| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Webseiten werden auf Russische Werbung umgeleitet.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.04.2015, 13:38
| #1 |
| |  Windows 7: Webseiten werden auf Russische Werbung umgeleitet. Hallo, ich habe seit einigen Tagen das Problem, dass wenn ich im Internet surfe, dass sich auf manchen Seiten, die jetzt nichts besonderes enthalten am oberen Rand des Browsers plötzlich Russische Werbung auftaucht, dort steht dann z.b r.proxyloads.ru wenn ich mit der Maus über die Werbung fahre. Manchmal öffnet sich auch ein Russischer Onlineshop, wenn ich auf Links klicke oder einfach ins leere der Internet Seite klicke. (Die Logfiles von Avast konnte ich nicht finden, aufgrund dessen habe ich ein Bild vom Container beigefügt und hoffe dies ist in Ordnung.) Code:
ATTFilter FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Agando (administrator) on AGANDO-PC on 01-04-2015 12:54:31
Running from C:\Users\Agando\Downloads
Loaded Profiles: Agando (Available profiles: Agando)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
() C:\Program Files (x86)\GameforgeLive\gfl_client.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-22] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:64861;https=127.0.0.1:64861
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3527986853-237272119-1680365976-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://terra.im/
HKU\S-1-5-21-3527986853-237272119-1680365976-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://terra.im/
HKU\S-1-5-21-3527986853-237272119-1680365976-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://terra.im/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3527986853-237272119-1680365976-1000 -> {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = hxxp://terra.im/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-22] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-22] (Avast Software s.r.o.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
FireFox:
========
FF ProfilePath: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\YJ7zULKP.default
FF Homepage: hxxp://terra.im/
FF DefaultSearchEngine: terra.im
FF SelectedSearchEngine: terra.im
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\YJ7zULKP.default\searchplugins\defaultsearch.xml [2015-02-01]
FF Extension: Avira Browser Safety - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\YJ7zULKP.default\Extensions\abs@avira.com [2014-10-21]
FF Extension: Amazon-Icon - C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\YJ7zULKP.default\Extensions\amazon-icon@giga.de [2014-10-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-22]
Chrome:
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-31]
CHR Extension: (Google Docs) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-31]
CHR Extension: (Google Drive) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-31]
CHR Extension: (YouTube) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-31]
CHR Extension: (Google Search) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-31]
CHR Extension: (Google Sheets) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-31]
CHR Extension: (Avast Online Security) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-31]
CHR Extension: (Google Wallet) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-31]
CHR Extension: (WallPepper ВКонтакте) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pepjgkdpkihjnbdaggonbpphlfkbhdli [2015-02-01]
CHR Extension: (Gmail) - C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-22] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-03-22] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-22] (Avast Software)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-20] (Electronic Arts)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-22] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-03-22] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-22] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-03-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-22] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-22] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 scramby; C:\Windows\System32\drivers\scramby.sys [29480 2007-02-13] (RapidSolution Software AG)
S3 scramby_out; C:\Windows\System32\drivers\scramby_out.sys [34336 2007-08-08] (RapidSolution Software AG)
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-22] (Avast Software)
S3 wolfkr; C:\Windows\system32\wolfk64.sys [86352 2014-12-20] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-01 12:54 - 2015-04-01 12:54 - 00018426 _____ () C:\Users\Agando\Downloads\FRST.txt
2015-04-01 12:53 - 2015-04-01 12:54 - 00000000 ____D () C:\FRST
2015-04-01 12:53 - 2015-04-01 12:53 - 02095616 _____ (Farbar) C:\Users\Agando\Downloads\FRST64.exe
2015-04-01 12:52 - 2015-04-01 12:52 - 00000000 _____ () C:\Users\Agando\defogger_reenable
2015-04-01 12:48 - 2015-04-01 12:48 - 00050477 _____ () C:\Users\Agando\Downloads\Defogger (1).exe
2015-04-01 12:45 - 2015-04-01 12:52 - 00000474 _____ () C:\Users\Agando\Downloads\defogger_disable.log
2015-04-01 12:45 - 2015-04-01 12:48 - 00000246 _____ () C:\Users\Agando\Downloads\defogger_enable.log
2015-04-01 12:44 - 2015-04-01 12:44 - 00050477 _____ () C:\Users\Agando\Downloads\Defogger.exe
2015-04-01 12:25 - 2015-04-01 12:25 - 00089546 _____ () C:\Users\Agando\AppData\Local\recently-used.xbel
2015-03-31 14:54 - 2015-03-31 14:54 - 00000000 ____D () C:\Users\Agando\Downloads\Gameforge Live
2015-03-30 18:36 - 2015-03-30 18:36 - 00000000 ____D () C:\ProgramData\<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fdzhojstik_microsoft_xbox_360_controller_s9f-00002.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&im=ODI1LTAtMTQyNzg5MTk3NS0xOTk1NTE2OQ%3D%3D&fid=NDQ1NzU2Nzc1&prdct=34043c0f3d0d&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Controller for Windows" title="Microsoft Xbox 360 Controller for Windows" style="">Microsoft\Windows</a>\Start Menu\Programs\Diablo II
2015-03-30 18:30 - 2015-03-31 23:05 - 00000000 ____D () C:\Diablo II
2015-03-30 18:03 - 2015-03-30 18:17 - 00000000 ____D () C:\Users\Agando\D2LOD-1.12A-deDE
2015-03-30 18:01 - 2015-03-30 18:20 - 00000000 ____D () C:\Users\Agando\D2-1.12A-enGB
2015-03-25 16:50 - 2015-03-25 16:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-25 10:42 - 2015-03-25 10:42 - 00000000 ____D () C:\Users\Agando\AppData\Local\Avg2014
2015-03-24 19:46 - 2015-03-24 19:46 - 00000000 ____D () C:\Users\Agando\Documents\Abelssoft
2015-03-24 08:41 - 2015-03-24 08:41 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\TuneUp Software
2015-03-24 08:41 - 2015-03-24 08:41 - 00000000 ____D () C:\Users\Agando\AppData\Local\TuneUp Software
2015-03-24 08:38 - 2015-03-25 16:48 - 00000000 ____D () C:\Program Files\Image-Line
2015-03-24 08:38 - 2015-03-24 11:05 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Users\Agando\Documents\Image-Line
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\OpenCandy
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Program Files\Common Files\VST2
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Program Files\Common Files\Propellerhead Software
2015-03-24 08:38 - 2015-03-24 08:38 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2015-03-24 08:37 - 2015-03-25 16:48 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fdzhojstik_microsoft_xbox_360_controller_s9f-00002.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&im=ODI1LTAtMTQyNzg5MTk3NS0xMzM3NzY0Mg%3D%3D&fid=NDQ1NzU2Nzc1&prdct=34043c0f3d0d&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Controller for Windows" title="Microsoft Xbox 360 Controller for Windows" style="">Microsoft\Windows</a>\Start Menu\Programs\Image-Line
2015-03-24 08:37 - 2015-03-24 08:37 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2015-03-24 08:31 - 2015-03-24 08:37 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2015-03-23 16:06 - 2015-03-29 19:15 - 00000000 ____D () C:\Temp
2015-03-22 18:59 - 2015-03-22 18:59 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\AVAST Software
2015-03-22 18:56 - 2015-03-22 18:56 - 00001982 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-03-22 18:56 - 2015-03-22 18:56 - 00001922 _____ () C:\Users\Public\Desktop\Avast Premier.lnk
2015-03-22 18:56 - 2015-03-22 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-22 18:54 - 2015-03-24 07:19 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-22 18:54 - 2015-03-22 18:54 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-22 18:54 - 2015-03-22 18:54 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-22 18:54 - 2015-03-22 18:54 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-22 18:54 - 2015-03-22 18:53 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-22 18:54 - 2015-03-22 18:53 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-03-22 18:53 - 2015-03-22 18:53 - 00449896 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-03-22 18:53 - 2015-03-22 18:53 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-22 18:52 - 2015-03-22 18:52 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-22 18:32 - 2015-03-30 21:08 - 00094108 _____ () C:\Windows\PFRO.log
2015-03-22 09:05 - 2015-03-22 09:05 - 00000000 ____D () C:\ProgramData\<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fjoistik-microsoft-xbox-360-wireless-controller-for-windows.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&im=ODI1LTAtMTQyNzg5MTk3NS0xMDY3Mzc5MA%3D%3D&fid=NDQ1NzU2Nzc1&prdct=3a0d3f083104&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Wireless Controller for Windows" title="Microsoft Xbox 360 Wireless Controller for Windows" style="">Microsoft\Windows</a>\Start Menu\Programs\Metin2
2015-03-22 08:57 - 2015-03-22 08:57 - 00001067 _____ () C:\Users\Public\Desktop\Gameforge Live.lnk
2015-03-22 08:57 - 2015-03-22 08:57 - 00000000 ____D () C:\Users\Agando\AppData\Local\Gameforge4d
2015-03-22 08:57 - 2015-03-22 08:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-03-22 08:49 - 2015-03-22 08:49 - 00000000 ____D () C:\Users\Agando\Documents\telltale games
2015-03-22 08:49 - 2015-03-22 08:49 - 00000000 ____D () C:\Users\Agando\Documents\my games
2015-03-21 19:45 - 2015-03-21 19:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-21 11:49 - 2015-03-30 21:44 - 00001335 _____ () C:\Windows\setupact.log
2015-03-21 11:49 - 2015-03-21 11:49 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-21 11:38 - 2015-03-21 11:44 - 00000000 ____D () C:\AdwCleaner
2015-03-21 08:08 - 2015-03-25 17:03 - 00000000 ____D () C:\Users\Agando\AppData\Local\FreeSystemUtilities
2015-03-20 18:17 - 2015-03-20 18:17 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-03-20 18:16 - 2015-03-13 17:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-20 18:13 - 2015-03-13 21:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-20 18:13 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-20 18:13 - 2015-03-13 21:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-14 20:35 - 2015-03-14 22:00 - 00000000 ____D () C:\Users\Agando\AppData\Local\PAYDAY 2
2015-03-11 10:48 - 2015-03-11 10:48 - 00000000 __RHD () C:\MSOCache
2015-03-10 18:22 - 2015-03-10 18:22 - 00000000 _____ () C:\Windows\SysWOW64\sho4835.tmp
2015-03-03 13:52 - 2015-03-03 13:52 - 00000000 ____D () C:\Windows\SysWOW64\䙔䵁
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-01 12:52 - 2014-10-20 12:51 - 00000000 ____D () C:\Users\Agando
2015-04-01 12:39 - 2014-10-21 22:13 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\TS3Client
2015-04-01 12:33 - 2014-12-15 02:00 - 00000000 ____D () C:\Users\Agando\Desktop\Ordner
2015-04-01 12:25 - 2014-11-08 06:29 - 00000000 ____D () C:\Users\Agando\.gimp-2.8
2015-04-01 12:21 - 2014-12-31 11:11 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-01 07:22 - 2014-10-20 12:45 - 01406622 _____ () C:\Windows\WindowsUpdate.log
2015-03-31 18:21 - 2014-12-31 11:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-31 14:53 - 2014-11-09 04:13 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\Audacity
2015-03-30 21:15 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-30 21:15 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-30 21:14 - 2011-04-12 09:43 - 00699542 _____ () C:\Windows\system32\perfh007.dat
2015-03-30 21:14 - 2011-04-12 09:43 - 00149424 _____ () C:\Windows\system32\perfc007.dat
2015-03-30 21:14 - 2009-07-14 07:13 - 01620888 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-30 21:08 - 2014-10-20 13:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-30 21:08 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-30 18:32 - 2014-10-25 02:12 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fjoistik-microsoft-xbox-360-wireless-controller-for-windows.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&im=ODI1LTAtMTQyNzg5MTk3NS0xNjUwMTgzMg%3D%3D&fid=NDQ1NzU2Nzc1&prdct=3a0d3f083104&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Wireless Controller for Windows" title="Microsoft Xbox 360 Wireless Controller for Windows" style="">Microsoft\Windows</a>\Start Menu\Programs\Games
2015-03-28 22:08 - 2014-10-21 15:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-28 05:44 - 2014-10-20 13:10 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 05:44 - 2014-10-20 13:10 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 05:43 - 2014-10-20 13:10 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 05:43 - 2014-10-20 13:10 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-25 23:14 - 2014-11-08 06:42 - 00000000 ____D () C:\Users\Agando\AppData\Local\gtk-2.0
2015-03-25 17:08 - 2014-12-13 22:29 - 00000000 ____D () C:\Users\Agando\AppData\Local\Akamai
2015-03-25 17:03 - 2015-01-02 21:39 - 00000000 ____D () C:\ProgramData\FreeSystemUtilities
2015-03-25 15:02 - 2014-11-13 23:03 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\Skype
2015-03-24 19:45 - 2014-11-02 01:06 - 00000000 ____D () C:\Users\Agando\AppData\Local\Abelssoft
2015-03-24 15:29 - 2014-10-20 12:51 - 00000000 ____D () C:\Users\Agando\AppData\Local\VirtualStore
2015-03-23 17:26 - 2015-02-14 14:06 - 00000000 ____D () C:\Program Files (x86)\phase5
2015-03-23 08:05 - 2014-11-08 05:52 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\OBS
2015-03-23 03:23 - 2015-02-01 05:36 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\newSI_620
2015-03-22 19:12 - 2014-11-13 23:03 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-22 19:12 - 2014-11-13 23:03 - 00000000 ____D () C:\ProgramData\Skype
2015-03-22 19:10 - 2014-10-25 00:33 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fjoistik-microsoft-xbox-360-wireless-controller-for-windows.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&im=ODI1LTAtMTQyNzg5MTk3NS0xMTEzNzExNQ%3D%3D&fid=NDQ1NzU2Nzc1&prdct=3a0d3f083104&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Wireless Controller for Windows" title="Microsoft Xbox 360 Wireless Controller for Windows" style="">Microsoft\Windows</a>\Start Menu\Programs\WinRAR
2015-03-22 19:10 - 2014-10-25 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-22 19:10 - 2014-10-25 00:33 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-22 18:51 - 2015-01-01 15:02 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-22 18:32 - 2014-10-21 14:32 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-22 18:30 - 2014-10-21 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-22 18:30 - 2014-10-21 14:32 - 00000000 ____D () C:\ProgramData\Avira
2015-03-22 08:57 - 2014-12-27 23:54 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2015-03-21 11:44 - 2014-10-20 12:51 - 00000997 _____ () C:\Users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-21 09:05 - 2014-11-08 05:02 - 00000000 ____D () C:\Users\Agando\AppData\Local\Windows Live
2015-03-21 08:56 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fdzhojstik_microsoft_xbox_360_controller_s9f-00002.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&im=ODI1LTAtMTQyNzg5MTk3NS0xNDU3NjIzNg%3D%3D&fid=NDQ1NzU2Nzc1&prdct=34043c0f3d0d&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Controller for Windows" title="Microsoft Xbox 360 Controller for Windows" style="">Microsoft\Windows</a>\Start Menu\Programs\Games
2015-03-21 08:24 - 2014-10-21 15:19 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-03-21 08:13 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-21 07:38 - 2014-10-30 15:11 - 00000000 ____D () C:\Fraps
2015-03-21 06:55 - 2014-12-28 07:15 - 00000000 ____D () C:\Users\Agando\Documents\Text
2015-03-21 06:44 - 2014-11-02 01:06 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2015-03-20 19:53 - 2014-11-08 05:51 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-03-20 18:17 - 2014-10-20 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-20 18:17 - 2014-10-20 13:09 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-20 18:14 - 2014-10-20 13:07 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-19 10:32 - 2014-11-08 15:49 - 00000000 ____D () C:\Users\Agando\AppData\Roaming\SoftGrid Client
2015-03-13 21:41 - 2015-01-01 15:12 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-13 21:41 - 2014-10-21 14:22 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-13 21:41 - 2014-10-21 14:22 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-13 21:41 - 2014-10-21 14:22 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-13 21:41 - 2014-10-20 13:09 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-13 21:41 - 2014-10-20 13:09 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-13 21:41 - 2014-10-20 13:08 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 21:41 - 2014-10-20 13:08 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 21:41 - 2014-10-20 13:08 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 18:16 - 2014-10-20 13:09 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 18:16 - 2014-10-20 13:09 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 18:16 - 2014-10-20 13:09 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 18:16 - 2014-10-20 13:09 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 18:16 - 2014-10-20 13:09 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 18:16 - 2014-10-20 13:09 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-11 15:10 - 2014-10-20 13:09 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
==================== Files in the root of some directories =======
2015-04-01 12:25 - 2015-04-01 12:25 - 0089546 _____ () C:\Users\Agando\AppData\Local\recently-used.xbel
Some content of TEMP:
====================
C:\Users\Agando\AppData\Local\Temp\avgnt.exe
C:\Users\Agando\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Agando\AppData\Local\Temp\nvStInst.exe
C:\Users\Agando\AppData\Local\Temp\Quarantine.exe
C:\Users\Agando\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-25 02:13
==================== End Of Log ============================
--- --- --- --- --- --- Additon:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Agando at 2015-04-01 12:55:11
Running from C:\Users\Agando\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (HKLM-x32\...\{786C5747-1437-443D-B06E-79A00FE45110}) (Version: 1.0.2 - Adobe Systems)
ATI Catalyst Install Manager (HKLM\...\{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 2.01.0000 - ATI Technologies Inc.) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Premier (HKLM-x32\...\Avast) (Version: 10.2.2214 - AVAST Software)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.32.1010 - Electronic Arts Inc.)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
foobar2000 v1.3.7 beta 1 (HKLM-x32\...\foobar2000) (Version: 1.3.7 beta 1 - Peter Pawlowski)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free SystemUtilities (x32 Version: 1.1.0.0 - Covus Freemium GmbH) Hidden
Gameforge Live 2.0.6 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.6 - Gameforge)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MTA:SA v1.4.0 (HKLM-x32\...\MTA:SA 1.4) (Version: v1.4.0 - Multi Theft Auto)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD <a href="hxxp://cityadspix.com/tsclick-BQBE4NPP-VRMIQUYF?url=http%3A%2F%2Fwww.enter.ru%2Fproduct%2Felectronics%2Fgeympad-dlya-xbox-360-microsoft-xbox-360-wireless-controller-cherniy-2060403004348&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&im=Mjc3NS0wLTE0Mjc4OTE5NzUtMTM0MTMyODI%3D&fid=NDQ1NzU2Nzc1&prdct=023400350037053d05&kw=Wireless%20Controller" target="_blank" alt="Microsoft Xbox 360 Wireless Controller" title="Microsoft Xbox 360 Wireless Controller" style="">Wireless Controller</a> Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version: - Telltale Games)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
Vegas <a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fcover-apple-macbook-pro-13-speck-seethru.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&im=ODI1LTAtMTQyNzg5MTk3Ni0xNTY1NTU0Nw%3D%3D&fid=NDQ1NzU2Nzc1&prdct=31053c02360c&kw=<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Facustica_microlab_pro_2.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&im=ODI1LTAtMTQyNzg5MTk3Ni0xNzMyMzg0OQ%3D%3D&fid=NDQ1NzU2Nzc1&prdct=3a0a3c093e08&kw=Pro%252013.0" target="_blank" alt="Microlab Pro 2" title="Microlab Pro 2" style="">Pro%2013.0</a>" target="_blank" alt="Speck SeeThru for MacBook Pro 13 (unibody)" title="Speck SeeThru for MacBook Pro 13 (unibody)" style="">Pro 13.0</a> (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
18-03-2015 01:08:59 Geplanter Prüfpunkt
21-03-2015 08:11:07 Removed BlueStacks Notification Center
22-03-2015 12:44:23 Free System Utilities
22-03-2015 18:52:13 avast! antivirus system restore point
22-03-2015 18:55:16 Gerätetreiber-Paketinstallation: Avast Netzwerkdienst
25-03-2015 06:50:37 Windows Update
25-03-2015 16:55:03 Revo Uninstaller's restore point - Akamai NetSession Interface
25-03-2015 16:57:59 Revo Uninstaller's restore point - Akamai NetSession Interface
25-03-2015 17:00:23 Revo Uninstaller's restore point - Free System Utilities
25-03-2015 17:04:57 Revo Uninstaller's restore point - K-Lite Codec Pack 6.0.<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fbosch-ixo-4-upgrade-basic-0603981020.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&im=ODI1LTAtMTQyNzg5MTk3Ni0xNjkzNzYzMw%3D%3D&fid=NDQ1NzU2Nzc1&prdct=00320135063204&kw=4%20(Basic)" target="_blank" alt="IXO 4 Upgrade basic" title="IXO 4 Upgrade basic" style="">4 (Basic)</a>
25-03-2015 17:06:08 Revo Uninstaller's restore point - Free System Utilities
25-03-2015 17:06:58 Revo Uninstaller's restore point - Need For Speed™ World
25-03-2015 17:08:05 Revo Uninstaller's restore point - Akamai NetSession Interface
25-03-2015 17:10:27 Revo Uninstaller's restore point - TuneUp Utilities 2014
30-03-2015 05:00:42 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1B11B9F7-1207-4DB3-82A3-EE1F3C2C1154} - System32\Tasks\{15D5DB9C-F9C3-4581-AF5C-CE0CB9142560} => pcalua.exe -a "C:\Users\Agando\AppData\Local\Temp\Temp1_PPRO_2.0_Ret-NH_D.zip\Premiere <a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fpro-mac.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&im=ODI1LTAtMTQyNzg5MTk3Ni0xMDQ0NjQ3OA%3D%3D&fid=NDQ1NzU2Nzc1&prdct=300031073304&kw=Pro%202.0" target="_blank" alt="Pro Flat 16.2" title="Pro Flat 16.2" style="">Pro 2.0</a>\Deutsch\Software van andere bedrijven\2d3 SteadyMove\setup.exe"
Task: {1E1CA1E0-E1AA-40CF-AAA9-781322D26116} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-31] (Google Inc.)
Task: {202414D0-50C4-4E99-9480-A118400E1A7C} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {762A6EA6-9B8B-4FD4-8D00-607A2B8060CC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {7ACBC82B-81B9-416C-91A3-A396F54D5881} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-22] (Avast Software s.r.o.)
Task: {873E9D1F-88A6-4439-966D-50C6D557E0A5} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {9C49C43C-B4DD-4835-A92C-55864A558B2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-31] (Google Inc.)
Task: {A61BBF30-B2CB-4638-86C5-A07C9794D87C} - System32\Tasks\{FA44342A-23DC-459A-9B56-CF34E24ECB95} => pcalua.exe -a C:\Users\Agando\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs2 <==== ATTENTION
Task: {E5D7B07E-F417-4B94-AACE-7D4ADCB4EB76} - System32\Tasks\{EB21F9EE-528A-47B0-B46A-EF0E6D1BEE06} => pcalua.exe -a C:\Users\Agando\Downloads\Arena106.exe -d C:\Users\Agando\Downloads
Task: {E8A8C3E7-1958-490D-A2B4-B4A420A7F1E6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-10-20 13:09 - 2015-03-13 18:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-03-22 08:57 - 2015-02-13 13:05 - 03037736 _____ () C:\Program Files (x86)\GameforgeLive\gfl_client.exe
2014-02-28 11:14 - 2014-02-28 11:14 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-08-04 15:43 - 2014-08-04 15:43 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-08-04 15:43 - 2014-08-04 15:43 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-08-04 15:46 - 2014-08-04 15:46 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-08-04 15:46 - 2014-08-04 15:46 - 00579016 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00159232 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2015-03-22 18:53 - 2015-03-22 18:53 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-22 18:53 - 2015-03-22 18:53 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-30 09:57 - 2015-03-30 09:57 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15033000\algo.dll
2015-03-30 21:09 - 2015-03-30 21:09 - 02924032 _____ () C:\Program Files\AVAST Software\Avast\defs\15033001\algo.dll
2015-04-01 10:14 - 2015-04-01 10:14 - 02924032 _____ () C:\Program Files\AVAST Software\Avast\defs\15040100\algo.dll
2015-03-22 18:53 - 2015-03-22 18:53 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-22 18:53 - 2015-03-22 18:53 - 01359872 _____ () C:\Program Files\AVAST Software\Avast\libglesv2.dll
2015-03-22 18:53 - 2015-03-22 18:53 - 00212992 _____ () C:\Program Files\AVAST Software\Avast\libegl.dll
2015-03-30 21:44 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-03-22 08:57 - 2014-02-13 14:32 - 00088064 _____ () C:\Program Files (x86)\GameforgeLive\libgcc_s_sjlj-1.dll
2015-03-22 08:57 - 2014-02-13 14:32 - 00863744 _____ () C:\Program Files (x86)\GameforgeLive\libstdc++-6.dll
2015-03-22 08:57 - 2014-02-13 14:33 - 01765301 _____ () C:\Program Files (x86)\GameforgeLive\libgcrypt-11.dll
2015-03-22 08:57 - 2014-02-13 14:33 - 00126959 _____ () C:\Program Files (x86)\GameforgeLive\libgpg-error-0.dll
2015-03-22 08:57 - 2014-02-14 14:55 - 00530432 _____ () C:\Program Files (x86)\GameforgeLive\log4qt.dll
2015-03-22 08:57 - 2015-02-10 13:13 - 00141312 _____ () C:\Program Files (x86)\GameforgeLive\qjson.dll
2015-03-22 08:57 - 2014-02-14 15:19 - 05686669 _____ () C:\Program Files (x86)\GameforgeLive\libtorrent.dll
2015-03-22 08:57 - 2014-02-14 13:32 - 00097659 _____ () C:\Program Files (x86)\GameforgeLive\libboost_system-mgw47-mt-1_53.dll
2015-03-20 03:24 - 2015-03-14 12:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-20 03:24 - 2015-03-14 12:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-20 03:24 - 2015-03-14 12:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-20 03:24 - 2015-03-14 12:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\Users\Agando\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Agando\Anwendungsdaten:NT2
AlternateDataStreams: C:\Users\Agando\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Agando\AppData\Roaming:NT2
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3527986853-237272119-1680365976-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Agando\AppData\Roaming\<a href="hxxp://cityadspix.com/tsclick-MIQCWPUV-GECAQBFF?url=http%3A%2F%2Fwww.sotmarket.ru%2Fproduct%2Fjoistik-microsoft-xbox-360-wireless-controller-for-windows.html&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&bt=20&pt=9<=2&tl=3&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&sa=mh&sa1=&sa2=&sa3=&sa4=&sa5=&im=ODI1LTAtMTQyNzg5MTk3NS0xMTU2MzE3Ng%3D%3D&fid=NDQ1NzU2Nzc1&prdct=3a0d3f083104&kw=Microsoft%5CWindows" target="_blank" alt="Microsoft Xbox 360 Wireless Controller for Windows" title="Microsoft Xbox 360 Wireless Controller for Windows" style="">Microsoft\Windows</a>\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.192.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-3527986853-237272119-1680365976-500 - Administrator - Disabled)
Agando (S-1-5-21-3527986853-237272119-1680365976-1000 - Administrator - Enabled) => C:\Users\Agando
Gast (S-1-5-21-3527986853-237272119-1680365976-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3527986853-237272119-1680365976-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/30/2015 09:09:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/30/2015 05:00:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service TuneUp Utilities Service since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (03/30/2015 05:00:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary TuneUpUtilitiesDrv.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (03/28/2015 02:32:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm metin2launch.exe, Version 1.0.3400.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 4624
Startzeit: 01d0694fe77aac0f
Endzeit: 6
Anwendungspfad: C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Metin2\metin2launch.exe
Berichts-ID: 6df55a0f-d546-11e4-aff6-b8975a8e4212
Error: (03/26/2015 01:40:55 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volume "(C:)" wurde aufgrund eines Fehlers nicht defragmentiert: Es wurde versucht, eine Datei mit einem falschen Format zu laden. (0x8007000B)
Error: (03/25/2015 05:11:43 PM) (Source: MsiInstaller) (EventID: 11704) (User: Agando-PC)
Description: Produkt: TuneUp Utilities 2014 (de-DE) -- Fehler 1704. Eine Installation von TuneUp Utilities 2014 wurde unterbrochen. Sie müssen die von dieser Installation vorgenommenen Änderungen rückgängig machen, bevor Sie den Vorgang fortsetzen können. Möchten Sie diese Änderungen rückgängig machen?
Error: (03/25/2015 09:04:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/24/2015 07:19:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 04:09:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm metin2launch.exe, Version 1.0.3400.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2038
Startzeit: 01d06572bd0a40f4
Endzeit: 18
Anwendungspfad: C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Metin2\metin2launch.exe
Berichts-ID: 26175037-d166-11e4-adfa-b8975a8e4212
Error: (03/23/2015 05:27:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm metin2launch.exe, Version 1.0.3400.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 5b4
Startzeit: 01d065192037b28c
Endzeit: 3
Anwendungspfad: C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Metin2\metin2launch.exe
Berichts-ID: 97a6e9d9-d10c-11e4-adfa-b8975a8e4212
System errors:
=============
Error: (03/25/2015 09:04:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (03/25/2015 09:03:19 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 25.03.2015 um 07:59:56 unerwartet heruntergefahren.
Error: (03/22/2015 07:01:59 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (03/21/2015 11:46:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/21/2015 11:46:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Druckwarteschlange erreicht.
Error: (03/21/2015 11:46:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (03/21/2015 11:46:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/21/2015 11:46:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Service Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/21/2015 11:46:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/21/2015 11:46:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (03/30/2015 09:09:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/30/2015 05:00:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service TuneUp Utilities Service since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (03/30/2015 05:00:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary TuneUpUtilitiesDrv.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (03/28/2015 02:32:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: metin2launch.exe1.0.3400.0462401d0694fe77aac0f6C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Metin2\metin2launch.exe6df55a0f-d546-11e4-aff6-b8975a8e4212
Error: (03/26/2015 01:40:55 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: (C:)Es wurde versucht, eine Datei mit einem falschen Format zu laden. (0x8007000B)
Error: (03/25/2015 05:11:43 PM) (Source: MsiInstaller) (EventID: 11704) (User: Agando-PC)
Description: Produkt: TuneUp Utilities 2014 (de-DE) -- Fehler 1704. Eine Installation von TuneUp Utilities 2014 wurde unterbrochen. Sie müssen die von dieser Installation vorgenommenen Änderungen rückgängig machen, bevor Sie den Vorgang fortsetzen können. Möchten Sie diese Änderungen rückgängig machen?(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (03/25/2015 09:04:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/24/2015 07:19:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 04:09:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: metin2launch.exe1.0.3400.0203801d06572bd0a40f418C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Metin2\metin2launch.exe26175037-d166-11e4-adfa-b8975a8e4212
Error: (03/23/2015 05:27:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: metin2launch.exe1.0.3400.05b401d065192037b28c3C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\Metin2\metin2launch.exe97a6e9d9-d10c-11e4-adfa-b8975a8e4212
==================== Memory info ===========================
Processor: AMD FX(tm)-4300 Quad-Core Processor
Percentage of memory in use: 60%
Total physical RAM: 4078.29 MB
Available physical RAM: 1595.91 MB
Total Pagefile: 8154.76 MB
Available Pagefile: 5137.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.42 GB) (Free:237 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4E6C5C6A)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Gmer: GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-01 13:40:04
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD5000AAKX-22ERMA0 rev.17.01H17 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Agando\AppData\Local\Temp\pxdiqpog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fb5000 63 bytes [43, 4D, 33, 31, 05, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff80002fb5040 1 byte [01]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1408] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000765b8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076581465 2 bytes [58, 76]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765814bb 2 bytes [58, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076581465 2 bytes [58, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765814bb 2 bytes [58, 76]
.text ... * 2
.text C:\Program Files\AVAST Software\Avast\avastui.exe[4876] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000765b8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076581465 2 bytes [58, 76]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765814bb 2 bytes [58, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076581465 2 bytes [58, 76]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765814bb 2 bytes [58, 76]
.text ... * 2
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5228] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000765b8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076581465 2 bytes [58, 76]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765814bb 2 bytes [58, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076581465 2 bytes [58, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765814bb 2 bytes [58, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3520] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766c2ab1 5 bytes JMP 0000000100112ac0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076581465 2 bytes [58, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765814bb 2 bytes [58, 76]
.text ... * 2
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076581465 2 bytes [58, 76]
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765814bb 2 bytes [58, 76]
.text ... * 2
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZNK5boost4asio2ip7address5to_v4Ev + 102 0000000067bcf926 4 bytes [48, FD, CD, 6F]
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZNK5boost4asio2ip7address5to_v6Ev + 110 0000000067bcfdfe 4 bytes [48, FD, CD, 6F]
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZNK5boost4asio2ip10address_v65to_v4Ev + 86 0000000067bd0366 4 bytes [48, FD, CD, 6F]
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZNK5boost4asio2ip6detail8endpoint9to_stringERNS_6system10error_codeE + 537 0000000067bd0e79 4 bytes [8C, F9, CD, 6F]
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZNK5boost4asio2ip6detail8endpoint9to_stringERNS_6system10error_codeE + 555 0000000067bd0e8b 4 bytes [A0, F9, CD, 6F]
.text ... * 6
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZN10libtorrent10lazy_entry11dict_appendEPKc + 91 0000000067bec9ab 4 bytes [FC, B9, CD, 6F]
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZN10libtorrent10lazy_entry11dict_appendEPKc + 213 0000000067beca25 4 bytes [FC, B9, CD, 6F]
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZN10libtorrent10lazy_entry11list_appendEv + 84 0000000067becb94 4 bytes [FC, B9, CD, 6F]
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZN10libtorrent10lazy_entry11list_appendEv + 207 0000000067becc0f 4 bytes [FC, B9, CD, 6F]
.text C:\Program Files (x86)\GameforgeLive\gfl_client.exe[6012] C:\Program Files (x86)\GameforgeLive\libtorrent.dll!_ZN10libtorrent9file_pool9open_fileEPvRKSsN9__gnu_cxx17__normal_iteratorIPKNS_19internal_file_entryESt6vectorIS6_SaIS6_EEEERKNS_12file_storageEiRN5boost6system10error_codeE + 762 0000000067d078fa 4 bytes [FC, B9, CD, 6F]
---- EOF - GMER 2.1 ----
defogger disable : defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:52 on 01/04/2015 (Agando) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Geändert von Caladrius (01.04.2015 um 13:43 Uhr) |
| Themen zu Windows 7: Webseiten werden auf Russische Werbung umgeleitet. |
| adware, antivirus, avira, bluestacks, desktop, fehler, google, helper, home, homepage, installation, installmanager.exe, internet, macbook pro, maus, mozilla, onlineshop, problem, realtek, registry, rundll, russische seite, security, services.exe, software, svchost.exe, system, teamspeak, werbung, werbung im browser, werbung in neuem tab, windows |
Baum-Darstellung