| ConQuest | 25.01.2015 18:33 |
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:41 on 25/01/2015 (ConQuest)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by ConQuest (administrator) on CONQUEST-PC on 25-01-2015 16:44:21
Running from C:\Users\ConQuest\Desktop
Loaded Profiles: ConQuest (Available profiles: ConQuest)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Users\ConQuest\Desktop\TSMApplication.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Roccat GmbH) C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
(Blizzard Entertainment) F:\Games\World of Warcraft\Battle.net\Battle.net.5383\Battle.net.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395928 2012-05-10] (Acronis)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-20] (Nullsoft, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2673640 2012-05-10] ()
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM-x32\...\Run: [RoccatKova+] => C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE [539688 2011-03-17] (Roccat GmbH)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-301963786-2994283448-3413475682-1000\...\Run: [] => [X]
HKU\S-1-5-21-301963786-2994283448-3413475682-1000\...\Run: [Battle.net] => F:\Games\World of Warcraft\Battle.net\Battle.net Launcher.exe [2864688 2014-12-11] (Blizzard Entertainment)
HKU\S-1-5-21-301963786-2994283448-3413475682-1000\...\Run: [TSMApplication] => C:\Users\ConQuest\Desktop\TSMApplication.exe [16872448 2015-01-04] ()
HKU\S-1-5-21-301963786-2994283448-3413475682-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-301963786-2994283448-3413475682-1000\...\MountPoints2: {263a9f5a-4484-11e2-9359-002185124389} - E:\autorun.exe
Startup: C:\Users\ConQuest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKU\S-1-5-21-301963786-2994283448-3413475682-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-301963786-2994283448-3413475682-1000] => http=192.168.1.60:3128;https=192.168.1.60:3128;ftp=192.168.1.60:3128
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-301963786-2994283448-3413475682-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-301963786-2994283448-3413475682-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-301963786-2994283448-3413475682-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
URLSearchHook: HKLM-x32 - (No Name) - {6dad39c6-f4ac-4984-8e9b-f666269b9eb1} - No File
URLSearchHook: HKU\S-1-5-21-301963786-2994283448-3413475682-1000 - (No Name) - {6dad39c6-f4ac-4984-8e9b-f666269b9eb1} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-301963786-2994283448-3413475682-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-301963786-2994283448-3413475682-1000 -> {5014C177-076F-448B-A22A-E75C990BF39A} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297265&CUI=UN21564253253314282&UM=2
SearchScopes: HKU\S-1-5-21-301963786-2994283448-3413475682-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {6dad39c6-f4ac-4984-8e9b-f666269b9eb1} - No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Hosts: 127.0.0.1 lm.licenses.adobe.com
Tcpip\..\Interfaces\{72F67154-EDCB-42C7-BC40-A77B5D2FF482}: [NameServer] 8.8.8.8,8.8.4.4,194.25.2.129,213.105.133.2
FireFox:
========
FF ProfilePath: C:\Users\ConQuest\AppData\Roaming\Mozilla\Firefox\Profiles\peplf3a4.default-1404524562121
FF NetworkProxy: "type",
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-301963786-2994283448-3413475682-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: DownloadHelper - C:\Users\ConQuest\AppData\Roaming\Mozilla\Firefox\Profiles\peplf3a4.default-1404524562121\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-03]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-11-13]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-24]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-06-18]
Chrome:
=======
CHR HomePage: Default -> https://de.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "hxxp://www.google.com/", "https://de.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Profile: C:\Users\ConQuest\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ConQuest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-26]
CHR Extension: (Alpha Bravo Downloader) - C:\Users\ConQuest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkhanplljmeeibemadiinmmajldafdjp [2014-08-26]
CHR Extension: (Adobe Acrobat – PDF-Datei erstellen) - C:\Users\ConQuest\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-08-10]
CHR Extension: (AdBlock) - C:\Users\ConQuest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-01]
CHR Extension: (Avast Online Security) - C:\Users\ConQuest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-05]
CHR Extension: (Auto HD For YouTube™) - C:\Users\ConQuest\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2014-12-13]
CHR Extension: (Google Wallet) - C:\Users\ConQuest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-05]
CHR Extension: (Adblock Plus Chrome) - C:\Users\ConQuest\AppData\Local\Google\Chrome\User Data\Default\Extensions\omihghdlmaedmkipdikamnejbeecjcim [2014-11-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-12] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-12] (Avast Software)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-11-24] (EasyAntiCheat Ltd)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-01-12] (Overwolf LTD)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-12] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-12] ()
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-12-15] (DT Soft Ltd)
R3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-12] (Avast Software)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2012-12-09] (Acronis)
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-25 16:44 - 2015-01-25 16:44 - 00019699 _____ () C:\Users\ConQuest\Desktop\FRST.txt
2015-01-25 16:43 - 2015-01-25 16:44 - 00000000 ____D () C:\FRST
2015-01-25 16:40 - 2015-01-25 16:41 - 00000478 _____ () C:\Users\ConQuest\Desktop\defogger_disable.log
2015-01-25 16:40 - 2015-01-25 16:40 - 00000000 _____ () C:\Users\ConQuest\defogger_reenable
2015-01-25 16:11 - 2015-01-25 16:11 - 00380416 _____ () C:\Users\ConQuest\Desktop\Gmer-19357.exe
2015-01-25 16:10 - 2015-01-25 16:10 - 02129920 _____ (Farbar) C:\Users\ConQuest\Desktop\FRST64.exe
2015-01-25 16:06 - 2015-01-25 16:05 - 00050477 _____ () C:\Users\ConQuest\Desktop\Defogger.exe
2015-01-25 01:00 - 2015-01-25 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-25 01:00 - 2015-01-25 01:00 - 00000000 _____ () C:\Windows\setupact.log
2015-01-24 22:36 - 2015-01-24 22:36 - 00111392 _____ () C:\Users\ConQuest\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-24 22:06 - 2015-01-24 22:06 - 00000000 ____D () C:\ProgramData\hsswpr
2015-01-24 21:42 - 2015-01-24 21:42 - 00038387 _____ () C:\Users\ConQuest\Downloads\otl.rar
2015-01-19 23:57 - 2015-01-19 23:59 - 00001728 _____ () C:\Users\ConQuest\Desktop\Seltsamen Steine.txt
2015-01-17 20:03 - 2015-01-17 20:03 - 00000000 ____D () C:\Users\ConQuest\Desktop\WTF
2015-01-17 20:00 - 2015-01-17 20:00 - 00000000 ____D () C:\Users\ConQuest\Desktop\Interface
2015-01-17 16:02 - 2015-01-17 16:02 - 00000247 _____ () C:\Windows\system32\2015-01-17-15-02-45.005-aswFe.exe-5824.log
2015-01-17 15:58 - 2015-01-17 16:02 - 00000247 _____ () C:\Windows\system32\2015-01-17-14-58-10.051-aswFe.exe-5612.log
2015-01-17 15:58 - 2015-01-17 15:58 - 00000197 _____ () C:\Windows\system32\2015-01-17-14-58-04.073-AvastVBoxSVC.exe-3292.log
2015-01-17 15:44 - 2015-01-17 15:44 - 00000197 _____ () C:\Windows\system32\2015-01-17-14-44-05.019-AvastVBoxSVC.exe-4432.log
2015-01-13 22:23 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 22:23 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 22:23 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 22:23 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 22:22 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 22:22 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 22:22 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 22:22 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 22:22 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 22:22 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 22:22 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 22:22 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 22:22 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-04 18:14 - 2015-01-04 18:14 - 00051016 _____ () C:\Users\ConQuest\Desktop\TSMWENDELER150104181417.zip
2015-01-04 18:13 - 2015-01-04 01:22 - 16872448 _____ () C:\Users\ConQuest\Desktop\TSMApplication.exe
2015-01-04 18:12 - 2015-01-04 18:12 - 07677218 _____ () C:\Users\ConQuest\Downloads\TSMApplication (1).zip
2015-01-03 02:19 - 2015-01-03 02:19 - 00000000 ____D () C:\Users\ConQuest\Desktop\Interface (nicht LÖSCHEN)
2015-01-03 02:16 - 2015-01-03 02:16 - 00000000 ____D () C:\Users\ConQuest\Desktop\WTF (nicht LÖSCHEN)
2014-12-31 15:32 - 2014-12-31 15:32 - 00000197 _____ () C:\Windows\system32\2014-12-31-14-32-31.023-AvastVBoxSVC.exe-3864.log
2014-12-31 15:00 - 2014-12-31 15:01 - 05317104 _____ (Piriform Ltd) C:\Users\ConQuest\Downloads\ccsetup501.exe
2014-12-27 00:40 - 2014-12-27 00:40 - 00000000 ____D () C:\Users\ConQuest\AppData\Roaming\TradeSkillMaster
2014-12-27 00:37 - 2015-01-03 01:17 - 07665960 _____ () C:\Users\ConQuest\Downloads\TSMApplication.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-25 16:44 - 2014-11-19 01:06 - 00000000 ____D () C:\Users\ConQuest\AppData\Local\Battle.net
2015-01-25 16:40 - 2012-11-28 00:31 - 00000000 ____D () C:\Users\ConQuest
2015-01-25 16:34 - 2012-11-28 21:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-25 15:47 - 2014-06-11 20:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 15:18 - 2014-07-03 00:18 - 02019171 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 08:47 - 2014-06-11 20:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 07:52 - 2012-12-06 20:20 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BD7835C3-E6F2-4A20-82AB-4B9FD9529BF6}
2015-01-25 02:34 - 2012-11-28 21:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 02:34 - 2012-11-28 21:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 02:34 - 2012-11-28 21:30 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 22:40 - 2013-01-01 18:36 - 00000000 ____D () C:\Users\ConQuest\AppData\Local\Deployment
2015-01-24 22:23 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-24 19:05 - 2014-07-02 01:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-24 15:00 - 2009-07-14 05:45 - 00026320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 15:00 - 2009-07-14 05:45 - 00026320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-24 08:49 - 2014-07-05 02:51 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-23 20:31 - 2012-11-29 17:11 - 00000000 ____D () C:\Users\ConQuest\AppData\Roaming\Winamp
2015-01-23 20:30 - 2013-11-12 21:21 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-23 20:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 21:12 - 2014-11-29 15:24 - 00000000 ____D () C:\Users\ConQuest\AppData\Local\Purplizer
2015-01-22 21:08 - 2014-11-24 21:11 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-01-22 21:06 - 2014-11-29 15:17 - 00000000 ____D () C:\Users\ConQuest\AppData\Local\Overwolf
2015-01-18 17:32 - 2014-06-20 02:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-18 14:03 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-01-18 14:03 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-01-18 14:03 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-17 14:58 - 2013-02-18 17:30 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 03:11 - 2013-08-08 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:01 - 2012-11-28 08:25 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 20:39 - 2014-09-22 21:08 - 00000000 ____D () C:\Users\ConQuest\AppData\Roaming\TS3Client
2015-01-12 00:25 - 2012-12-06 22:15 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-01-06 04:36 - 2013-01-10 07:55 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-03 01:17 - 2012-11-28 00:31 - 00000000 ____D () C:\Users\ConQuest\AppData\Local\VirtualStore
2014-12-31 15:02 - 2014-07-02 23:51 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-31 15:02 - 2014-07-02 23:51 - 00000000 ____D () C:\Program Files\CCleaner
==================== Files in the root of some directories =======
2014-10-28 00:27 - 2014-10-28 00:27 - 0000008 _____ () C:\Users\ConQuest\AppData\Roaming\_
2012-11-28 00:57 - 2014-01-26 02:51 - 0007598 _____ () C:\Users\ConQuest\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 07:58
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
--- --- ---
[/CODE]
FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by ConQuest at 2015-01-25 16:45:10
Running from C:\Users\ConQuest\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-301963786-2994283448-3413475682-1000\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Acronis True Image WD*Edition (HKLM-x32\...\{9B683A28-2172-4CF1-B85D-41375E80652A}) (Version: 13.0.14189 - Acronis)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe CMM (HKLM-x32\...\Adobe_b7572144686c889e4039b734b60fbbd) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AmrAddonInstall (Version: 1.2.5.0 - Microsoft) Hidden
Ask Mr. Robot (HKLM-x32\...\{1014ae5f-86ca-4060-99c9-ac52b0b0e150}) (Version: 1.3.13.0 - Ask Mr. Robot)
Ask Mr. Robot (Version: 1.3.13.0 - Ask Mr. Robot) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Batman: Arkham Asylum Game of the Year Edition (HKLM-x32\...\{CFABC775-5386-4BA5-86B4-505BBD36E812}) (Version: 1.0.0.0 - Square Enix Limited)
Batman: Arkham City™ GOTY (HKLM-x32\...\GFWL_{57520FA0-DF38-46A1-8046-3B1000008500}) (Version: 1.0.0000.133 - WB Games)
Batman: Arkham City™ GOTY (x32 Version: 1.0.0000.133 - WB Games) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Counter-Strike Global Offensive MULTI-2 1.32.6.0 (HKLM-x32\...\Counter-Strike Global Offensive MULTI-2 1.32.6.0) (Version: - )
Curse Client (HKU\S-1-5-21-301963786-2994283448-3413475682-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Enfocus PitStop Pro (x32 Version: 11.2 - Enfocus Software) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IsoBuster 3.3 (HKLM-x32\...\IsoBuster3_is1) (Version: 3.3 - Smart Projects)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
JDownloader 0.9 (HKLM-x32\...\jdownloader09) (Version: 0.9 - AppWork GmbH)
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version: - )
L&H TTS3000 Español (HKLM-x32\...\LHTTSSPE) (Version: - )
L&H TTS3000 Français (HKLM-x32\...\LHTTSFRF) (Version: - )
L&H TTS3000 Russian (HKLM-x32\...\LHTTSRUR) (Version: - )
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version: - )
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaCoder 0.8.31.5648 (HKLM-x32\...\MediaCoder) (Version: 0.8.31.5648 - Mediatronic)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Mirror's Edge_is1) (Version: - )
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Care Suite PST 5.0 (HKLM-x32\...\{AE99EB61-1FB7-4AEB-87F7-FE4445416F11}) (Version: 2012.51.4.4 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.82.104.0 - Overwolf Ltd.)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
Quite Imposing Plus 3 (Deutsch) (HKLM-x32\...\qiplus3_uninstall.exe) (Version: - Quite Software Ltd.)
Rambo The Video Game (HKLM-x32\...\{48CB69A5-D098-4CA6-A58F-4255ED6DBE49}_is1) (Version: - Reef Entertainment)
Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam)
Robocraft version 0.3.290 (HKU\S-1-5-21-301963786-2994283448-3413475682-1000\...\{9F101691-69D3-422E-BB5C-8CAD7110781B}_is1) (Version: 0.3.290 - Freejam)
ROCCAT Kova[+] Mouse Driver (HKLM-x32\...\{A86DDFE3-F661-461C-9BF2-876AC2CA57DE}) (Version: 1.10 - Roccat GmbH)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steamless Counter Strike Source Pack (HKLM-x32\...\Steamless Counter Strike Source Pack) (Version: 1.0 - Steamless)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-301963786-2994283448-3413475682-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version: - Blizzard Entertainment)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-301963786-2994283448-3413475682-1000_Classes\CLSID\{7875072e-baef-4d02-987f-7f01f462ca1b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
==================== Restore Points =========================
25-11-2014 21:37:06 Windows Update
02-12-2014 10:15:41 Windows Update
05-12-2014 16:29:49 Windows Update
09-12-2014 20:54:59 Windows Update
10-12-2014 03:01:05 Windows Update
12-12-2014 21:02:20 Windows Update
13-12-2014 13:30:12 Windows Update
13-12-2014 13:41:05 Windows Update
14-12-2014 03:00:16 Windows Update
18-12-2014 18:04:44 Windows Update
18-12-2014 18:09:49 Nokia Connectivity Cable Driver wird entfernt
18-12-2014 18:17:26 Installed Tukui Client.
23-12-2014 17:01:52 Windows Update
30-12-2014 12:15:50 Windows Update
31-12-2014 15:10:23 Removed Tukui Client.
02-01-2015 19:39:38 Windows Update
06-01-2015 08:39:28 Windows Update
09-01-2015 16:59:37 Windows Update
13-01-2015 22:22:28 Windows Update
14-01-2015 03:00:17 Windows Update
17-01-2015 14:50:31 Windows Update
21-01-2015 08:01:05 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-06-18 22:30 - 00000924 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 lm.licenses.adobe.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1EF042AC-AE9C-4387-BE0B-4614CE740742} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {1F8CABF1-8CF5-469E-A1FC-6276BCDDF82F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-12] (AVAST Software)
Task: {4C532AA6-CDCC-492F-85FD-B352A7AC28E8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {8A8A9F09-C25F-466B-97F7-E1DF80273580} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {95EF1A0C-C519-47EE-9691-1BE33A787F81} - System32\Tasks\Games\UpdateCheck_S-1-5-21-301963786-2994283448-3413475682-1000
Task: {BBDCED8C-BF61-478B-BF7A-DF3F9E5C82C5} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe
Task: {E04C47F6-51AF-4557-82CB-B250ED3FD6B7} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-01-12] (Overwolf LTD)
Task: {E38D5664-89E3-4BB9-AB16-4941D2500288} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-11] (Google Inc.)
Task: {E3DEEE92-0738-463B-9506-96B339E8356C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-11] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-10-26 21:17 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-05-10 16:23 - 2012-05-10 16:23 - 01233528 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2015-01-04 18:13 - 2015-01-04 01:22 - 16872448 _____ () C:\Users\ConQuest\Desktop\TSMApplication.exe
2012-05-10 16:16 - 2012-05-10 16:16 - 02673640 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
2015-01-24 20:39 - 2015-01-24 20:39 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012401\algo.dll
2015-01-25 16:43 - 2015-01-25 16:43 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012500\algo.dll
2012-05-10 16:16 - 2012-05-10 16:16 - 00071008 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll
2014-11-12 22:29 - 2014-11-12 22:29 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-12-07 00:18 - 2010-05-29 14:57 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\hiddriver.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-12-11 21:44 - 2014-12-11 21:44 - 26065408 _____ () F:\Games\World of Warcraft\Battle.net\Battle.net.5383\libcef.dll
2014-12-11 21:44 - 2014-12-11 21:44 - 00739840 _____ () F:\Games\World of Warcraft\Battle.net\Battle.net.5383\libGLESv2.dll
2014-12-11 21:44 - 2014-12-11 21:44 - 00907776 _____ () F:\Games\World of Warcraft\Battle.net\Battle.net.5383\platforms\qwindows.dll
2014-12-11 21:44 - 2014-12-11 21:44 - 00130048 _____ () F:\Games\World of Warcraft\Battle.net\Battle.net.5383\libEGL.dll
2014-12-11 21:44 - 2014-12-11 21:44 - 00020992 _____ () F:\Games\World of Warcraft\Battle.net\Battle.net.5383\imageformats\qgif.dll
2014-12-11 21:44 - 2014-12-11 21:44 - 00021504 _____ () F:\Games\World of Warcraft\Battle.net\Battle.net.5383\imageformats\qico.dll
2014-12-11 21:44 - 2014-12-11 21:44 - 00205312 _____ () F:\Games\World of Warcraft\Battle.net\Battle.net.5383\imageformats\qjpeg.dll
2014-12-11 21:44 - 2014-12-11 21:44 - 00225792 _____ () F:\Games\World of Warcraft\Battle.net\Battle.net.5383\imageformats\qmng.dll
2014-12-11 21:44 - 2014-12-11 21:44 - 00015872 _____ () F:\Games\World of Warcraft\Battle.net\Battle.net.5383\imageformats\qsvg.dll
2014-12-11 21:44 - 2014-12-11 21:44 - 00312832 _____ () F:\Games\World of Warcraft\Battle.net\Battle.net.5383\imageformats\qtiff.dll
2014-12-11 21:44 - 2014-12-11 21:44 - 00010240 _____ () F:\Games\World of Warcraft\Battle.net\Battle.net.5383\qml\QtQuick.2\qtquick2plugin.dll
2014-12-11 21:44 - 2014-12-11 21:44 - 00054272 _____ () F:\Games\World of Warcraft\Battle.net\Battle.net.5383\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2014-12-11 21:44 - 2014-12-11 21:44 - 00010240 _____ () F:\Games\World of Warcraft\Battle.net\Battle.net.5383\qml\QtQml\Models.2\modelsplugin.dll
2015-01-22 22:34 - 2015-01-22 22:34 - 16844464 ____N () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll
2015-01-24 08:49 - 2015-01-21 04:50 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll
2015-01-24 08:49 - 2015-01-21 04:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll
2015-01-24 08:49 - 2015-01-21 04:50 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Ask Mr. Robot => C:\Program Files\AskMrRobot\AmrTray.exe
MSCONFIG\startupreg: B Register C: =>
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
========================= Accounts: ==========================
Administrator (S-1-5-21-301963786-2994283448-3413475682-500 - Administrator - Disabled)
ConQuest (S-1-5-21-301963786-2994283448-3413475682-1000 - Administrator - Enabled) => C:\Users\ConQuest
Gast (S-1-5-21-301963786-2994283448-3413475682-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-301963786-2994283448-3413475682-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/20/2015 10:57:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.3.3234, Zeitstempel: 0x4fe1f6d1
Name des fehlerhaften Moduls: winamp.exe, Version: 5.6.3.3234, Zeitstempel: 0x4fe1f6d1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000126ca
ID des fehlerhaften Prozesses: 0x11cc
Startzeit der fehlerhaften Anwendung: 0xwinamp.exe0
Pfad der fehlerhaften Anwendung: winamp.exe1
Pfad des fehlerhaften Moduls: winamp.exe2
Berichtskennung: winamp.exe3
Error: (01/18/2015 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (01/18/2015 05:30:53 PM) (Source: Office Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C020
Sku Id=fdf3ecb9-b56f-43b2-a9b8-1b48b6bae1a7
Error: (01/18/2015 05:30:53 PM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C020
Error: (01/18/2015 05:25:18 PM) (Source: Office Software Protection Platform Service) (EventID: 1012) (User: )
Description: Acquisition of Product Certificate failed. hr=0xC004C003
Sku Id=fdf3ecb9-b56f-43b2-a9b8-1b48b6bae1a7
Error: (01/18/2015 05:25:18 PM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C003
Error: (01/18/2015 06:51:36 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020
Error: (01/15/2015 06:47:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 39.0.2171.95, Zeitstempel: 0x548243f3
Name des fehlerhaften Moduls: Direct3DVideoOutput.dll, Version: 1.5.0.764, Zeitstempel: 0x546d810e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00004ab8
ID des fehlerhaften Prozesses: 0x1694
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Error: (01/11/2015 10:06:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.0.8.1, Zeitstempel: 0x546e4a58
Name des fehlerhaften Moduls: mbamservice.exe, Version: 3.0.8.1, Zeitstempel: 0x546e4a58
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00051a5d
ID des fehlerhaften Prozesses: 0x9e0
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3
Error: (01/11/2015 07:00:11 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
System errors:
=============
Error: (01/24/2015 10:06:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Hotspot Shield Monitoring Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/18/2015 02:04:09 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (01/18/2015 02:04:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (01/18/2015 02:04:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (01/11/2015 10:06:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/11/2015 09:57:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (01/02/2015 09:14:25 PM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (12/31/2014 03:30:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/31/2014 03:30:46 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
Error: (12/18/2014 06:04:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Hotspot Shield Monitoring Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (01/20/2015 10:57:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: winamp.exe5.6.3.32344fe1f6d1winamp.exe5.6.3.32344fe1f6d1c0000005000126ca11cc01d03263cba054e7C:\Program Files (x86)\Winamp\winamp.exeC:\Program Files (x86)\Winamp\winamp.exe4e482d89-a0ef-11e4-ad4d-002185124389
Error: (01/18/2015 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (01/18/2015 05:30:53 PM) (Source: Office Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C020fdf3ecb9-b56f-43b2-a9b8-1b48b6bae1a7
Error: (01/18/2015 05:30:53 PM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C02000010001(0x00000000, 17:30:52:927 - hxxp://go.microsoft.com/fwlink/?LinkID=120752)
00020001(0x00000000, 17:30:52:928)
00030001(0x00000000, 17:30:52:928 - hxxp://go.microsoft.com)
00030002(0x00000000, 17:30:52:928 - 1)
00020005(0x00000000, 17:30:52:928 - 0)
0002000C(0x00000000, 17:30:53:109 - 302)
0002000E(0x00000000, 17:30:53:109 - https://activation.sls.microsoft.com/sllicensing/SLLicense.asmx?configextension=o14)
00020001(0x00000000, 17:30:53:109)
00030001(0x00000000, 17:30:53:109 - https://activation.sls.microsoft.com)
00030002(0x00000000, 17:30:53:109 - 1)
00020005(0x00000000, 17:30:53:109 - 0)
0002000C(0x00000000, 17:30:53:762 - 500)
00010002(0x8004FC01, 17:30:53:763 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C020</HRESULT><Messages><Message>127 (Activation) - [PA DMAK limit exceeded. ---> DMAK limit exceeded]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 17:30:53:764)
Error: (01/18/2015 05:25:18 PM) (Source: Office Software Protection Platform Service) (EventID: 1012) (User: )
Description: hr=0xC004C003fdf3ecb9-b56f-43b2-a9b8-1b48b6bae1a7
Error: (01/18/2015 05:25:18 PM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C00300010001(0x00000000, 17:25:17:558 - hxxp://go.microsoft.com/fwlink/?LinkID=120751)
00020001(0x00000000, 17:25:17:559)
00030001(0x00000000, 17:25:17:559 - hxxp://go.microsoft.com)
00030002(0x00000000, 17:25:17:559 - 1)
00020005(0x00000000, 17:25:17:559 - 0)
0002000C(0x00000000, 17:25:17:813 - 302)
0002000E(0x00000000, 17:25:17:813 - https://activation.sls.microsoft.com/slpkc/SLCertifyProduct.asmx?configextension=o14)
00020001(0x00000000, 17:25:17:813)
00030001(0x00000000, 17:25:17:813 - https://activation.sls.microsoft.com)
00030002(0x00000000, 17:25:17:813 - 1)
00020005(0x00000000, 17:25:17:813 - 0)
0002000C(0x00000000, 17:25:18:031 - 500)
00010002(0x8004FC01, 17:25:18:031 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C003</HRESULT><Messages><Message>103 (Activation) - [PA Product key blocked. ---> Product key blocked]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 17:25:18:066)
Error: (01/18/2015 06:51:36 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020
System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Error: (01/15/2015 06:47:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.95548243f3Direct3DVideoOutput.dll1.5.0.764546d810ec000000500004ab8169401d0305fc3dd82fdC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\DivX\Codecs\Direct3DVideoOutput.dll965355c6-9cde-11e4-be11-002185124389
Error: (01/11/2015 10:06:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.8.1546e4a58mbamservice.exe3.0.8.1546e4a58c000000500051a5d9e001d02de205cbab23C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exea54a1a45-99d5-11e4-8434-002185124389
Error: (01/11/2015 07:00:11 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
CodeIntegrity Errors:
===================================
Date: 2013-10-22 22:52:47.386
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 37%
Total physical RAM: 4095.16 MB
Available physical RAM: 2560.8 MB
Total Pagefile: 10235.34 MB
Available Pagefile: 7842.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:200 GB) (Free:32.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: () (Fixed) (Total:731.51 GB) (Free:206.41 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9DE16928)
Partition 1: (Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=731.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
--- --- --- Code:
GMER Logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-25 17:08:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-6 WDC_WD10EZRX-00A8LB0 rev.01.01A01 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\ConQuest\AppData\Local\Temp\pwtorkow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448 fffff800025c0000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 495 fffff800025c002f 23 bytes [00, 00, 10, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1752] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000771a8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076fa1401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1752] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076fa1419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076fa1431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076fa144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1752] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076fa14dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076fa14f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076fa150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076fa1525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076fa153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1752] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076fa1555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1752] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076fa156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1752] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076fa1585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076fa159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076fa15b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076fa15cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076fa16b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076fa16bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe[6848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076fa1401 2 bytes JMP 771cb21b C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe[6848] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076fa1419 2 bytes JMP 771cb346 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe[6848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076fa1431 2 bytes JMP 77248ea9 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe[6848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076fa144a 2 bytes CALL 771a48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe[6848] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076fa14dd 2 bytes JMP 772487a2 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe[6848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076fa14f5 2 bytes JMP 77248978 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe[6848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076fa150d 2 bytes JMP 77248698 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe[6848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076fa1525 2 bytes JMP 77248a62 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe[6848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076fa153d 2 bytes JMP 771bfca8 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe[6848] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076fa1555 2 bytes JMP 771c68ef C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe[6848] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076fa156d 2 bytes JMP 77248f61 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe[6848] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076fa1585 2 bytes JMP 77248ac2 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe[6848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076fa159d 2 bytes JMP 7724865c C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe[6848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076fa15b5 2 bytes JMP 771bfd41 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe[6848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076fa15cd 2 bytes JMP 771cb2dc C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe[6848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076fa16b2 2 bytes JMP 77248e24 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe[6848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076fa16bd 2 bytes JMP 772485f1 C:\Windows\syswow64\kernel32.dll
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd508795
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd508795@d82a7eb385e7 0x4B 0xC5 0x4F 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd508795@5c2e59d91ca9 0x6B 0x14 0x0D 0xDE ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd508795 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd508795@d82a7eb385e7 0x4B 0xC5 0x4F 0xED ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd508795@5c2e59d91ca9 0x6B 0x14 0x0D 0xDE ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
--- --- ---
|
So funktioniert es: