| |
| |||||||
Log-Analyse und Auswertung: Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und SpeicherlastWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.01.2015, 19:42
| #1 |
| |  Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast Guten Abend, Der befallene Rechner zeigte folgende Symptome: Als ich gerufen wurde, war es nicht möglich Programme zu starten. Es stand von AVast eine Meldung auf dem Bildschirm, dass verschiedene Programme in Quarantäne verschoben worden seien. Eingaben in AVAST waren jedoch möglich, ferner war zuvor ein Update der Virusdefinitionen durchgeführt. Allerdings war die Programmversion veraltet. Ein Update des AV Programmes war jedoch möglich. Nach dem Update liess sich der Rechner wieder starten. Ein darauf folgender Scan des Systems ergab kein Ergebnis. Jedoch war die Prozessorlast lt Taskmanager sehr hoch, der Hauptspeicher voll. Beim Windowsstart öffnete sich ein Fenster - irgendwas wollte eine Meldung machen... wie das genau lautete, weiss ich allerdings nicht mehr. Daher habe ich Spybot Search&Destroy ausgeführt, bei dem ein Problem gemeldet wurde, das ich versuchte automatisch lösen zu lassen. Danach schien für's erste das Problem erledigt zu sein, bis beim Useranmeldescreen von Windows plötzlich eine Stimme ertönte, die aus einer Radiosendung zu stammen schien. Eine deutschsprachige Stimme, die etwas von Songcontest babbelte, nach einigen Sekunden war der Spuk erstmal wieder vorbei. Bei manchem Neustart blieb die Prozessorlast unten, bei manchen Programmstart ging sie hoch. Nach Aufruf von Programmen ging die Prozessorlast überproportional hoch, die ausgeführten Programme wurden sehr langsam ausgeführt und der Hauptspeicher wurde immer voller. Ich habe versucht von AVAST ein Logfile zu finden und vermutete es in der APP-Data bei unser, der Inhalt ist aber so gut wie nix: Code:
ATTFilter [0113/141835:ERROR:ipc_channel_win.cc(132)] pipe error: 109
[0113/155221:ERROR:ipc_channel_win.cc(404)] pipe error: 232
[0114/162928:ERROR:ipc_channel_win.cc(404)] pipe error: 232
[0114/174410:ERROR:ipc_channel_win.cc(404)] pipe error: 232
[0114/180035:ERROR:ipc_channel_win.cc(404)] pipe error: 232
[0114/192725:ERROR:ipc_channel_win.cc(132)] pipe error: 109
Von Spybot habe ich keine Logdatei gefunden. FRST.txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by Dominik (administrator) on TROLLINGSARUMAN on 14-01-2015 18:06:53
Running from C:\Users\Dominik\Desktop
Loaded Profile: Dominik (Available profiles: Dominik & TogetherCrazyGaming)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\002\fpvoixdaog32.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Akamai Technologies, Inc.) C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11733648 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8187160 2014-07-28] (Logitech Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-21] (Microsoft Corporation)
Startup: C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Holland - Verknüpfung.lnk
ShortcutTarget: Holland - Verknüpfung.lnk -> (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3362981809-2306697286-120240772-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FlowSurf -> {E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0} -> C:\Program Files\Flowsurf\FlowSurf.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
FireFox:
========
FF ProfilePath: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default
FF Homepage: https://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dominik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\amazon-deu.xml
FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\proxerme.xml
FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\youtube-videosuche.xml
FF Extension: FT DeepDark - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-01-03]
FF Extension: Bluhell Firewall - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-14]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-31]
FF HKLM\...\Firefox\Extensions: [jid1-tofUlNEIFlkUIA@jetpack] - C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll No File
CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File
CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File
CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File
CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File
CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-17]
CHR Extension: (Google Wallet) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]
CHR Extension: (FlowSurf) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn [2014-04-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-09]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-09] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-09] (Avast Software)
S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [93048 2014-06-16] (EasyAntiCheat Ltd)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] ()
R2 fpvoixdaog32; C:\Program Files\002\fpvoixdaog32.exe [541696 2014-04-19] () [File not signed]
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1895760 2014-12-13] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2014-12-02] (LogMeIn, Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] ()
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-04-30] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [998640 2014-12-29] (Overwolf LTD)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2015-01-08] ()
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-09] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-04] (DT Soft Ltd)
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2013-06-25] (Eugene V. Muzychenko)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [39960 2013-05-30] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10252544 2007-03-27] (Sonix Co. Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-01-09] (Avast Software)
S3 WISTechVIDCAP; C:\Windows\System32\drivers\wisgostrm.sys [226816 2006-11-03] (Pinnacle Systems)
S3 musbehco; \??\C:\Users\Dominik\AppData\Local\Temp\musbehco.sys [X]
S3 pmem; \??\C:\Users\Dominik\AppData\Local\Temp\_MEI55962\drivers\winpmem32.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-14 18:06 - 2015-01-14 18:09 - 00019702 _____ () C:\Users\Dominik\Desktop\FRST.txt
2015-01-14 18:06 - 2015-01-14 18:07 - 00000000 ____D () C:\FRST
2015-01-14 18:04 - 2015-01-14 18:05 - 00000476 _____ () C:\Users\Dominik\Desktop\defogger_disable.log
2015-01-14 18:04 - 2015-01-14 18:04 - 00000000 _____ () C:\Users\Dominik\defogger_reenable
2015-01-14 17:52 - 2015-01-14 17:52 - 01115648 _____ (Farbar) C:\Users\Dominik\Desktop\FRST.exe
2015-01-14 17:52 - 2015-01-14 17:52 - 00050477 _____ () C:\Users\Dominik\Desktop\Defogger.exe
2015-01-14 17:50 - 2015-01-14 17:50 - 00380416 _____ () C:\Users\Dominik\Desktop\rz1b2ley.exe
2015-01-14 16:58 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 16:58 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:57 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:57 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:57 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:57 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:27 - 2015-01-14 16:27 - 00000197 _____ () C:\Windows\system32\2015-01-14-15-27-18.023-AvastVBoxSVC.exe-3216.log
2015-01-13 22:35 - 2015-01-13 22:35 - 280280668 ____N () C:\Windows\MEMORY.DMP
2015-01-13 22:35 - 2015-01-13 22:35 - 00160160 _____ () C:\Windows\Minidump\011315-31875-01.dmp
2015-01-13 15:54 - 2015-01-13 15:54 - 00000197 _____ () C:\Windows\system32\2015-01-13-14-54-55.027-AvastVBoxSVC.exe-792.log
2015-01-13 13:57 - 2015-01-13 13:57 - 00000197 _____ () C:\Windows\system32\2015-01-13-12-57-17.013-AvastVBoxSVC.exe-5424.log
2015-01-13 12:57 - 2015-01-14 16:33 - 00000112 _____ () C:\ProgramData\q485uB3.dat
2015-01-13 12:52 - 2015-01-13 12:53 - 00000197 _____ () C:\Windows\system32\2015-01-13-11-52-33.019-AvastVBoxSVC.exe-3616.log
2015-01-12 13:31 - 2015-01-12 13:32 - 00000197 _____ () C:\Windows\system32\2015-01-12-12-31-33.000-AvastVBoxSVC.exe-3368.log
2015-01-11 15:25 - 2015-01-11 15:25 - 00000197 _____ () C:\Windows\system32\2015-01-11-14-25-05.016-AvastVBoxSVC.exe-3124.log
2015-01-11 13:45 - 2015-01-11 13:45 - 00000197 _____ () C:\Windows\system32\2015-01-11-12-45-48.064-AvastVBoxSVC.exe-3404.log
2015-01-11 13:08 - 2015-01-11 13:08 - 00000197 _____ () C:\Windows\system32\2015-01-11-12-08-40.050-AvastVBoxSVC.exe-3532.log
2015-01-11 12:54 - 2009-06-10 22:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150111-125459.backup
2015-01-11 12:20 - 2015-01-11 12:20 - 00000197 _____ () C:\Windows\system32\2015-01-11-11-20-40.098-AvastVBoxSVC.exe-3528.log
2015-01-11 12:14 - 2015-01-11 12:14 - 00000000 ____D () C:\Users\Dominik\Documents\ProcAlyzer Dumps
2015-01-11 12:12 - 2015-01-11 12:12 - 00039561 _____ () C:\Windows\wininit.ini
2015-01-11 11:28 - 2015-01-11 12:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-11 11:28 - 2015-01-11 11:30 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-11 11:28 - 2015-01-11 11:28 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-11 11:28 - 2015-01-11 11:28 - 00002119 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-11 11:28 - 2015-01-11 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-11 11:28 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-01-11 11:26 - 2015-01-11 11:27 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Dominik\Downloads\spybot-2.4.exe
2015-01-11 10:46 - 2015-01-11 10:47 - 00000197 _____ () C:\Windows\system32\2015-01-11-09-46-54.007-AvastVBoxSVC.exe-3012.log
2015-01-10 13:58 - 2015-01-10 13:58 - 00000197 _____ () C:\Windows\system32\2015-01-10-12-58-28.073-AvastVBoxSVC.exe-3244.log
2015-01-10 13:37 - 2015-01-10 13:41 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\Compatibility Verifier
2015-01-09 23:36 - 2015-01-09 23:37 - 00000247 _____ () C:\Windows\system32\2015-01-09-22-36-57.044-aswFe.exe-6088.log
2015-01-09 23:30 - 2015-01-09 23:36 - 00000247 _____ () C:\Windows\system32\2015-01-09-22-30-18.010-aswFe.exe-4644.log
2015-01-09 23:18 - 2015-01-09 23:18 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-09 23:14 - 2015-01-09 23:14 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\AVAST Software
2015-01-09 23:09 - 2015-01-09 23:09 - 00002045 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-09 23:08 - 2015-01-09 23:08 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-09 23:08 - 2015-01-09 23:08 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-09 23:08 - 2015-01-09 23:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-09 23:08 - 2015-01-09 23:08 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-09 22:35 - 2015-01-09 22:49 - 00000000 ____D () C:\Users\Dominik\AppData\Local\FreeFixer
2015-01-09 22:35 - 2015-01-09 22:35 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\FreeFixer
2015-01-09 22:27 - 2015-01-09 22:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-09 22:27 - 2015-01-09 22:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-09 22:25 - 2015-01-14 17:46 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-01-09 22:25 - 2015-01-14 17:46 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2015-01-08 22:02 - 2015-01-08 22:02 - 00087712 _____ () C:\Users\Dominik\Downloads\GLottery-V2.1.8_Beta.zip
2015-01-08 21:59 - 2015-01-08 21:59 - 00451723 _____ () C:\Users\Dominik\Downloads\totalRP3_build_9.zip
2015-01-08 21:58 - 2015-01-08 21:58 - 00073807 _____ () C:\Users\Dominik\Downloads\MyRolePlay_6.0.0.400.zip
2015-01-08 21:57 - 2015-01-08 21:57 - 01327418 _____ () C:\Users\Dominik\Downloads\Outfitter_5.10b8.zip
2015-01-08 21:51 - 2015-01-08 21:51 - 03841803 _____ () C:\Users\Dominik\Downloads\AuctioneerSuite-5.21c.5521.zip
2014-12-24 00:53 - 2014-12-24 00:55 - 00000000 ____D () C:\Users\Dominik\Desktop\Mc Server
2014-12-18 19:27 - 2014-12-19 12:59 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-12-18 15:50 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-15 15:44 - 2014-12-15 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-15 15:44 - 2014-12-15 15:44 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-14 18:06 - 2009-07-14 05:34 - 00024064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 18:06 - 2009-07-14 05:34 - 00024064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 18:04 - 2012-12-31 16:03 - 00000000 ____D () C:\Users\Dominik
2015-01-14 17:56 - 2012-12-31 16:02 - 01947040 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 17:42 - 2014-01-26 21:50 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-14 17:42 - 2014-01-18 03:11 - 00000000 ____D () C:\Users\Dominik\AppData\Local\LogMeIn Hamachi
2015-01-14 17:41 - 2009-07-14 05:39 - 00213554 _____ () C:\Windows\setupact.log
2015-01-14 17:40 - 2013-09-15 08:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-14 17:40 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 17:19 - 2012-12-31 22:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-14 17:17 - 2014-11-27 19:51 - 00000000 ____D () C:\Users\Dominik\AppData\Local\Battle.net
2015-01-14 17:17 - 2013-01-02 21:58 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\TS3Client
2015-01-14 16:40 - 2014-01-26 21:50 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 22:35 - 2013-01-28 01:50 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 22:19 - 2012-12-31 22:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-13 22:19 - 2012-12-31 22:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-11 18:18 - 2013-01-06 04:15 - 00000000 ____D () C:\Users\Dominik\Desktop\Editoren und Player
2015-01-11 12:17 - 2013-01-01 13:03 - 00412990 _____ () C:\Windows\PFRO.log
2015-01-10 01:08 - 2013-11-03 13:53 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\OBS
2015-01-09 23:39 - 2012-12-31 22:22 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-09 23:39 - 2012-12-31 22:22 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-09 23:08 - 2013-06-03 08:43 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-09 23:08 - 2013-06-03 08:43 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-09 23:08 - 2012-12-31 22:22 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-09 23:08 - 2012-12-31 22:22 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-09 23:05 - 2012-12-31 22:21 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-09 23:04 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\system32\config.nt
2015-01-09 22:36 - 2012-12-31 16:04 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 22:26 - 2014-08-30 15:10 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-09 15:11 - 2013-01-03 20:56 - 00000000 ____D () C:\Program Files\Steam
2015-01-08 09:55 - 2012-12-31 16:17 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-08 00:54 - 2013-02-12 11:24 - 00000000 ____D () C:\Users\Dominik\Desktop\Musik
2015-01-05 03:09 - 2014-06-03 15:08 - 00000000 ____D () C:\Program Files\Common Files\Overwolf
2015-01-05 03:09 - 2014-05-25 19:53 - 00000000 ____D () C:\Program Files\Overwolf
2014-12-29 00:26 - 2013-01-02 22:25 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\.minecraft
2014-12-28 14:29 - 2013-01-04 23:37 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\vlc
2014-12-27 22:28 - 2013-01-03 04:28 - 00000000 ____D () C:\Program Files\Warcraft III
2014-12-25 13:00 - 2013-01-13 20:05 - 00000000 ____D () C:\Users\Dominik\Desktop\Spiele
2014-12-23 14:54 - 2013-01-06 04:15 - 00000000 ____D () C:\Users\Dominik\Desktop\Internet
2014-12-22 00:39 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Cursors
2014-12-19 17:44 - 2013-01-13 18:52 - 00000000 ____D () C:\Users\Dominik\AppData\Local\Thunderbird
2014-12-19 12:59 - 2012-12-31 16:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-15 08:48 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
Files to move or delete:
====================
C:\ProgramData\q485uB3.dat
Some content of TEMP:
====================
C:\Users\Dominik\AppData\Local\Temp\_is9C45.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-07 19:22
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 02
Ran by Dominik at 2015-01-14 18:11:17
Running from C:\Users\Dominik\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
ANNO 1404 - Königsedition (HKLM\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft)
Anno 2070 (HKLM\...\Steam App 48240) (Version: - BlueByte)
Artweaver Free 3.1 (HKLM\...\{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1) (Version: 3.1 - Boris Eyrich Software)
Assassin’s Creed Unity (HKLM\...\Steam App 289650) (Version: - Ubisoft)
Assassin's Creed Brotherhood (HKLM\...\Steam App 48190) (Version: - Ubisoft Montreal)
Assassin's Creed II (HKLM\...\Steam App 33230) (Version: - Ubisoft Montreal)
Assassin's Creed Revelations 1.03 (HKLM\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.03 - Ubisoft)
Assassin's Creed(R) III v1.02 (HKLM\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.02 - Ubisoft)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Banished (HKLM\...\Steam App 242920) (Version: - Shining Rock Software LLC)
Bastion (HKLM\...\Steam App 107100) (Version: - Supergiant Games)
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
BurnAware Free 7.2 (HKLM\...\BurnAware Free_is1) (Version: - Burnaware)
Cthulhu Saves the World (HKLM\...\Steam App 107310) (Version: - Zeboyd Games)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Deponia (HKLM\...\Steam App 214340) (Version: - Daedalic Entertainment)
Diablo II (HKLM\...\Diablo II) (Version: - Blizzard Entertainment)
Die Siedler 7 (HKLM\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
Die Siedler IV (HKLM\...\S4Uninst) (Version: - )
Dungeon Defenders (HKLM\...\Steam App 65800) (Version: - )
DVCCap v6.0.1.115 (HKLM\...\DVCCap_is1) (Version: - Paul Yux & AMT STUDIO 717)
Firebird SQL Server - MAGIX Edition (HKLM\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
Fraps (remove only) (HKLM\...\Fraps) (Version: - )
Game Character Hub (HKLM\...\Steam App 292230) (Version: - Sebastien Bini)
Go! Go! Nippon! ~My First Trip to Japan~ (HKLM\...\Steam App 251870) (Version: - OVERDRIVE)
God Mode (HKLM\...\Steam App 227480) (Version: - Old School Games)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM\...\Steam App 12210) (Version: - Rockstar North)
Hammerwatch (HKLM\...\Steam App 239070) (Version: - Crackshell)
Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of Newerth (HKLM\...\hon) (Version: 2.3.0 - S2 Games)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.650 - Oracle)
King's Bounty: Armored Princess (HKLM\...\Steam App 3170) (Version: - Katauri Interactive)
King's Bounty: The Legend (HKLM\...\Steam App 25900) (Version: - 1C Company)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Logitech Gaming Software 8.55 (HKLM\...\Logitech Gaming Software) (Version: 8.55.137 - Logitech Inc.)
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Long Live The Queen (Demo) 1.0 (HKLM\...\Long Live The Queen_is1) (Version: - Hanako Games)
Magic 2014 (HKLM\...\Steam App 213850) (Version: - Stainless Games)
Magical Diary Demo (HKLM\...\Steam App 212140) (Version: - Hanako Games)
Magicka (HKLM\...\Steam App 42910) (Version: - Arrowhead Game Studios AB)
Magicka: Wizard Wars (HKLM\...\Steam App 202090) (Version: - Paradox North)
Magicka: Wizards of the Square Tablet (HKLM\...\Steam App 247580) (Version: - Ludosity)
MAGIX Screenshare (HKLM\...\{4696FD4A-A0DF-4F84-BC9D-12D73E1D95D3}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM\...\{58503E1E-09E6-400C-A44C-3822D7559794}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Video deluxe MX Premium Download-Version (HKLM\...\MAGIX_MSI_Videodeluxe18_premium) (Version: 11.0.1.4 - MAGIX AG)
MAGIX Video deluxe MX Premium Download-Version (Version: 11.0.1.4 - MAGIX AG) Hidden
Metro 2033 (HKLM\...\Steam App 43110) (Version: - 4A Games)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 34.0 (x86 de) (HKLM\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Napster 5 Beta (HKLM\...\com.Rhapsody.Napster5) (Version: 1.0.65 - Rhapsody International, Inc)
Napster 5 Beta (Version: 1.0.65 - Rhapsody International, Inc) Hidden
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9713 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Oblivion (HKLM\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenOffice 4.0.0 (HKLM\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
osu! (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Overwolf (HKLM\...\Overwolf) (Version: 0.82.103.0 - Overwolf Ltd.)
Pinball FX2 (HKLM\...\Steam App 226980) (Version: - )
Pinnacle Systems USB-2 Device Drivers (HKLM\...\{9870C7AE-7C6A-478D-9A75-35827382220F}) (Version: 2.00.0014 - Pinnacle Systems)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Retro City Rampage™ (HKLM\...\Steam App 204630) (Version: - Vblank Entertainment, Inc.)
rFactor2 (HKLM\...\rFactor2) (Version: - )
Rise of Nations: Extended Edition (HKLM\...\Steam App 287450) (Version: - SkyBox Labs)
Risen (HKLM\...\Steam App 40300) (Version: - Piranha – Bytes )
Rogue Legacy (HKLM\...\Steam App 241600) (Version: - Cellar Door Games)
RPG Maker VX Ace (HKLM\...\Steam App 220700) (Version: - Enterbrain)
RPG Tycoon (HKLM\...\Steam App 314240) (Version: - Skatanic Studios)
Sacred Citadel (HKLM\...\Steam App 207930) (Version: - Southend)
Saints Row IV (HKLM\...\Steam App 206420) (Version: - Deep Silver Volition)
Saints Row: The Third (HKLM\...\Steam App 55230) (Version: - Volition)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skyborn (HKLM\...\Steam App 278460) (Version: - Dancing Dragon Games)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Trek Online (HKLM\...\Steam App 9900) (Version: - Cryptic Studios)
StarCraft II (HKLM\...\StarCraft II) (Version: 2.0.11.26825 - Blizzard Entertainment)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Meat Boy (HKLM\...\Steam App 40800) (Version: - Team Meat)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Binding of Isaac (HKLM\...\Steam App 113200) (Version: - )
The Binding of Isaac: Rebirth (HKLM\...\Steam App 250900) (Version: - Nicalis, Inc.)
The Elder Scrolls III: Morrowind (HKLM\...\Steam App 22320) (Version: - Bethesda Game Studios®)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Mighty Quest For Epic Loot (HKLM\...\Steam App 239220) (Version: - Ubisoft Montreal)
The Mighty Quest For Epic Loot Version 1.231911 (HKLM\...\The Mighty Quest For Epic Loot_is1) (Version: 1.231911 - )
Thief - Deadly Shadows Demo (HKLM\...\{EB3CEC18-A1C4-4909-8FE2-0C30D7A07E32}) (Version: 1.0 - )
Thief (HKLM\...\Steam App 239160) (Version: - Eidos-Montréal)
TmNationsForever (HKLM\...\TmNationsForever_is1) (Version: - Nadeo)
To the Moon (HKLM\...\Steam App 206440) (Version: - Freebird Games)
Tom Clancy's Splinter Cell Blacklist (HKLM\...\Steam App 235600) (Version: - Ubisoft Toronto)
Total War: SHOGUN 2 (HKLM\...\Steam App 34330) (Version: - The Creative Assembly)
TrackMania² Stadium (HKLM\...\Steam App 232910) (Version: - Nadeo)
Trine (HKLM\...\Steam App 35700) (Version: - Frozenbyte)
Trine 2 (HKLM\...\Steam App 35720) (Version: - Frozenbyte)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity (HKLM\...\Unity) (Version: 4.6.0f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)
Uplay (HKLM\...\Uplay) (Version: 4.8 - Ubisoft)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - )
Visual Pinball (HKLM\...\{B36C4994-A563-4339-8754-CCCE51314A4C}) (Version: 0.0.4.1226 - Randy Davis)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Warcraft III (HKLM\...\Warcraft III) (Version: - Blizzard Entertainment)
Winamp (HKLM\...\Winamp) (Version: 5.64 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
World of Warcraft (HKLM\...\World of Warcraft) (Version: - Blizzard Entertainment)
Worms Armageddon (HKLM\...\Steam App 217200) (Version: - Team17 Digital Ltd.)
XCOM: Enemy Unknown (HKLM\...\Steam App 200510) (Version: - Firaxis Games)
YTD Video Downloader 4.8.4 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.4 - GreenTree Applications SRL) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3362981809-2306697286-120240772-1001_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-3362981809-2306697286-120240772-1001_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CustomCLSID: HKU\S-1-5-21-3362981809-2306697286-120240772-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Dominik\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3362981809-2306697286-120240772-1001_Classes\CLSID\{cb4c77f0-ab2a-407c-93ac-963769824b18}\localserver32 -> C:\Users\Dominik\AppData\Local\Temp\{b3ede298-ae75-4a1c-ab7e-1b9229b77bbe}\IDriver.NonElevated.exe N (the data entry has 6 more characters).
==================== Restore Points =========================
31-12-2014 20:34:26 Windows Update
06-01-2015 13:43:35 Windows Update
09-01-2015 14:54:02 Windows Update
09-01-2015 22:26:14 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
09-01-2015 23:05:32 avast! antivirus system restore point
09-01-2015 23:09:43 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 13:39:17 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
11-01-2015 10:48:32 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
11-01-2015 13:06:51 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
11-01-2015 13:43:56 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
13-01-2015 13:11:26 Windows Update
14-01-2015 17:18:47 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2015-01-11 12:54 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0768A1E0-41CE-4643-85AD-1897F77A120A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {08A72CAE-6D23-45FE-A3EC-BFA13BBC906F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-09] (AVAST Software)
Task: {204987F5-B8E0-4E72-B84F-9643F258CA16} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {56EE9C2F-1A20-4C42-A060-1831B86118F0} - System32\Tasks\{88C6F5F5-D66E-4456-B7C6-5EF147235624} => pcalua.exe -a "C:\Users\Dominik\Downloads\Stormblade Downloader.exe" -d C:\Users\Dominik\Downloads
Task: {5B1D0D1B-ECF4-4CCA-BA23-E6FA39C4124E} - System32\Tasks\RegistryDr_Popup => C:\Program Files\Registry Dr\Splash.exe <==== ATTENTION
Task: {8120F440-FB53-4E47-8369-E2EA6DDD563B} - System32\Tasks\RegistryDr_Start => C:\Program Files\Registry Dr\RegistryDr.exe <==== ATTENTION
Task: {8635CD0C-761A-49DE-A267-817A203A1F4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-26] (Google Inc.)
Task: {A75CD619-D881-4C5E-AD61-1AE83CAEBF6F} - System32\Tasks\Overwolf Updater Task => C:\Program Files\Overwolf\OverwolfUpdater.exe [2014-12-29] (Overwolf LTD)
Task: {B30D3AC0-6A9A-4CF8-A15F-BDFD9FEEA06C} - System32\Tasks\{E64B25C8-2FFF-40AC-BCE4-043AEE38812E} => pcalua.exe -a c:\users\dominik\appdata\local\lollipop\lollipop_04192128.bat
Task: {B8A287EB-3876-4EDB-8526-2994F63AC4C1} - System32\Tasks\fsupdate => C:\Program <==== ATTENTION
Task: {D464CBEB-AF6F-4A87-A11B-EBFBB09E99F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-26] (Google Inc.)
Task: {DA5663E5-7977-4356-AE17-01F32F8A7477} - System32\Tasks\{660B291F-42C2-49CA-AFEC-831BB43B7AB2} => pcalua.exe -a D:\setup.exe -d D:\
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2015-01-14 16:27 - 2015-01-14 16:27 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011400\algo.dll
2015-01-09 23:08 - 2015-01-09 23:08 - 02151544 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxVMM.dll
2015-01-09 23:08 - 2015-01-09 23:08 - 00021488 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM.dll
2015-01-09 23:08 - 2015-01-09 23:08 - 04474224 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-04-19 04:09 - 2014-04-19 04:09 - 00541696 _____ () C:\Program Files\002\fpvoixdaog32.exe
2015-01-11 11:28 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-11 11:28 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-11 11:28 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-11 11:28 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-11 11:28 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-01-09 22:25 - 2015-01-08 20:58 - 00087208 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
2012-12-31 17:08 - 2010-01-21 01:52 - 00370792 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2012-12-31 17:08 - 2010-01-21 01:51 - 00062568 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2012-12-31 17:08 - 2010-01-21 01:52 - 00565864 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2012-12-31 17:08 - 2010-01-21 01:52 - 00167528 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2015-01-09 23:08 - 2015-01-09 23:08 - 00317632 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2013-09-15 08:58 - 2014-05-20 01:04 - 00106840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-07-28 19:34 - 2014-07-28 19:34 - 00719128 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-28 19:37 - 2014-07-28 19:37 - 00850712 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-28 19:34 - 2014-07-28 19:34 - 00049432 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-28 19:37 - 2014-07-28 19:37 - 00249112 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-01-09 23:08 - 2015-01-09 23:08 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-02 09:40 - 2014-12-02 09:40 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-01-09 22:25 - 2015-01-08 21:51 - 51252392 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
2015-01-09 22:25 - 2015-01-07 22:22 - 01360552 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libglesv2.dll
2015-01-09 22:25 - 2015-01-07 22:22 - 00214184 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libegl.dll
2015-01-09 22:25 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll
2015-01-09 22:25 - 2015-01-07 22:22 - 16827048 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Verifies and fixes application compatibility issues => 2
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Overwolf => C:\Program Files\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: snpstd3 => C:\Windows\vsnpstd3.exe
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TrayServer => C:\Program Files\MAGIX\Video_deluxe_MX_Premium_Download-Version\TrayServer_de.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-3362981809-2306697286-120240772-500 - Administrator - Disabled)
Dominik (S-1-5-21-3362981809-2306697286-120240772-1001 - Administrator - Enabled) => C:\Users\Dominik
Gast (S-1-5-21-3362981809-2306697286-120240772-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3362981809-2306697286-120240772-1002 - Limited - Enabled)
TogetherCrazyGaming (S-1-5-21-3362981809-2306697286-120240772-1062 - Limited - Enabled) => C:\Users\TogetherCrazyGaming
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/14/2015 05:23:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT)" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Vorgang:
Für die Sicherung initialisieren
Error: (01/14/2015 05:09:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1e4
ID des fehlerhaften Prozesses: 0x968
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3
Error: (01/14/2015 04:43:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7601.18409, Zeitstempel: 0x531599f5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004c40d
ID des fehlerhaften Prozesses: 0x1a84
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Error: (01/14/2015 04:42:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x19c8
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Error: (01/13/2015 04:48:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1e4
ID des fehlerhaften Prozesses: 0xff4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3
Error: (01/13/2015 04:27:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1e4
ID des fehlerhaften Prozesses: 0x158c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3
Error: (01/13/2015 04:00:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1e4
ID des fehlerhaften Prozesses: 0xda8
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3
Error: (01/13/2015 03:11:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1e4
ID des fehlerhaften Prozesses: 0x1844
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3
Error: (01/13/2015 02:37:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1e4
ID des fehlerhaften Prozesses: 0x4f4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3
Error: (01/13/2015 02:24:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1e4
ID des fehlerhaften Prozesses: 0x948
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3
System errors:
=============
Error: (01/14/2015 05:49:00 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (01/14/2015 05:09:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/13/2015 10:35:57 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000001 (0x8366e017, 0x00000000, 0x0000ffff, 0x00000000)C:\Windows\MEMORY.DMP011315-31875-01
Error: (01/13/2015 10:35:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 13.01.2015 um 22:34:14 unerwartet heruntergefahren.
Error: (01/13/2015 04:48:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (01/13/2015 04:28:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/13/2015 04:00:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/13/2015 03:51:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/13/2015 03:51:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.
Error: (01/13/2015 03:51:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (01/14/2015 05:23:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT)0x8007045b, Der Computer wird heruntergefahren.
Vorgang:
Für die Sicherung initialisieren
Error: (01/14/2015 05:09:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000050004b1e496801d0300e8ea3d58cC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dllb5569ba7-9c07-11e4-a0ef-0024211da932
Error: (01/14/2015 04:43:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124kernel32.dll6.1.7601.18409531599f5c00000050004c40d1a8401d030102c75d9feC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Windows\system32\kernel32.dll0ada249d-9c04-11e4-a0ef-0024211da932
Error: (01/14/2015 04:42:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124unknown0.0.0.000000000c00000050000000019c801d030102322d5a3C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeunknownfca5d00a-9c03-11e4-a0ef-0024211da932
Error: (01/13/2015 04:48:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000050004b1e4ff401d02f45abc56640C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll8e92db19-9b3b-11e4-9904-0024211da932
Error: (01/13/2015 04:27:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000050004b1e4158c01d02f41d62d226aC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dllbdb2ae14-9b38-11e4-9904-0024211da932
Error: (01/13/2015 04:00:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000050004b1e4da801d02f405f9e196bC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dlle6811482-9b34-11e4-9904-0024211da932
Error: (01/13/2015 03:11:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000050004b1e4184401d02f3652e5acfaC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll17b6e725-9b2e-11e4-af94-0024211da932
Error: (01/13/2015 02:37:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000050004b1e44f401d02f348867c31dC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll4ca149e2-9b29-11e4-af94-0024211da932
Error: (01/13/2015 02:24:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000050004b1e494801d02f331a7bc2e6C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll8134f4de-9b27-11e4-af94-0024211da932
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
Percentage of memory in use: 82%
Total physical RAM: 3071.18 MB
Available physical RAM: 522.23 MB
Total Pagefile: 5117.47 MB
Available Pagefile: 2029.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.57 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:102.1 GB) NTFS
Drive s: (Volume) (Fixed) (Total:1862.89 GB) (Free:869.27 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 80E52B34)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-14 18:43:21
Windows 6.1.7601 Service Pack 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD3200AAJS-00L7A0 rev.01.03E01 298,09GB
Running: rz1b2ley.exe; Driver: C:\Users\Dominik\AppData\Local\Temp\fwryrkog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x910B5AC4]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x911710BA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x910B65A2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x910C263C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x910C2688]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x910C2822]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x910C25AA]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x91171494]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x910C25F2]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x91171724]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x9117180E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x910C27DC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x910B7390]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x910B5B2A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x910BAB86]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x910B5716]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x91171574]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x910B5B90]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x910BAF7C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x910B7E78]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x910C2666]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x910C26AA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x910C2846]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x910C25D0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x910BA47E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x910C275A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x910C261A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x910BA86A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x910C2800]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x91171312]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x910B7CEC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x910B79FA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x910B5BF6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x910B5C5C]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x91171670]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x910B57B0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x910B5982]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x910B5910]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x910B755A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x910B76BC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x910B5A0A]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x911713E0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x910B71EA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x910B5CC2]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x91171244]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRequestWaitReplyPort + 14A5 83483A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834BD372 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 834C45C0 4 Bytes [C4, 5A, 0B, 91] {LES EBX, [EDX+0xb]; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 834C45E8 4 Bytes [BA, 10, 17, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 834C4648 4 Bytes [A2, 65, 0B, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 834C469C 8 Bytes [3C, 26, 0C, 91, 88, 26, 0C, ...] {CMP AL, 0x26; OR AL, 0x91; MOV [ESI], AH; OR AL, 0x91}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 834C46A8 4 Bytes [22, 28, 0C, 91] {AND CH, [EAX]; OR AL, 0x91}
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8367F553 4 Bytes CALL 910B855F \SystemRoot\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 836993BB 4 Bytes CALL 910B8575 \SystemRoot\system32\drivers\aswSnx.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1020] kernel32.dll!SetUnhandledExceptionFilter 75DAF5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1472] kernel32.dll!SetUnhandledExceptionFilter 75DAF5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@9850F976 1000
---- EOF - GMER 2.1 ----
|
| Themen zu Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast |
| akamai, bildschirm, browser, computer, dllhost.exe, downloader, error, failed, firefox, flash player, helper, home, homepage, langsam, launch, logfile, popup, problem, prozessor, realtek, refresh, safer networking, scan, security, sekunden, software, svchost.exe, tablet, taskmanager, teredo, windows |
Baum-Darstellung