-13 22:05 - 00613696 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2014-10-01 15:59 - 2014-10-05 21:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-01 15:59 - 2014-09-13 23:06 - 04458128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-10-01 15:59 - 2014-09-13 23:06 - 03069128 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2014-10-01 15:59 - 2014-09-13 23:06 - 02555200 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-10-01 15:59 - 2014-09-13 23:06 - 00669896 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-10-01 15:59 - 2014-09-13 23:06 - 00375112 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-10-01 15:59 - 2014-09-13 23:06 - 00061768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-10-01 15:59 - 2014-09-11 22:25 - 03961833 _____ () C:\Windows\system32\nvcoproc.bin
2014-10-01 15:58 - 2014-09-14 01:45 - 00059592 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-10-01 15:55 - 2014-09-17 06:49 - 00906048 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco3220103.dll
2014-10-01 15:55 - 2014-09-17 06:49 - 00162592 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys
2014-10-01 15:55 - 2014-09-17 06:49 - 00028448 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap32.dll
2014-10-01 15:55 - 2014-09-14 01:45 - 24553792 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2014-10-01 15:55 - 2014-09-14 01:45 - 18106152 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2014-10-01 15:55 - 2014-09-14 01:45 - 17258696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-10-01 15:55 - 2014-09-14 01:45 - 16875856 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2014-10-01 15:55 - 2014-09-14 01:45 - 11392576 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-10-01 15:55 - 2014-09-14 01:45 - 11330776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-10-01 15:55 - 2014-09-14 01:45 - 10862224 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-10-01 15:55 - 2014-09-14 01:45 - 04008592 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-10-01 15:55 - 2014-09-14 01:45 - 02838424 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2014-10-01 15:55 - 2014-09-14 01:45 - 01041096 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234411.dll
2014-10-01 15:55 - 2014-09-14 01:45 - 00919240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2014-10-01 15:55 - 2014-09-14 01:45 - 00907408 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234411.dll
2014-10-01 15:55 - 2014-09-14 01:45 - 00893128 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2014-10-01 15:55 - 2014-09-14 01:45 - 00867528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshim.dll
2014-10-01 15:55 - 2014-09-14 01:45 - 00303600 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim32.dll
2014-10-01 15:55 - 2014-09-14 01:45 - 00156840 _____ (NVIDIA Corporation) C:\Windows\system32\nvinit.dll
2014-10-01 15:55 - 2014-09-14 01:45 - 00022062 _____ () C:\Windows\system32\nvinfo.pb
2014-10-01 15:55 - 2014-09-04 21:14 - 00032928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-10-01 15:55 - 2014-09-04 21:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap32v.dll
2014-09-30 19:09 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-25 04:58 - 2014-09-25 04:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-23 21:47 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 03:33 - 2014-09-23 03:33 - 00000000 ____D () C:\Windows\pss
2014-09-22 23:42 - 2014-09-22 23:44 - 00000000 ____D () C:\Games
2014-09-22 23:37 - 2014-10-01 02:33 - 00000000 ____D () C:\Users\SchanDam\Documents\Nexus Mod Manager
2014-09-22 23:37 - 2014-09-25 16:54 - 00001007 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2014-09-22 23:37 - 2014-09-25 16:54 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-09-22 23:37 - 2014-09-22 23:37 - 00000000 ____D () C:\Users\SchanDam\AppData\Local\Black_Tree_Gaming
2014-09-22 16:55 - 2014-10-02 01:44 - 00000000 ____D () C:\ProgramData\Nero
2014-09-22 14:30 - 2014-09-22 23:38 - 00000000 ____D () C:\Users\SchanDam\AppData\Local\Fallout3
2014-09-22 14:26 - 2014-09-22 14:26 - 00000000 ____D () C:\Windows\system32\xlive
2014-09-22 14:26 - 2014-09-22 14:26 - 00000000 ____D () C:\Program Files\Microsoft Games for Windows - LIVE
2014-09-21 22:53 - 2014-10-02 01:48 - 00000000 ____D () C:\Users\SchanDam\Documents\PCSX2
2014-09-21 22:51 - 2014-09-21 22:51 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-21 22:51 - 2014-09-21 22:51 - 00000000 ____D () C:\Windows\system32\directx
2014-09-21 22:49 - 2014-09-21 22:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-21 22:48 - 2014-10-02 01:48 - 00000000 ____D () C:\Program Files\PCSX2 1.2.1
2014-09-20 18:16 - 2014-09-20 18:24 - 00015872 ___SH () C:\Users\SchanDam\Thumbs.db
2014-09-20 17:40 - 2014-09-20 17:40 - 00000906 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Sierra Utilities.lnk
2014-09-20 17:39 - 2014-10-02 01:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
2014-09-20 17:39 - 2014-10-02 01:45 - 00000000 ____D () C:\Program Files\Sierra On-Line
2014-09-20 17:39 - 2014-09-20 17:40 - 00000407 _____ () C:\Windows\SIERRA.INI
2014-09-20 17:39 - 1997-05-12 17:53 - 00314368 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2014-09-20 17:38 - 2014-10-02 01:45 - 00000000 ____D () C:\Program Files\Diablo
2014-09-20 17:38 - 2014-09-20 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo
2014-09-20 17:34 - 2014-09-20 17:34 - 00000000 ____D () C:\Program Files\Elaborate Bytes
2014-09-20 02:56 - 2014-09-20 17:35 - 00000000 ____D () C:\Users\SchanDam\AppData\Roaming\uTorrent
2014-09-12 20:56 - 2014-09-12 20:56 - 00000000 ____D () C:\Program Files\WinRoll
2014-09-12 01:13 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 01:13 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 01:13 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 01:13 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 01:13 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 01:13 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 01:13 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 01:13 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 01:13 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 01:13 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 01:13 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 01:13 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 01:13 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 01:13 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 01:13 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 01:13 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 01:13 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 01:13 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 01:13 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 01:13 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 01:13 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 01:13 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 01:13 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 01:13 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 01:13 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 01:13 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 01:13 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 01:13 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 01:13 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 01:12 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 01:12 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 17:15 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 17:15 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 17:15 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 17:15 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-07 02:21 - 2014-09-07 02:21 - 00000000 __SHD () C:\Users\SchanDam\AppData\Local\EmieUserList
2014-09-07 02:21 - 2014-09-07 02:21 - 00000000 __SHD () C:\Users\SchanDam\AppData\Local\EmieSiteList
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-05 21:38 - 2013-10-31 21:32 - 00000000 ____D () C:\Program Files\Steam
2014-10-05 21:22 - 2009-07-14 06:34 - 00013632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-05 21:22 - 2009-07-14 06:34 - 00013632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-05 21:20 - 2013-10-31 21:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-05 21:18 - 2013-10-31 20:35 - 01596375 _____ () C:\Windows\WindowsUpdate.log
2014-10-05 21:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-10-05 21:14 - 2014-06-18 22:28 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-10-05 21:14 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-05 20:38 - 2014-06-18 14:19 - 00095232 ___SH () C:\Users\SchanDam\Downloads\Thumbs.db
2014-10-05 20:38 - 2013-10-31 20:35 - 00000000 ____D () C:\Users\SchanDam\AppData\Local\VirtualStore
2014-10-05 20:12 - 2013-10-31 20:35 - 00000000 ____D () C:\Users\SchanDam
2014-10-05 19:49 - 2014-03-11 19:33 - 00000000 ____D () C:\Users\SchanDam\AppData\Roaming\TS3Client
2014-10-05 19:39 - 2013-12-22 14:28 - 00000000 ____D () C:\Users\SchanDam\AppData\Local\Battle.net
2014-10-05 05:31 - 2013-11-06 03:36 - 00007629 _____ () C:\Users\SchanDam\AppData\Local\Resmon.ResmonCfg
2014-10-05 02:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Vss
2014-10-05 01:20 - 2013-11-01 01:06 - 00000000 ____D () C:\Users\SchanDam\AppData\Local\Skyrim
2014-10-02 21:55 - 2013-12-22 14:28 - 00000000 ____D () C:\Program Files\Battle.net
2014-10-02 19:22 - 2014-02-05 18:45 - 00000000 ____D () C:\Users\SchanDam\Documents\SimCity 4
2014-10-02 11:52 - 2013-12-22 14:28 - 00000000 ____D () C:\Users\SchanDam\AppData\Roaming\Battle.net
2014-10-02 07:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-10-01 16:09 - 2013-10-31 22:36 - 00000000 ____D () C:\Users\SchanDam\AppData\Local\NVIDIA
2014-10-01 16:08 - 2013-10-31 21:11 - 00000000 ____D () C:\Users\SchanDam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-01 16:08 - 2013-10-31 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-01 16:08 - 2013-10-31 21:11 - 00000000 ____D () C:\Program Files\WinRAR
2014-10-01 16:07 - 2013-10-31 22:29 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-10-01 16:04 - 2013-10-31 22:21 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-10-01 15:59 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help
2014-10-01 15:35 - 2014-05-16 17:29 - 00000000 ____D () C:\Users\SchanDam\AppData\Roaming\TeamViewer
2014-10-01 15:35 - 2013-11-02 22:42 - 00000000 ____D () C:\Windows\Minidump
2014-10-01 15:35 - 2010-09-15 11:03 - 00000000 ____D () C:\Windows\Panther
2014-10-01 15:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-29 22:11 - 2013-11-29 19:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-28 23:25 - 2013-10-31 21:32 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-09-28 22:03 - 2013-10-31 21:44 - 00000000 ____D () C:\Users\SchanDam\AppData\Local\Windows Live
2014-09-27 20:46 - 2010-09-15 10:19 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-26 10:56 - 2014-04-22 19:38 - 00000000 ____D () C:\Users\SchanDam\AppData\Roaming\SoftGrid Client
2014-09-24 15:34 - 2013-12-22 14:30 - 00000000 ____D () C:\Program Files\Diablo III
2014-09-23 15:13 - 2014-02-26 22:09 - 00000000 ____D () C:\Program Files\Hearthstone
2014-09-23 01:52 - 2013-11-01 01:05 - 00000000 ____D () C:\Users\SchanDam\Documents\My Games
2014-09-20 17:41 - 2014-06-26 20:37 - 00000000 ____D () C:\Users\SchanDam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-17 11:31 - 2014-03-09 14:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-15 09:06 - 2010-09-15 10:16 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-12 15:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-12 01:12 - 2013-11-06 18:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 01:06 - 2010-09-15 10:26 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 14:31 - 2014-06-26 17:55 - 00495616 ___SH () C:\Users\SchanDam\Desktop\Thumbs.db
2014-09-11 14:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-09-10 18:20 - 2013-10-31 21:22 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 18:20 - 2013-10-31 21:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-06 22:38 - 2014-02-14 13:37 - 00000000 ____D () C:\Users\SchanDam\AppData\Local\My Games
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-26 07:24
==================== End Of Log ============================
FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-10-2014
Ran by SchanDam at 2014-10-05 21:42:53
Running from C:\Users\SchanDam\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
Call of Duty 4: Modern Warfare (HKLM\...\Steam App 7940) (Version: - Infinity Ward)
Command & Conquer Die ersten 10 Jahre (HKLM\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}) (Version: 1.00.0000 - Electronic Arts)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Creation Kit (HKLM\...\Steam App 202480) (Version: - bgs.bethsoft.com)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM\...\Steam App 221100) (Version: - Bohemia Interactive)
Dead Island (HKLM\...\Steam App 91310) (Version: - Techland)
Diablo II (HKLM\...\Diablo II) (Version: - Blizzard Entertainment)
Diablo III (HKLM\...\Diablo III) (Version: - Blizzard Entertainment)
Dragon Age: Origins - Ultimate Edition (HKLM\...\Steam App 47810) (Version: - BioWare)
Fallout 3 - Game of the Year Edition (HKLM\...\Steam App 22370) (Version: - Bethesda Game Studios)
Far Cry® 3 (HKLM\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FINAL FANTASY VIII (HKLM\...\Steam App 39150) (Version: - SQUARE ENIX)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.43.806 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.43.806 - DVDVideoSoft Ltd.)
Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
Magicka (HKLM\...\Steam App 42910) (Version: - Arrowhead Game Studios)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
M-Audio FastTrackPro Driver 6.0.7 (x86) (HKLM\...\{6D55C2B4-023C-11E0-9D76-1DA1DFD72085}) (Version: 6.0.7 - M-Audio)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.2 - Black Tree Gaming)
NVIDIA 3D Vision Controller-Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden
NVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden
PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - 2K Games, Inc.)
SimCity 4 Deluxe (HKLM\...\Steam App 24780) (Version: - EA - Maxis)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Space Run (HKLM\...\Steam App 275670) (Version: - Passtech Games)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
Trials Evolution Gold Edition (HKLM\...\Steam App 220160) (Version: - Redlynx Ltd)
Tt eSPORTS Level 10 M (HKLM\...\{F1D9C0F0-EA26-46E3-8FFB-9644462E8615}) (Version: 1.0.0 - Tt eSPORTS)
Tunngle beta (HKLM\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)
Unepic (HKLM\...\Steam App 233980) (Version: - Francisco Téllez de Meneses)
Uplay (HKLM\...\Uplay) (Version: 2.0 - Ubisoft)
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 5.11 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warcraft (HKLM\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1157352705-3489334921-3881099159-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
==================== Restore Points =========================
03-10-2014 17:37:14 Geplanter Prüfpunkt
04-10-2014 23:01:00 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {6D7173D4-1176-40B4-BFC5-B353E43DC49C} - System32\Tasks\{CF31A4E8-9B0E-4289-A693-4B4CDF365D5D} => Firefox.exe hxxp://ui.skype.com/ui/0/6.18.0.106/de/abandoninstall?page=tsProgressBar
Task: {848E321B-8853-41A7-8A34-DA5CDF2AFEE9} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8A008635-AFD2-4915-B78B-D18E471A8CE4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-21] (AVAST Software)
Task: {DF1319CC-D285-43EA-B7D1-46C50C916E0D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-07-21 11:01 - 2014-07-21 11:01 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-05 11:39 - 2014-10-05 11:39 - 02859008 _____ () C:\Program Files\AVAST Software\Avast\defs\14100500\algo.dll
2014-02-14 11:13 - 2014-02-14 11:13 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-10-01 15:59 - 2014-09-13 23:06 - 00106824 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-07-21 11:01 - 2014-07-21 11:01 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-01 01:22 - 2012-12-27 18:36 - 01343488 _____ () C:\Program Files\Tt eSPORTS\Tt eSPORTS Level 10 M\L10MOsd.dll
2014-09-25 04:58 - 2014-09-25 04:58 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-08-29 11:17 - 2014-08-21 20:15 - 01171456 _____ () C:\Program Files\Steam\libavcodec-56.dll
2014-08-29 11:17 - 2014-08-21 20:15 - 00442368 _____ () C:\Program Files\Steam\libavutil-54.dll
2014-08-29 11:17 - 2014-08-21 20:15 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll
2013-10-24 10:45 - 2014-09-03 21:28 - 00774656 _____ () C:\Program Files\Steam\SDL2.dll
2014-05-24 12:55 - 2014-09-23 06:32 - 02226880 _____ () C:\Program Files\Steam\video.dll
2014-08-29 11:17 - 2014-08-21 20:15 - 00403968 _____ () C:\Program Files\Steam\libavformat-56.dll
2014-08-29 11:17 - 2014-08-21 20:15 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll
2013-10-30 12:25 - 2014-09-23 06:32 - 00679616 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
2013-10-23 13:07 - 2014-09-05 01:29 - 34589376 _____ () C:\Program Files\Steam\bin\libcef.dll
2014-08-15 12:12 - 2014-09-05 01:29 - 00837824 _____ () C:\Program Files\Steam\bin\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: M-Audio Taskbar Icon => C:\Windows\system32\M-AudioTaskBarIcon.exe
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
========================= Accounts: ==========================
Administrator (S-1-5-21-1157352705-3489334921-3881099159-500 - Administrator - Disabled)
Gast (S-1-5-21-1157352705-3489334921-3881099159-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1157352705-3489334921-3881099159-1004 - Limited - Enabled)
SchanDam (S-1-5-21-1157352705-3489334921-3881099159-1000 - Administrator - Enabled) => C:\Users\SchanDam
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (10/05/2014 09:14:41 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 05.10.2014 um 21:13:43 unerwartet heruntergefahren.
Error: (10/05/2014 08:33:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 05.10.2014 um 20:32:41 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz
Percentage of memory in use: 47%
Total physical RAM: 3327.24 MB
Available physical RAM: 1761.98 MB
Total Pagefile: 6652.77 MB
Available Pagefile: 4883.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.26 MB
==================== Drives ================================
Drive b: (System) (Fixed) (Total:2 GB) (Free:1.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive c: () (Fixed) (Total:463.75 GB) (Free:220.81 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8BDCBB5D)
Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=463.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-05 22:25:28
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD502HI rev.1AG01118 465,76GB
Running: qdt835n2.exe; Driver: C:\Users\SchanDam\AppData\Local\Temp\pxldapow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8FE3FBA6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8FE40684]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x8FE4C6F8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8FE4C744]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8FE4C8DE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x8FE4C666]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x8FEF6DF0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8FE4C6AE]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x8FEF7080]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x8FEF716A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x8FE4C898]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8FE41472]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8FE3FC0C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8FE44C68]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x8FE3F7F8]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8FEF6ED0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8FE3FC72]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8FE4505E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8FE41F5A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x8FE4C722]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8FE4C766]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8FE4C902]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x8FE4C68C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x8FE44560]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x8FE4C816]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8FE4C6D6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x8FE4494C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x8FE4C8BC]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8FEF6C6E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x8FE41DCE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8FE41ADC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8FE3FCD8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8FE3FD3E]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x8FEF6FCC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8FE3F892]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8FE3FA64]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8FE3F9F2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8FE4163C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x8FE4179E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8FE3FAEC]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x8FEF6D3C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x8FE412CC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x8FE3FDA4]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x8FEF6BA0]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 8228BA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 822C5212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 822CC460 4 Bytes [A6, FB, E3, 8F] {CMPSB ; STI ; JECXZ 0xffffff93}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 822CC4E8 4 Bytes [84, 06, E4, 8F] {TEST [ESI], AL; IN AL, 0x8f}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 822CC53C 8 Bytes [F8, C6, E4, 8F, 44, C7, E4, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 822CC548 4 Bytes [DE, C8, E4, 8F] {FMULP ST0, ST0; IN AL, 0x8f}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 822CC564 4 Bytes [66, C6, E4, 8F]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 824874EF 4 Bytes CALL 8FE42641 \SystemRoot\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 824A1357 4 Bytes CALL 8FE42657 \SystemRoot\system32\drivers\aswSnx.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[420] kernel32.dll!GetBinaryTypeW + 70 76466AAC 1 Byte [62]
.text C:\Windows\system32\wininit.exe[496] kernel32.dll!GetBinaryTypeW + 70 76466AAC 1 Byte [62]
.text C:\Windows\system32\csrss.exe[504] kernel32.dll!GetBinaryTypeW + 70 76466AAC 1 Byte [62]
.text C:\Windows\system32\services.exe[544] kernel32.dll!GetBinaryTypeW + 70 76466AAC 1 Byte [62]
.text C:\Windows\system32\lsass.exe[572] kernel32.dll!GetBinaryTypeW + 70 76466AAC 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1392] kernel32.dll!SetUnhandledExceptionFilter 7644F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1392] kernel32.dll!GetBinaryTypeW + 70 76466AAC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1408] kernel32.dll!GetBinaryTypeW + 70 76466AAC 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1548] kernel32.dll!GetBinaryTypeW + 70 76466AAC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1584] kernel32.dll!GetBinaryTypeW + 70 76466AAC 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1704] kernel32.dll!GetBinaryTypeW + 70 76466AAC 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3900] kernel32.dll!SetUnhandledExceptionFilter 7644F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3900] kernel32.dll!GetBinaryTypeW + 70 76466AAC 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3928] kernel32.dll!GetBinaryTypeW + 70 76466AAC 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[3936] kernel32.dll!GetBinaryTypeW + 70 76466AAC 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[4088] kernel32.dll!GetBinaryTypeW + 70 76466AAC 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[4132] kernel32.dll!GetBinaryTypeW + 70 76466AAC 1 Byte [62]
.text ...
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4A6CA67-C9F7-42A8-8BF2-364EE6B9833E}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4A6CA67-C9F7-42A8-8BF2-364EE6B9833E}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4A6CA67-C9F7-42A8-8BF2-364EE6B9833E}@Path \Microsoft\Windows Defender\MP Scheduled Scan
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4A6CA67-C9F7-42A8-8BF2-364EE6B9833E}@Hash 0xAF 0xF0 0x26 0xC5 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4A6CA67-C9F7-42A8-8BF2-364EE6B9833E}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4A6CA67-C9F7-42A8-8BF2-364EE6B9833E}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id {F4A6CA67-C9F7-42A8-8BF2-364EE6B9833E}
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{FFE7D2B8-4259-11E3-8338-806E6F6E6963} 2549497592
---- EOF - GMER 2.1 ----
Geändert von SchanDam (05.10.2014 um 21:38 Uhr) |
|
06.10.2014, 07:30
| #2 |
| /// the machine /// TB-Ausbilder    | Zu hohe Systemauslastung im Leerlauf, Unangekündigtes Herunterfahren! hi,
__________________ProcessExplorer als Ersatz für den Windows Taskmanager installieren Lade Dir den Process Explorer als Ersatz für den Taskmanager herunter und installiere ihn, hier findest Du eine Anleitung. Das ist ein wesentlich leistungsfähigerer Ersatz für den Windows-Taskmanager. Im Menü unter "Options" kannst Du den ProcessExplorer dauerhaft als Ersatz für den Taskmanager einrichten (Replace Taskmanager). Das ist sehr empfehlenswert, weil der ProcessExplorer erheblich mehr Funktionen als der Taskmanager hat. Wenn Du diese Einstellung gemacht hast, öffnet sich mit der Tastenkombination STRG + ALT + Entf. nicht mehr der Taskmanager, sondern der ProcessExplorer. Das kann jederzeit durch Abhaken dieser Einstellung wieder rückgängig gemacht werden. Was wir jetzt konkret brauchen: In jeder Zeile steht ein Prozess, ein paar der Zeilen sind keine richtigen Prozesse, sondern nur Pseudoprozesse für die Tätigkeit des Windos-Kernels. Im Menü View => Select Columns wird ein Dialog geöffnet, in dem Du auswählen kannst, welche Spalten mit Informationen zu den Prozessen angezeigt werden sollen. In dem gehe in das Register "Process Performance" und stelle sicher, dass dort "CPU Usage" angehakt ist, "CPU History" wäre ebenfalls sinnvoll. Unter "CPU Usage" wird der aktuelle Wert der Prozessorauslastung für jeden Prozess angezeigt (im Tabellentitel steht nur kurz "CPU"), "CPU History" blendet für jeden Prozess ein Diagramm ein, das eine Kurve mit der Prozessorauslastung für die letzte Zeit anzeigt. Damit sollte es Dir möglich sein, zu identifizieren, welcher Prozess Deine CPU in Trab hält. Mache einen Doppelklick auf den Prozess. Du kannst von dem ganzen auch einen Screenshot machen und ihn als Anhang mit Deiner Antwort hochladen (auf "Erweitert" unter dem Textfeld klicken und über "Anhänge verwalten" auf Deinem Rechner suchen lassen und über "Hochladen" anhängen).
__________________ |
|
07.10.2014, 21:58
| #3 |
| | Zu hohe Systemauslastung im Leerlauf, Unangekündigtes Herunterfahren! Hallo Schrauber,
__________________danke das du dich meiner Probleme annimmst! Seit gestern ging nichts mehr. Das System war elendig langsam und sobald ich das Startmenü öffnete, wurde mir gesagt das mein Explorer nicht reagiert, konnte ich aber mit dem "chkdsk" Befehl lösen. Jetzt läuft alles einigermaßen Stabil, hatte zwar noch einen Shutdown, weiss aber nicht warum. Kannst du mir sagen, falls Windows eine Logfile bzgl. dieses Shutdowns erstellt, wo diese liegt? Leider ist das mit der CPU Auslastung ein sporadisches Problem, somit auch nicht immer vorhanden, bzw. reproduzierbar. Soweit ich aber feststellen konnte, könnte es mit dem "System Idle Process" zusammenhängen. Kannst du über das BEX Problem auch was sagen? Hier jedenfalls der Anhang. Danke! EDIT: anderes png hochgeladen. Geändert von SchanDam (07.10.2014 um 22:04 Uhr) |
|
08.10.2014, 13:02
| #4 | |
| /// the machine /// TB-Ausbilder | Zu hohe Systemauslastung im Leerlauf, Unangekündigtes Herunterfahren! System Idle ist der Leerlauf, der muss Hoch sein. Zitat:
 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.10.2014, 07:27
| #5 |
| | Zu hohe Systemauslastung im Leerlauf, Unangekündigtes Herunterfahren! Hallo schrauber, vielen dank für deine hilfe! Nach unzähligen shutdowns hab ich mir eine neue kiste bestellt. Hatte jedenfalls noch eine fehlermeldung die meine festplatte betraff, was irgendwo auch logisch war, da sich der explorer am ende immer wieder beendete.. Nochmals vielen Dank! |
|
14.10.2014, 20:17
| #6 |
| /// the machine /// TB-Ausbilder | Zu hohe Systemauslastung im Leerlauf, Unangekündigtes Herunterfahren! ok
__________________ --> Zu hohe Systemauslastung im Leerlauf, Unangekündigtes Herunterfahren! |
|
| Themen zu Zu hohe Systemauslastung im Leerlauf, Unangekündigtes Herunterfahren! |
| adobe, adware, antivirus, askbar, browser, converter, defender, desktop, dvdvideosoft ltd., fehlermeldung, firefox, flash player, hijack, home, homepage, launch, mozilla, mp3, registry, rundll, scan, security, services.exe, sierra, software, svchost.exe, system, taskmanager, windows |
Linear-Darstellung
