Ließ sich ganz einfach über die Systemsteuerung deinstallieren =) Code:
# AdwCleaner v4.109 - Bericht erstellt am 28/01/2015 um 02:23:11
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Adrian - ADRIAN-PC
# Gestartet von : C:\Users\Adrian\Downloads\AdwCleaner_4.109.exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : netfilter64
Dienst Gefunden : rqpbhevlkc64
Dienst Gefunden : rqpbhevlkc64
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\nw9ljsvn.default\searchplugins\SafeFinder Search.xml
Datei Gefunden : C:\Windows\System32\drivers\netfilter64.sys
Ordner Gefunden : C:\Program Files\004
Ordner Gefunden : C:\Program Files\004
Ordner Gefunden : C:\Program Files\CouponDownloader
Ordner Gefunden : C:\Users\Adrian\Documents\PC Speed Maximizer
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\InstallCore
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5Hck8tJuhH3uMX7UczfMFU8ruDRpd9ZQ9rOh3KP-RI6ZOHLMRppiQCkNC6VSHfGxbaqTpCPsK_2h4iwV1yGYov8NsrwSkrjB-d8_0-hv19OeL3q3hX-Rr2ZcDqcoY_S9-oNH_2BLJRMbTrzVZwx2Uw,,&q={searchTerms}
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5Hck8tJuhH3uMX7UczfMFU8ruDRpd9ZQ9rOh3KP-RI6ZOHLMRppiQCkNC6VSHfGxbaaeLtAh0pMxgFJLuMWfPXo0-tzsSd1teXFwQQuD01Lak6UU51t8fAYq4HUeKVhqAfIRuZzc2CRuBKp7vb9wwA,,
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5Hck8tJuhH3uMX7UczfMFU8ruDRpd9ZQ9rOh3KP-RI6ZOHLMRppiQCkNC6VSHfGxbaqTpCPsK_2h4iwV1yGYov8NsrwSkrjB-d8_0-hv19OeL3q3hX-Rr2ZcDqcoY_S9-oNH_2BLJRMbTrzVZwx2Uw,,&q={searchTerms}
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5Hck8tJuhH3uMX7UczfMFU8ruDRpd9ZQ9rOh3KP-RI6ZOHLMRppiQCkNC6VSHfGxbaqTpCPsK_2h4iwV1yGYov8NsrwSkrjB-d8_0-hv19OeL3q3hX-Rr2ZcDqcoY_S9-oNH_2BLJRMbTrzVZwx2Uw,,&q={searchTerms}
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5Hck8tJuhH3uMX7UczfMFU8ruDRpd9ZQ9rOh3KP-RI6ZOHLMRppiQCkNC6VSHfGxbaqTpCPsK_2h4iwV1yGYov8NsrwSkrjB-d8_0-hv19OeL3q3hX-Rr2ZcDqcoY_S9-oNH_2BLJRMbTrzVZwx2Uw,,&q={searchTerms}
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5Hck8tJuhH3uMX7UczfMFU8ruDRpd9ZQ9rOh3KP-RI6ZOHLMRppiQCkNC6VSHfGxbaqTpCPsK_2h4iwV1yGYov8NsrwSkrjB-d8_0-hv19OeL3q3hX-Rr2ZcDqcoY_S9-oNH_2BLJRMbTrzVZwx2Uw,,&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5Hck8tJuhH3uMX7UczfMFU8ruDRpd9ZQ9rOh3KP-RI6ZOHLMRppiQCkNC6VSHfGxbaqTpCPsK_2h4iwV1yGYov8NsrwSkrjB-d8_0-hv19OeL3q3hX-Rr2ZcDqcoY_S64cr4Vx7VgiJkirNSXYp2lA,,&q={searchTerms}
-\\ Mozilla Firefox v35.0.1 (x86 de)
[nw9ljsvn.default] - Zeile gefunden : user_pref("browser.search.selectedEngine", "SafeFinder Search");
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.helperbar.DockingPositionDown", false);
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.helperbar.SmartbarDisabled", false);
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.helperbar.Visibility", false);
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.helperbar.backPageCapacity", 3);
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.helperbar.backPageCounter", 0);
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.helperbar.backPageDay", 20);
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.helperbar.backPageLastEvent", "1408375556678");
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.helperbar.backPageMinInterval", 15);
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.helperbar.barcodeid", "144150");
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.helperbar.countryiso", "de");
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.helperbar.downloadprovider", "irssf");
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[],\\\"hxxpInjection\\\":\\\"hxxp:\\\\\\/\\\\\\/az412617.vo.msecnd.net\\\\\\/scripts\\\\\\/crt.js\\\",\\\"hxxpsInje[...]
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.helperbar.fromautoupdate", "false");
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.helperbar.installationid", "9af9ac0a-bfcc-b995-d140-fedaceb198e8");
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.helperbar.installdate", "20/08/2014");
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.helperbar.iswinxp", "false");
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.helperbar.keepAliveLastevent", "1408545401");
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.helperbar.lastExternalJsUpdate", "1408548363199");
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.helperbar.publisher", "irssf");
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"147f080170c19-076d7b23dbe6f78-42504136-0-147f080170d4c2\"");
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"213831e6b6b10eb6e7b4f499ac618c14f9a0f9d8\"");
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.safesearch.install", "1408489232144");
[nw9ljsvn.default] - Zeile gefunden : user_pref("extensions.safesearch@avira.com.install-event-fired", true);
[nw9ljsvn.default] - Zeile gefunden : user_pref("keyword.URL", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5Hck8tJuhH3uMX7UczfMFU8ruDRpd9ZQ9rOh3KP-RI6ZOHLMRppiQCkNC6VSHfGxbaqTpCPsK_2h4iwV1yGYov8NsrwS[...]
*************************
AdwCleaner[R0].txt - [7903 octets] - [28/01/2015 02:23:11]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7963 octets] ########## Code:
# AdwCleaner v4.109 - Bericht erstellt am 28/01/2015 um 02:23:56
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Adrian - ADRIAN-PC
# Gestartet von : C:\Users\Adrian\Downloads\AdwCleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : netfilter64
Dienst Gelöscht : rqpbhevlkc64
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files\004
Ordner Gelöscht : C:\Program Files\CouponDownloader
Ordner Gelöscht : C:\Users\Adrian\Documents\PC Speed Maximizer
Datei Gelöscht : C:\Windows\System32\drivers\netfilter64.sys
Datei Gelöscht : C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\nw9ljsvn.default\searchplugins\SafeFinder Search.xml
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v35.0.1 (x86 de)
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "SafeFinder Search");
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false);
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.backPageCapacity", 3);
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.backPageCounter", 0);
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.backPageDay", 20);
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.backPageLastEvent", "1408375556678");
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.backPageMinInterval", 15);
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.barcodeid", "144150");
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "irssf");
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[],\\\"hxxpInjection\\\":\\\"hxxp:\\\\\\/\\\\\\/az412617.vo.msecnd.net\\\\\\/scripts\\\\\\/crt.js\\\",\\\"hxxpsInje[...]
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.fromautoupdate", "false");
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.installationid", "9af9ac0a-bfcc-b995-d140-fedaceb198e8");
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.installdate", "20/08/2014");
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.iswinxp", "false");
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1408545401");
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1408548363199");
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.publisher", "irssf");
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"147f080170c19-076d7b23dbe6f78-42504136-0-147f080170d4c2\"");
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"213831e6b6b10eb6e7b4f499ac618c14f9a0f9d8\"");
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.install", "1408489232144");
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch@avira.com.install-event-fired", true);
[nw9ljsvn.default\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5Hck8tJuhH3uMX7UczfMFU8ruDRpd9ZQ9rOh3KP-RI6ZOHLMRppiQCkNC6VSHfGxbaqTpCPsK_2h4iwV1yGYov8NsrwS[...]
*************************
AdwCleaner[R0].txt - [8075 octets] - [28/01/2015 02:23:11]
AdwCleaner[S0].txt - [6108 octets] - [28/01/2015 02:23:56]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6168 octets] ########## Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 28.01.2015
Suchlauf-Zeit: 02:32:00
Logdatei: a.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.01.28.01
Rootkit Datenbank: v2015.01.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Adrian
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 331355
Verstrichene Zeit: 7 Min, 13 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 2
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 5628, Löschen bei Neustart, [0849886f5e2b93a3670487f67e857090]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, 2032, Löschen bei Neustart, [0849886f5e2b93a3670487f67e857090]
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 3
PUP.Optional.Snapdo.T, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Löschen bei Neustart, [96bb1bdcf693da5c635074bdca39cb35],
PUP.Optional.CompatibilityVerifier.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Verifies and fixes application compatibility issues, In Quarantäne, [0849886f5e2b93a3670487f67e857090],
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-3579592859-3594887549-3632172591-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, Löschen bei Neustart, [6ee3fdfad4b577bf8ab3a0f4748f4fb1],
Registrierungswerte: 1
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-3579592859-3594887549-3632172591-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, IrsSF, Löschen bei Neustart, [6ee3fdfad4b577bf8ab3a0f4748f4fb1]
Registrierungsdaten: 6
PUP.Optional.SafeFinder.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5Hck8tJuhH3uMX7UczfMFU8ruDRpd9ZQ9rOh3KP-RI6ZOHLMRppiQCkNC6VSHfGxbaaeLtAh0pMxgFJLuMWfPXo0-tzsSd1teXFwQQuD01Lak6UU51t8fAYq4HUeKVht5JzqbVmhBn0xQQgqLK8iig,,, Gut: (www.google.com), Schlecht: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5Hck8tJuhH3uMX7UczfMFU8ruDRpd9ZQ9rOh3KP-RI6ZOHLMRppiQCkNC6VSHfGxbaaeLtAh0pMxgFJLuMWfPXo0-tzsSd1teXFwQQuD01Lak6UU51t8fAYq4HUeKVht5JzqbVmhBn0xQQgqLK8iig,,),Löschen bei Neustart,[6ee3af483950092d42a03e5edc297b85]
PUP.Optional.SafeFinder.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5Hck8tJuhH3uMX7UczfMFU8ruDRpd9ZQ9rOh3KP-RI6ZOHLMRppiQCkNC6VSHfGxbaqTpCPsK_2h4iwV1yGYov8NsrwSkrjB-d8_0-hv19OeL3q3hX-Rr2ZcDqcoY_S64cr4Vx7VgiJkirNSXYp2lA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5Hck8tJuhH3uMX7UczfMFU8ruDRpd9ZQ9rOh3KP-RI6ZOHLMRppiQCkNC6VSHfGxbaqTpCPsK_2h4iwV1yGYov8NsrwSkrjB-d8_0-hv19OeL3q3hX-Rr2ZcDqcoY_S64cr4Vx7VgiJkirNSXYp2lA,,&q={searchTerms}),Löschen bei Neustart,[341dab4c2b5ea393994ed7c510f5f20e]
PUP.Optional.SafeFinder.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5Hck8tJuhH3uMX7UczfMFU8ruDRpd9ZQ9rOh3KP-RI6ZOHLMRppiQCkNC6VSHfGxbaqTpCPsK_2h4iwV1yGYov8NsrwSkrjB-d8_0-hv19OeL3q3hX-Rr2ZcDqcoY_S64cr4Vx7VgiJkirNSXYp2lA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5Hck8tJuhH3uMX7UczfMFU8ruDRpd9ZQ9rOh3KP-RI6ZOHLMRppiQCkNC6VSHfGxbaqTpCPsK_2h4iwV1yGYov8NsrwSkrjB-d8_0-hv19OeL3q3hX-Rr2ZcDqcoY_S64cr4Vx7VgiJkirNSXYp2lA,,&q={searchTerms}),Löschen bei Neustart,[52ff4aad157461d5747118842cd93fc1]
PUP.Optional.SafeFinder.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5Hck8tJuhH3uMX7UczfMFU8ruDRpd9ZQ9rOh3KP-RI6ZOHLMRppiQCkNC6VSHfGxbaqTpCPsK_2h4iwV1yGYov8NsrwSkrjB-d8_0-hv19OeL3q3hX-Rr2ZcDqcoY_S64cr4Vx7VgiJkirNSXYp2lA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5Hck8tJuhH3uMX7UczfMFU8ruDRpd9ZQ9rOh3KP-RI6ZOHLMRppiQCkNC6VSHfGxbaqTpCPsK_2h4iwV1yGYov8NsrwSkrjB-d8_0-hv19OeL3q3hX-Rr2ZcDqcoY_S64cr4Vx7VgiJkirNSXYp2lA,,&q={searchTerms}),Löschen bei Neustart,[bc95b6415c2db5813bafa0fc45c0b050]
PUP.Optional.SafeFinder.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5Hck8tJuhH3uMX7UczfMFU8ruDRpd9ZQ9rOh3KP-RI6ZOHLMRppiQCkNC6VSHfGxbaqTpCPsK_2h4iwV1yGYov8NsrwSkrjB-d8_0-hv19OeL3q3hX-Rr2ZcDqcoY_S64cr4Vx7VgiJkirNSXYp2lA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5Hck8tJuhH3uMX7UczfMFU8ruDRpd9ZQ9rOh3KP-RI6ZOHLMRppiQCkNC6VSHfGxbaqTpCPsK_2h4iwV1yGYov8NsrwSkrjB-d8_0-hv19OeL3q3hX-Rr2ZcDqcoY_S64cr4Vx7VgiJkirNSXYp2lA,,&q={searchTerms}),Löschen bei Neustart,[8fc2b146bccd1c1aca217a220df89f61]
PUP.Optional.SafeFinder.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5Hck8tJuhH3uMX7UczfMFU8ruDRpd9ZQ9rOh3KP-RI6ZOHLMRppiQCkNC6VSHfGxbaqTpCPsK_2h4iwV1yGYov8NsrwSkrjB-d8_0-hv19OeL3q3hX-Rr2ZcDqcoY_S64cr4Vx7VgiJkirNSXYp2lA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5Hck8tJuhH3uMX7UczfMFU8ruDRpd9ZQ9rOh3KP-RI6ZOHLMRppiQCkNC6VSHfGxbaqTpCPsK_2h4iwV1yGYov8NsrwSkrjB-d8_0-hv19OeL3q3hX-Rr2ZcDqcoY_S64cr4Vx7VgiJkirNSXYp2lA,,&q={searchTerms}),Löschen bei Neustart,[40112ec9d1b8fd39806d1884ba4b9868]
Ordner: 2
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier, Löschen bei Neustart, [0849886f5e2b93a3670487f67e857090],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\locales, In Quarantäne, [0849886f5e2b93a3670487f67e857090],
Dateien: 14
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef.pak, In Quarantäne, [0849886f5e2b93a3670487f67e857090],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, In Quarantäne, [0849886f5e2b93a3670487f67e857090],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, In Quarantäne, [0849886f5e2b93a3670487f67e857090],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, In Quarantäne, [0849886f5e2b93a3670487f67e857090],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, Löschen bei Neustart, [0849886f5e2b93a3670487f67e857090],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, In Quarantäne, [0849886f5e2b93a3670487f67e857090],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\debug.log, In Quarantäne, [0849886f5e2b93a3670487f67e857090],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, In Quarantäne, [0849886f5e2b93a3670487f67e857090],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\icudtl.dat, In Quarantäne, [0849886f5e2b93a3670487f67e857090],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, In Quarantäne, [0849886f5e2b93a3670487f67e857090],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, In Quarantäne, [0849886f5e2b93a3670487f67e857090],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, In Quarantäne, [0849886f5e2b93a3670487f67e857090],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, In Quarantäne, [0849886f5e2b93a3670487f67e857090],
Worm.Zhelatin, C:\Windows\System32\fsvk.exe.exe, In Quarantäne, [73deda1db5d40c2a40bbe722f1138f71],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end)
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Adrian (administrator) on ADRIAN-PC on 28-01-2015 02:50:17
Running from C:\Users\Adrian\Downloads
Loaded Profiles: Adrian (Available profiles: Adrian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Game Inc.) C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-03-06] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe [1803264 2012-06-07] (Game Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\...\MountPoints2: {b9e95629-6a8c-11e4-96a5-448a5b8fc06d} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\...\MountPoints2: {e738d354-2979-11e4-b5ff-448a5b8fc06d} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\...\MountPoints2: {f1df56f7-47c6-11e4-8f77-448a5b8fc06d} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3579592859-3594887549-3632172591-1000 -> {8E30193F-86CB-4E6F-826C-6C5D845D7BEA} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
FireFox:
========
FF ProfilePath: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\nw9ljsvn.default
FF Homepage: https://www.google.de
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF SearchPlugin: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\nw9ljsvn.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\nw9ljsvn.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\nw9ljsvn.default\searchplugins\google-maps.xml
FF Extension: Avira Browser Safety - C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\nw9ljsvn.default\Extensions\abs@avira.com [2014-12-12]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-27]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2014-03-06] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-09] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-30] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-21] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-21] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-09-26] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-07] (Disc Soft Ltd)
S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
R3 GameKB; C:\Windows\System32\drivers\GameKB.sys [27648 2012-05-11] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-02-26] (Intel Corporation)
R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-02-09] ()
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-10-25] (Realtek Semiconductor Corporation )
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 02:49 - 2015-01-28 02:49 - 00009094 _____ () C:\Users\Adrian\Documents\a.txt
2015-01-28 02:22 - 2015-01-28 02:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-28 02:22 - 2015-01-28 02:22 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-28 02:22 - 2015-01-28 02:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-28 02:22 - 2015-01-28 02:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-28 02:22 - 2015-01-28 02:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-28 02:22 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-28 02:22 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-28 02:22 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-28 02:21 - 2015-01-28 02:21 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Adrian\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-28 02:20 - 2015-01-28 02:24 - 00000000 ____D () C:\AdwCleaner
2015-01-28 02:19 - 2015-01-28 02:19 - 02194432 _____ () C:\Users\Adrian\Downloads\AdwCleaner_4.109.exe
2015-01-27 23:41 - 2015-01-27 23:42 - 00014648 _____ () C:\Users\Adrian\Documents\Ereignisse.txt
2015-01-27 23:23 - 2015-01-27 23:23 - 39712504 _____ () C:\Users\Adrian\Downloads\Firefox_Setup_de35.0.1 (1).exe
2015-01-27 23:23 - 2015-01-27 23:23 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-27 23:23 - 2015-01-27 23:23 - 00001167 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-27 23:23 - 2015-01-27 23:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 23:22 - 2015-01-27 23:22 - 39712504 _____ () C:\Users\Adrian\Downloads\Firefox_Setup_de35.0.1.exe
2015-01-27 23:21 - 2015-01-27 23:21 - 00000000 __SHD () C:\Users\Adrian\AppData\Local\EmieBrowserModeList
2015-01-27 05:14 - 2015-01-27 23:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-27 03:24 - 2015-01-28 02:50 - 00012372 _____ () C:\Users\Adrian\Downloads\FRST.txt
2015-01-27 03:24 - 2015-01-27 03:25 - 00025350 _____ () C:\Users\Adrian\Downloads\Addition.txt
2015-01-27 03:23 - 2015-01-28 02:50 - 00000000 ____D () C:\FRST
2015-01-27 03:22 - 2015-01-27 03:22 - 02129920 _____ (Farbar) C:\Users\Adrian\Downloads\FRST64.exe
2015-01-26 16:41 - 2015-01-28 00:06 - 00000112 _____ () C:\ProgramData\4npSXS.dat
2015-01-26 12:22 - 2015-01-26 12:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-26 12:22 - 2015-01-26 12:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-26 02:15 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-26 02:15 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-26 02:15 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-26 02:15 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-26 02:15 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-26 02:15 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-26 02:15 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-26 02:15 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-26 02:15 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-26 02:15 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-26 02:15 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-26 02:15 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-26 02:15 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-12-30 15:59 - 2014-12-30 15:59 - 01534736 _____ () C:\Users\Adrian\Downloads\battlelog-web-plugins_2.6.2_154.exe
2014-12-30 15:58 - 2014-12-30 15:58 - 00001214 _____ () C:\Users\Public\Desktop\Battlefield 4.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 02:48 - 2009-07-14 05:45 - 00020288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 02:48 - 2009-07-14 05:45 - 00020288 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 02:46 - 2011-04-12 08:43 - 00700146 _____ () C:\Windows\system32\perfh007.dat
2015-01-28 02:46 - 2011-04-12 08:43 - 00149784 _____ () C:\Windows\system32\perfc007.dat
2015-01-28 02:46 - 2009-07-14 06:13 - 01622778 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 02:41 - 2014-10-03 13:39 - 00055392 _____ () C:\Windows\setupact.log
2015-01-28 02:40 - 2014-10-24 06:49 - 00005956 _____ () C:\Windows\PFRO.log
2015-01-28 02:40 - 2014-08-19 18:57 - 01866061 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 02:40 - 2014-08-15 08:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-28 02:40 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 02:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2015-01-28 02:13 - 2014-08-19 19:53 - 00000000 ____D () C:\Users\Adrian\AppData\Local\Battle.net
2015-01-28 01:24 - 2014-11-10 00:07 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-01-27 23:58 - 2014-08-21 22:33 - 00000000 ____D () C:\Users\Adrian\AppData\Roaming\TS3Client
2015-01-27 23:20 - 2014-04-03 06:44 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-26 03:01 - 2014-08-20 23:41 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-26 03:00 - 2014-08-20 23:41 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-01 21:37 - 2014-11-23 13:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-30 22:54 - 2014-08-20 17:10 - 00000000 ____D () C:\ProgramData\Origin
2014-12-30 22:47 - 2014-08-20 17:10 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-30 16:01 - 2014-08-21 02:17 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-12-30 15:59 - 2014-08-21 02:17 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-12-30 15:58 - 2014-09-30 11:37 - 00001190 _____ () C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
==================== Files in the root of some directories =======
2015-01-26 16:41 - 2015-01-28 00:06 - 0000112 _____ () C:\ProgramData\4npSXS.dat
2014-08-15 08:24 - 2014-08-15 08:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\ProgramData\4npSXS.dat
Some content of TEMP:
====================
C:\Users\Adrian\AppData\Local\Temp\avgnt.exe
C:\Users\Adrian\AppData\Local\Temp\AviraSetup84209.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-25 21:02
==================== End Of Log ============================ --- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Adrian at 2015-01-28 02:50:36
Running from C:\Users\Adrian\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira System Speedup 1.5 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.5 - 2000 - 2014 Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.2.1000 - Intel Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
SHARKOON Skiller (HKLM-x32\...\{91C25547-9534-41A5-823A-1E54BA16EA3F}) (Version: 1.00.0000 - )
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TP-LINK 300Mbps Wireless USB Adapter Treiber (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
Warcraft 3 (HKU\S-1-5-21-3579592859-3594887549-3632172591-1000\...\Warcraft 3) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
27-01-2015 23:20:18 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
28-01-2015 02:17:47 Removed LPT System Updater Service
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {9CD1D6D4-053F-400E-B04B-7F07AB34132B} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2014-12-11] (Avira Operations GmbH & Co. KG)
==================== Loaded Modules (whitelisted) =============
2014-08-15 08:25 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-21 03:02 - 2014-08-21 03:02 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-01-27 23:23 - 2015-01-23 11:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3579592859-3594887549-3632172591-500 - Administrator - Disabled)
Adrian (S-1-5-21-3579592859-3594887549-3632172591-1000 - Administrator - Enabled) => C:\Users\Adrian
Gast (S-1-5-21-3579592859-3594887549-3632172591-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3579592859-3594887549-3632172591-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/28/2015 02:42:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/28/2015 02:41:01 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcX509CertManager::KeyCertInit failed [0]
Error: (01/28/2015 02:26:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/28/2015 02:25:05 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcX509CertManager::KeyCertInit failed [0]
Error: (01/28/2015 02:00:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0009587e
ID des fehlerhaften Prozesses: 0xecc
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Error: (01/27/2015 11:00:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0009587e
ID des fehlerhaften Prozesses: 0x1a1c
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Error: (01/27/2015 07:47:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0029a827
ID des fehlerhaften Prozesses: 0x888
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Error: (01/27/2015 05:24:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54bd82c9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0009587e
ID des fehlerhaften Prozesses: 0x1964
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Error: (01/27/2015 03:52:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/27/2015 03:50:28 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcX509CertManager::KeyCertInit failed [0]
System errors:
=============
Error: (01/28/2015 02:24:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/28/2015 02:24:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/28/2015 02:24:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/28/2015 02:24:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/28/2015 02:24:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/28/2015 02:24:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Compatibility Verify" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/28/2015 02:24:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/28/2015 02:24:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/28/2015 02:24:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/28/2015 02:24:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Skype Click to Call PNR Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (01/28/2015 02:42:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/28/2015 02:41:01 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcX509CertManager::KeyCertInit failed [0]
Error: (01/28/2015 02:26:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/28/2015 02:25:05 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcX509CertManager::KeyCertInit failed [0]
Error: (01/28/2015 02:00:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054bd82c9compatibilitycheck.exe0.0.0.054bd82c9c00000050009587eecc01d03a955b6ddb18C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe07542b1e-a689-11e4-a1cf-448a5b8fc06d
Error: (01/27/2015 11:00:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054bd82c9compatibilitycheck.exe0.0.0.054bd82c9c00000050009587e1a1c01d03a7c6258e81bC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exee9c8bb43-a66f-11e4-a1cf-448a5b8fc06d
Error: (01/27/2015 07:47:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054bd82c9compatibilitycheck.exe0.0.0.054bd82c9c00000050029a82788801d03a61702ac20aC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exefbdff004-a654-11e4-a1cf-448a5b8fc06d
Error: (01/27/2015 05:24:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054bd82c9compatibilitycheck.exe0.0.0.054bd82c9c00000050009587e196401d03a4d67d77babC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeee2b2c4a-a640-11e4-a1cf-448a5b8fc06d
Error: (01/27/2015 03:52:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/27/2015 03:50:28 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcX509CertManager::KeyCertInit failed [0]
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4690 CPU @ 3.50GHz
Percentage of memory in use: 22%
Total physical RAM: 8120.02 MB
Available physical RAM: 6318.95 MB
Total Pagefile: 16238.21 MB
Available Pagefile: 14141.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:111.79 GB) (Free:10.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data1) (Fixed) (Total:931.51 GB) (Free:931.31 GB) NTFS
Drive g: () (CDROM) (Total:1.07 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 50489017)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 50489002)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================ Hoffe mal hab alles richig gemacht :D |