| |
| |||||||
Log-Analyse und Auswertung: Windows 8: automatische Updatefunktion in den Diensten fehlt, Rechner friert gelegentlich ein/wird extrem langsamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
07.07.2015, 09:25
| #1 |
 |  Windows 8: automatische Updatefunktion in den Diensten fehlt, Rechner friert gelegentlich ein/wird extrem langsam Hallo, ich wollte das Update auf Windows 8.1 machen, dabei habe ich festgestellt, dass der Dienst "Windows Update" weg ist. Zudem friert der Rechner sehr häufig ein, wird langsam oder kommt ins "stocken". Die letzten Updates habe ich manuell über winfuture.de installiert. Die logfiles: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by **** at 2015-07-07 10:05:09
Running from C:\Users\****\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3838794304-2198812315-1598431026-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-3838794304-2198812315-1598431026-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3838794304-2198812315-1598431026-1013 - Limited - Enabled)
**** (S-1-5-21-3838794304-2198812315-1598431026-1002 - Administrator - Enabled) => C:\Users\****
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
CyberLink BD_3D Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.6410 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerDVD 13 (HKLM-x32\...\InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}) (Version: 13.0.3919.58 - CyberLink Corp.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Druckerdeinstallation für EPSON WF-2530 Series (HKLM\...\EPSON WF-2530 Series) (Version: - SEIKO EPSON Corporation)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-3838794304-2198812315-1598431026-1002\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
Greenshot 1.1.7.17 (HKLM\...\Greenshot_is1) (Version: 1.1.7.17 - Greenshot)
Guildwork (HKU\S-1-5-21-3838794304-2198812315-1598431026-1002\...\Guildwork) (Version: 1.0.151 - Guildwork)
HP LaserJet Pro MFP M127-M128 (HKLM-x32\...\{3b050369-8d19-413d-9dec-84ff278472eb}) (Version: 8.0.13295.984 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM128DSService (x32 Version: 001.001.08254 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.40 - HP) Hidden
HPLJDXPHelper (x32 Version: 060.048.005 - HP) Hidden
HPLJProMFPM127M128 (HKLM-x32\...\{B5409C23-DE0C-4B48-8C8A-50AE38694955}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (x32 Version: 008.000.0001 - HP) Hidden
HPLJUTM127_128 (x32 Version: 008.000.0001 - HP) Hidden
hppLaserJetService (x32 Version: 009.033.00905 - Hewlett-Packard) Hidden
hppM125LaserJetService (x32 Version: 001.032.00682 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 080.040.00171 - Hewlett Packard) Hidden
hpStatusAlertsM127-M128 (x32 Version: 080.046.00111 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LJDXPHelperUI (x32 Version: 060.048.005 - HP) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.030.01.04.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA 3DTV Play Activation Utility (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DTV) (Version: 266.7 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Grafiktreiber 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.86.89.0 - Overwolf Ltd.)
PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 Create Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
Software Updater (HKLM-x32\...\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474}) (Version: 4.3.6 - SEIKO EPSON CORPORATION)
tax 2015 (HKLM-x32\...\{4CF96070-DEE5-43B5-B6A7-23AC07BC0C77}) (Version: 22.02.8861 - Buhl Data Service GmbH)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3838794304-2198812315-1598431026-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3838794304-2198812315-1598431026-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3838794304-2198812315-1598431026-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3838794304-2198812315-1598431026-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3838794304-2198812315-1598431026-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
16-06-2015 16:53:43 Installed PDF Architect 3 View Module
29-06-2015 14:37:07 NVIDIA PhysX wird entfernt
06-07-2015 15:25:43 Geplanter Prüfpunkt
==================== Hosts content: ===============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by **** (administrator) on FESTOPLATTE on 07-07-2015 10:04:51
Running from C:\Users\****\Desktop
Loaded Profiles: **** (Available Profiles: **** & Administrator)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\ws.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\StatusAlerts\bin\HPStatusAlerts.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-04-11] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PowerDVD13Agent] => C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe [517144 2014-03-26] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-02] (cyberlink)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49904 2014-08-13] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313656 2013-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3838794304-2198812315-1598431026-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIVE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3838794304-2198812315-1598431026-1002\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [495616 2013-12-13] (Greenshot)
HKU\S-1-5-21-3838794304-2198812315-1598431026-1002\...\Run: [Google Update] => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-12-31] (Google Inc.)
HKU\S-1-5-21-3838794304-2198812315-1598431026-1002\...\Run: [Google+ Auto Backup] => C:\Users\****\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-3838794304-2198812315-1598431026-1002\...\MountPoints2: {46faf903-a519-11e3-befa-94de80a8a71e} - "K:\pushinst.exe"
HKU\S-1-5-21-3838794304-2198812315-1598431026-1002\...\MountPoints2: {d1f1f2d3-c020-11e4-bedc-94de80a8a71e} - "D:\AutoRun.exe"
HKU\S-1-5-21-3838794304-2198812315-1598431026-1002\...\MountPoints2: {d1f1f56f-c020-11e4-bedc-94de80a8a71e} - "D:\AutoRun.exe"
HKU\S-1-5-21-3838794304-2198812315-1598431026-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [240640 2012-07-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3838794304-2198812315-1598431026-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MA30093DB-E401-4DE4-9ABD-B19F89DD64CC&SearchSource=55&CUI=&UM=5&UP=SP95A13CA2-0257-4F6B-B0B8-FBC5E5054F64&SSPV=
HKU\S-1-5-21-3838794304-2198812315-1598431026-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
HKU\S-1-5-21-3838794304-2198812315-1598431026-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de
SearchScopes: HKU\S-1-5-21-3838794304-2198812315-1598431026-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MA30093DB-E401-4DE4-9ABD-B19F89DD64CC&SearchSource=58&CUI=&UM=5&UP=SP95A13CA2-0257-4F6B-B0B8-FBC5E5054F64&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3838794304-2198812315-1598431026-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MA30093DB-E401-4DE4-9ABD-B19F89DD64CC&SearchSource=58&CUI=&UM=5&UP=SP95A13CA2-0257-4F6B-B0B8-FBC5E5054F64&q={searchTerms}&SSPV=
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-01-18] (IvoSoft)
BHO-x32: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll [2015-04-24] (pdfforge GmbH)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-29] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-29] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-04-24] (pdfforge GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{108E9518-A2B4-4C2A-A8BB-AED2DFD8F905}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{108E9518-A2B4-4C2A-A8BB-AED2DFD8F905}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{42CFF633-43C4-489B-9561-665F039ED25A}: [DhcpNameServer] 192.168.2.250
Tcpip\..\Interfaces\{799D124D-417F-4030-B206-FDFEF463BE8A}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{799D124D-417F-4030-B206-FDFEF463BE8A}: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\4rsw88h8.default
FF DefaultSearchEngine: Ecosia
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-04-24] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-3838794304-2198812315-1598431026-1002: @tools.google.com/Google Update;version=3 -> C:\Users\****\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3838794304-2198812315-1598431026-1002: @tools.google.com/Google Update;version=9 -> C:\Users\****\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\4rsw88h8.default\searchplugins\ecosia.xml [2015-05-29]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\4rsw88h8.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-12-19]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-03-04]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF Extension: PDF Architect 3 Creator - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-06-16]
Chrome:
=======
CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-27]
CHR Extension: (Google Drive) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-27]
CHR Extension: (YouTube) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-27]
CHR Extension: (Ecosia - The search engine that plants trees) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\clellnciejhoedgepbdilbkdkaoecgpc [2014-05-14]
CHR Extension: (Google Search) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-27]
CHR Extension: (Gmail) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-27]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-02] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2014-03-26] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2014-03-26] (CyberLink)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-05] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1000688 2015-06-21] (Overwolf LTD)
R3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-04-24] (pdfforge GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
S2 wuauserv; C:\Windows\system32\wuaueng.dll [425099 2014-08-14] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-04] (AVM Berlin)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-04-27] (Disc Soft Ltd)
S3 fwlanusb4; C:\Windows\system32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [32456 2014-03-26] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-07 10:04 - 2015-07-07 10:04 - 00023061 _____ C:\Users\****\Desktop\FRST.txt
2015-07-07 10:04 - 2015-07-07 09:57 - 02112512 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2015-07-07 10:02 - 2015-07-07 10:03 - 00000000 ____D C:\Users\****\Desktop\Scan
2015-07-07 09:59 - 2015-07-07 10:03 - 00031434 _____ C:\Users\****\Downloads\Addition.txt
2015-07-07 09:58 - 2015-07-07 10:04 - 00000000 ____D C:\FRST
2015-07-07 09:58 - 2015-07-07 10:03 - 00041743 _____ C:\Users\****\Downloads\FRST.txt
2015-07-07 09:57 - 2015-07-07 09:57 - 02112512 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2015-07-07 09:56 - 2015-07-07 09:56 - 00050477 _____ C:\Users\****\Downloads\Defogger.exe
2015-07-07 09:56 - 2015-07-07 09:56 - 00000558 _____ C:\Users\****\Downloads\defogger_disable.log
2015-07-07 09:56 - 2015-07-07 09:56 - 00000168 _____ C:\Users\****\defogger_reenable
2015-07-06 15:20 - 2015-07-06 16:25 - 00000000 ____D C:\Users\****\Documents\vegan
2015-07-06 12:07 - 2015-07-06 12:07 - 00293660 _____ C:\Users\****\AppData\Local\recently-used.xbel
2015-07-05 13:13 - 2015-07-05 19:18 - 00031423 _____ C:\Users\****\Desktop\Abbaustellen.ods
2015-06-30 13:50 - 2015-06-30 13:50 - 00184348 _____ C:\WINDOWS\msxml4-KB2758694-deu.LOG
2015-06-30 13:22 - 2015-06-30 13:33 - 678730082 _____ (WinFuture) C:\Users\****\Downloads\WinFuture_8_x64_UpdatePack_1.25_Juni_2015-Vollversion.exe
2015-06-30 12:38 - 2015-06-30 12:44 - 00000000 ____D C:\Program Files (x86)\RegTweaker
2015-06-30 12:38 - 2015-06-30 12:38 - 02992555 _____ C:\Users\****\Downloads\regtweaker.exe
2015-06-30 11:55 - 2015-06-30 11:56 - 52822240 _____ (Microsoft Corporation) C:\Users\****\Downloads\Windows-KB890830-x64-V5.25.exe
2015-06-30 11:50 - 2015-06-30 11:50 - 00302011 _____ C:\Users\****\Downloads\WindowsUpdateDiagnostic (1).diagcab
2015-06-30 10:57 - 2015-06-30 10:57 - 00302011 _____ C:\Users\****\Downloads\WindowsUpdateDiagnostic.diagcab
2015-06-30 10:56 - 2015-06-30 10:56 - 00998400 _____ C:\Users\****\Downloads\MicrosoftFixit50814.msi
2015-06-30 10:53 - 2015-06-30 10:53 - 00347424 _____ (Microsoft Corporation) C:\Users\****\Downloads\MicrosoftFixit.wu.Run.exe
2015-06-30 10:22 - 2015-06-30 10:23 - 06431728 _____ (Microsoft Corporation) C:\Users\****\Downloads\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411.exe
2015-06-29 14:37 - 2015-06-29 14:37 - 00002180 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-06-29 14:36 - 2015-06-17 08:03 - 00571024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-06-29 14:29 - 2015-06-17 11:10 - 42729104 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 37748880 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 30481552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 22947144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 16145200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 15866992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 14497520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 13263056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 11831856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 11011216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-06-29 14:29 - 2015-06-17 11:10 - 02997544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 02932368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 02599752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 01898128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435330.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435330.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 01099992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 01060168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 01050768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 00982672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 00975176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 00938752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 00503408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 00408392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 00407296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 00204648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-06-29 14:29 - 2015-06-17 11:10 - 00176904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 00155280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 00150832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-06-29 14:29 - 2015-06-17 11:10 - 00040280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-06-29 14:15 - 2015-06-29 14:19 - 292264080 _____ (NVIDIA Corporation) C:\Users\****\Downloads\353.30-desktop-win8-win7-winvista-64bit-international-whql.exe
2015-06-24 12:17 - 2015-06-24 12:17 - 00001386 _____ C:\Users\****\Downloads\Custom Recipe List (1).csv
2015-06-24 12:16 - 2015-06-24 12:16 - 00001386 _____ C:\Users\****\Downloads\Custom Recipe List .csv
2015-06-23 22:26 - 2015-06-23 22:26 - 00005259 _____ C:\Users\****\Downloads\Luftschiff.ods
2015-06-23 11:10 - 2015-06-23 12:04 - 00000000 ____D C:\Users\****\Documents\debKonPlus
2015-06-16 17:21 - 2015-06-16 17:21 - 00000000 ____D C:\Users\****\AppData\Local\PDFCreator
2015-06-16 16:55 - 2015-06-16 17:25 - 00000000 ____D C:\Users\****\AppData\Roaming\PDF Architect 3
2015-06-16 16:55 - 2015-06-16 16:55 - 00001030 _____ C:\Users\Public\Desktop\PDF Architect 3.lnk
2015-06-16 16:54 - 2015-06-16 16:55 - 00000000 ____D C:\Program Files (x86)\PDF Architect 3
2015-06-16 16:54 - 2015-06-16 16:54 - 00000000 ____D C:\Users\****\Documents\PDF Architect
2015-06-16 16:54 - 2015-06-16 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 3
2015-06-16 16:51 - 2015-06-16 17:20 - 00000000 ____D C:\Program Files\PDFCreator
2015-06-16 16:51 - 2015-06-16 16:51 - 00115592 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2015-06-16 16:51 - 2015-06-16 16:51 - 00000879 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2015-06-16 16:51 - 2015-06-16 16:51 - 00000000 ____D C:\Users\****\AppData\Roaming\pdfforge
2015-06-16 16:51 - 2015-06-16 16:51 - 00000000 ____D C:\ProgramData\PDF Architect 3
2015-06-16 16:51 - 2015-06-16 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-06-16 16:50 - 2015-06-16 16:51 - 28754952 _____ (pdfforge GmbH) C:\Users\****\Downloads\PDFCreator-2_1_2-setup.exe
2015-06-16 16:50 - 2015-06-16 16:51 - 28754952 _____ (pdfforge GmbH) C:\Users\****\Downloads\PDFCreator-2_1_2-setup (1).exe
2015-06-15 22:27 - 2015-06-15 22:28 - 04374609 _____ C:\Users\****\Downloads\screensaver_BKK_ATU_02.zip
2015-06-15 20:47 - 2015-06-15 22:00 - 00000000 ____D C:\Users\****\AppData\Local\gtk-2.0
2015-06-15 20:47 - 2015-06-15 20:47 - 00000000 ____D C:\Users\****\.thumbnails
2015-06-15 20:44 - 2015-07-06 12:12 - 00000000 ____D C:\Users\****\.gimp-2.8
2015-06-15 20:44 - 2015-06-15 20:44 - 00000000 ____D C:\Users\****\AppData\Local\gegl-0.2
2015-06-15 20:43 - 2015-06-15 20:43 - 00000937 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-06-15 20:42 - 2015-06-15 20:43 - 00000000 ____D C:\Program Files\GIMP 2
2015-06-15 20:41 - 2015-06-15 20:42 - 91931728 _____ (The GIMP Team ) C:\Users\****\Downloads\gimp-2.8.14-setup-1.exe
2015-06-10 21:14 - 2015-06-10 21:14 - 11605886 _____ C:\Users\****\Documents\Kündigung Bahncard25 MG.bmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-07 10:04 - 2014-12-21 13:15 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-07 10:02 - 2014-04-27 11:22 - 00000000 ____D C:\Users\****\AppData\Roaming\ClassicShell
2015-07-07 10:02 - 2014-03-06 15:41 - 00465408 ___SH C:\Users\****\Desktop\Thumbs.db
2015-07-07 10:00 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-07 09:59 - 2014-04-27 11:26 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3838794304-2198812315-1598431026-1002
2015-07-07 09:56 - 2014-04-27 11:20 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-07 09:56 - 2014-04-27 10:59 - 00000000 ____D C:\Users\****
2015-07-07 09:56 - 2014-04-27 10:54 - 02986953 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-07 09:54 - 2014-04-27 11:19 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-07 09:54 - 2013-07-22 14:14 - 00000000 ____D C:\ProgramData\Temp
2015-07-06 22:11 - 2014-12-31 15:50 - 00001176 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3838794304-2198812315-1598431026-1002UA.job
2015-07-06 21:28 - 2014-05-09 17:34 - 00000000 ____D C:\Users\****\AppData\Local\CrashDumps
2015-07-06 12:20 - 2014-04-27 11:29 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-06 12:14 - 2014-04-27 11:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-06 12:14 - 2014-04-27 11:29 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-05 22:52 - 2014-08-27 20:55 - 00000000 ____D C:\Users\****\AppData\Roaming\TS3Client
2015-07-05 17:11 - 2014-12-31 15:50 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3838794304-2198812315-1598431026-1002Core.job
2015-07-02 20:41 - 2015-03-17 22:17 - 00000000 ____D C:\Users\****\AppData\Roaming\HpUpdate
2015-07-02 18:50 - 2014-03-14 13:34 - 00000000 ____D C:\Users\****\Documents\wohnen
2015-07-02 10:38 - 2014-03-14 13:37 - 00000000 ____D C:\Users\****\Documents\Bewerbungen
2015-07-01 15:37 - 2012-07-26 12:27 - 00752930 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-01 15:37 - 2012-07-26 12:27 - 00156156 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-01 15:37 - 2012-07-26 09:28 - 01748838 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-30 22:08 - 2013-07-22 21:47 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-30 22:08 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-30 12:44 - 2013-07-22 14:07 - 00972926 _____ C:\WINDOWS\PFRO.log
2015-06-30 12:15 - 2013-12-24 16:51 - 01305088 ___SH C:\Users\****\Downloads\Thumbs.db
2015-06-29 14:59 - 2012-07-26 07:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-29 14:51 - 2014-04-29 15:32 - 00000344 _____ C:\WINDOWS\lgfwup.ini
2015-06-29 14:51 - 2014-04-29 15:31 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2015-06-29 14:37 - 2013-07-22 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-29 14:36 - 2013-07-22 21:47 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-29 14:36 - 2012-07-26 09:21 - 00043684 _____ C:\WINDOWS\setupact.log
2015-06-29 14:06 - 2013-07-22 21:49 - 00001424 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-06-29 14:00 - 2014-10-05 11:46 - 00000000 ____D C:\ProgramData\Oracle
2015-06-29 13:57 - 2014-10-05 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-29 13:56 - 2014-10-05 11:37 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-06-29 13:56 - 2014-10-05 11:37 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-28 20:56 - 2014-08-27 20:56 - 00000000 ____D C:\Program Files (x86)\Overwolf
2015-06-25 16:18 - 2014-12-26 13:03 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-24 15:04 - 2014-12-21 13:15 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-24 13:36 - 2014-09-19 23:16 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-06-24 13:36 - 2014-09-19 23:16 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-06-24 13:36 - 2014-04-27 11:27 - 01571696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-06-24 13:36 - 2014-04-27 11:27 - 01320120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-06-23 10:57 - 2014-04-27 11:20 - 00002218 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-22 17:35 - 2013-11-30 15:53 - 00000000 ____D C:\Users\****\Documents\IK Hofmann
2015-06-22 11:08 - 2015-02-16 22:49 - 00000562 _____ C:\WINDOWS\wiso.ini
2015-06-19 22:55 - 2015-05-27 10:38 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-19 22:48 - 2015-06-05 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-19 22:48 - 2014-12-19 10:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-19 22:48 - 2014-04-27 11:29 - 00000000 ____D C:\ProgramData\Avira
2015-06-17 11:10 - 2015-01-23 16:22 - 15224784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-06-17 11:10 - 2014-04-27 11:24 - 12855416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-06-17 11:10 - 2013-07-22 21:47 - 00112784 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-06-17 11:10 - 2013-07-22 21:47 - 00105288 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-06-17 11:10 - 2013-07-22 21:46 - 17724600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-06-17 11:10 - 2013-07-22 21:46 - 03395648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-06-17 11:10 - 2013-07-22 21:46 - 01567576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-06-17 11:10 - 2013-07-22 21:46 - 00030966 _____ C:\WINDOWS\system32\nvinfo.pb
2015-06-17 08:48 - 2013-07-22 21:47 - 06873232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-06-17 08:48 - 2013-07-22 21:47 - 03492168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-06-17 08:48 - 2013-07-22 21:47 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-06-17 08:48 - 2013-07-22 21:47 - 00937616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-06-17 08:48 - 2013-07-22 21:47 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-06-17 08:48 - 2013-07-22 21:47 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-06-16 12:08 - 2014-04-27 11:31 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-06-16 12:08 - 2014-04-27 11:31 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-06-15 11:36 - 2014-11-09 12:36 - 00000000 ____D C:\Users\****\AppData\Local\Greenshot
2015-06-14 12:10 - 2014-12-21 13:14 - 00000000 ____D C:\Users\****\AppData\Local\Adobe
2015-06-14 11:57 - 2014-03-14 13:35 - 00000000 ____D C:\Users\****\Documents\Schule
2015-06-13 13:19 - 2014-03-14 13:38 - 00000000 ____D C:\Users\****\Documents\krankenkassenwechsel
2015-06-09 18:23 - 2014-09-11 20:02 - 00090624 ___SH C:\Users\****\Thumbs.db
==================== Files in the root of some directories =======
2015-07-06 12:07 - 2015-07-06 12:07 - 0293660 _____ () C:\Users\****\AppData\Local\recently-used.xbel
2015-01-16 19:48 - 2015-01-16 19:48 - 0000017 _____ () C:\Users\****\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
C:\Users\****\AppData\Local\Temp\avgnt.exe
C:\Users\****\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\****\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\****\AppData\Local\Temp\nsf13F7.exe
C:\Users\****\AppData\Local\Temp\nsw16C7.exe
C:\Users\****\AppData\Local\Temp\nsxE7F1.exe
C:\Users\****\AppData\Local\Temp\nsyE9C7.exe
C:\Users\****\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\****\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\****\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\****\AppData\Local\Temp\nvStInst.exe
C:\Users\****\AppData\Local\Temp\ReimagePackage.exe
C:\Users\****\AppData\Local\Temp\ResetDevice.exe
C:\Users\****\AppData\Local\Temp\vlc-2.1.5-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-05 19:58
==================== End of log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:56 on 07/07/2015 (Marcus Güdden)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-07 10:14:52
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003a ST1000DM003-1CH162 rev.CC47 931,51GB
Running: nwl4huj1.exe; Driver: C:\Users\MARCUS~1\AppData\Local\Temp\uwtcrpow.sys
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\dwm.exe[3728] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fee667177a 4 bytes [67, E6, FE, 07]
.text C:\WINDOWS\System32\dwm.exe[3728] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fee6671782 4 bytes [67, E6, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5732] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fee3401532 4 bytes [40, E3, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5732] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fee340153a 4 bytes [40, E3, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5732] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fee340165a 4 bytes [40, E3, FE, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[3984] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690 000007fee3401532 4 bytes [40, E3, FE, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[3984] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698 000007fee340153a 4 bytes [40, E3, FE, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[3984] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246 000007fee340165a 4 bytes [40, E3, FE, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[3984] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fee667177a 4 bytes [67, E6, FE, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[3984] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fee6671782 4 bytes [67, E6, FE, 07]
.text C:\WINDOWS\Explorer.EXE[6788] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fee667177a 4 bytes [67, E6, FE, 07]
.text C:\WINDOWS\Explorer.EXE[6788] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fee6671782 4 bytes [67, E6, FE, 07]
.text C:\WINDOWS\Explorer.EXE[6788] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fee3401532 4 bytes [40, E3, FE, 07]
.text C:\WINDOWS\Explorer.EXE[6788] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fee340153a 4 bytes [40, E3, FE, 07]
.text C:\WINDOWS\Explorer.EXE[6788] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fee340165a 4 bytes [40, E3, FE, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[6700] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fee3401532 4 bytes [40, E3, FE, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[6700] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fee340153a 4 bytes [40, E3, FE, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[6700] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fee340165a 4 bytes [40, E3, FE, 07]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3296] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fee667177a 4 bytes [67, E6, FE, 07]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3296] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fee6671782 4 bytes [67, E6, FE, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3772] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fee3401532 4 bytes [40, E3, FE, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3772] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fee340153a 4 bytes [40, E3, FE, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3772] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fee340165a 4 bytes [40, E3, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1144] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fee3401532 4 bytes [40, E3, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1144] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fee340153a 4 bytes [40, E3, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1144] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fee340165a 4 bytes [40, E3, FE, 07]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [4120:5176] fffff960009be5e8
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
07.07.2015, 09:35
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8: automatische Updatefunktion in den Diensten fehlt, Rechner friert gelegentlich ein/wird extrem langsam__________________
__________________ |
|
| Themen zu Windows 8: automatische Updatefunktion in den Diensten fehlt, Rechner friert gelegentlich ein/wird extrem langsam |
| .dll, adware, antivirus, avira, browser, defender, download, explorer, firefox, flash player, geforce, harddisk, helper, langsam, opera, rundll, scan, security, services.exe, stick, svchost.exe, updates, windows, winlogon.exe, wlan |
Linear-Darstellung
