Ich habe auf den Rat eines Kollegen Kaspersky Internet Security herunter geschmissen
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by Thomas (administrator) on THOMAS-PC on 29-01-2014 14:39:08
Running from C:\Users\Thomas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Thomas\AppData\Roaming\Spotify\spotify.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Blizzard Entertainment) C:\World of Warcraft\Wow-64.exe
(Blizzard Entertainment) C:\World of Warcraft\Wow-64.exe
(Blizzard Entertainment) C:\World of Warcraft\Utils\WowBrowserProxy.exe
() C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Blizzard Entertainment) C:\World of Warcraft\Utils\WowBrowserProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-03] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM-x32\...\Run: [CommonToolkitTray] - C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1497120 2013-07-08] (SPAMfighter ApS)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify] - C:\Users\Thomas\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-15] (Spotify Ltd)
AppInit_DLLs: � => File Not Found
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6E700D2158BFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=68288C89A5CBB570&affID=119557&tsp=4966
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=wnzp1202&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0C0B0ByDyBtDzytAzztBtN0D0Tzu0SyBtAtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=827316286&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=wnzp1202&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0C0B0ByDyBtDzytAzztBtN0D0Tzu0SyBtAtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=827316286&ir=
URLSearchHook: HKLM-x32 - (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File
URLSearchHook: HKCU - (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=wnzp1202&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0C0B0ByDyBtDzytAzztBtN0D0Tzu0SyBtAtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=827316286&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=wnzp1202&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0C0B0ByDyBtDzytAzztBtN0D0Tzu0SyBtAtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=827316286&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=wnzp1202&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0C0B0ByDyBtDzytAzztBtN0D0Tzu0SyBtAtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=827316286&ir=
SearchScopes: HKCU - bProtectorDefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=wnzp1202&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0C0B0ByDyBtDzytAzztBtN0D0Tzu0SyBtAtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=827316286&ir=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=68288C89A5CBB570&affID=119557&tsp=4966
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR Extension: (Google Wallet) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-21]
CHR Extension: (MySearchDial) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2014-01-21]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Thomas\AppData\Local\mysearchdial-speeddial.crx [2013-12-31]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-12-31]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Thomas\AppData\Local\mysearchdial-speeddial.crx [2013-12-31]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Thomas\AppData\Local\mysearchdial-speeddial.crx [2013-12-31]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [166400 2011-10-11] (Razer USA Ltd)
S3 MSICDSetup; \??\D:\CDriver64.sys [x]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-29 14:39 - 2014-01-29 14:39 - 00010380 _____ C:\Users\Thomas\Desktop\FRST.txt
2014-01-29 14:38 - 2014-01-29 14:38 - 02079744 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe
2014-01-28 17:11 - 2014-01-28 17:11 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Avira
2014-01-28 17:11 - 2014-01-28 17:11 - 00000000 ____D C:\ProgramData\APN
2014-01-28 17:10 - 2014-01-28 17:10 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2014-01-28 17:10 - 2014-01-28 17:10 - 00000000 ____D C:\ProgramData\Avira
2014-01-28 17:10 - 2014-01-28 17:10 - 00000000 ____D C:\Program Files (x86)\Avira
2014-01-28 17:10 - 2013-12-09 11:37 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-01-28 17:10 - 2013-12-09 11:37 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-01-28 17:10 - 2013-12-09 11:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-01-28 17:10 - 2013-12-09 11:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-01-28 17:06 - 2014-01-28 17:09 - 129598176 _____ C:\Users\Thomas\Downloads\avira_free344_antivirus_de.exe
2014-01-28 16:55 - 2014-01-29 14:39 - 00000000 ____D C:\FRST
2014-01-28 15:15 - 2014-01-29 14:35 - 00000234 _____ C:\Windows\Tasks\SLOW-PCfighter64-Thomas-Startup.job
2014-01-28 15:15 - 2014-01-29 14:30 - 00000236 _____ C:\Windows\Tasks\SLOW-PCfighter64-Thomas-Notification.job
2014-01-28 15:15 - 2014-01-28 15:15 - 00003304 _____ C:\Windows\System32\Tasks\SLOW-PCfighter64-Thomas-Notification
2014-01-28 15:15 - 2014-01-28 15:15 - 00002618 _____ C:\Windows\System32\Tasks\SLOW-PCfighter64-Thomas-Startup
2014-01-28 15:15 - 2014-01-28 15:15 - 00001403 _____ C:\Users\Public\Desktop\SLOW-PCfighter.lnk
2014-01-28 15:15 - 2014-01-28 15:15 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Fighters
2014-01-28 15:14 - 2014-01-28 15:15 - 00000000 ____D C:\ProgramData\Fighters
2014-01-28 15:14 - 2014-01-28 15:14 - 00000000 ____D C:\Program Files (x86)\Fighters
2014-01-28 14:26 - 2014-01-28 14:26 - 00000000 ____D C:\ProgramData\CheckPoint
2014-01-28 12:40 - 2014-01-28 18:43 - 00106440 _____ C:\Windows\PFRO.log
2014-01-27 19:12 - 2014-01-29 14:30 - 00000740 _____ C:\Windows\setupact.log
2014-01-27 19:12 - 2014-01-27 19:12 - 00007794 _____ C:\Windows\DPINST.LOG
2014-01-27 19:12 - 2014-01-27 19:12 - 00000000 _____ C:\Windows\setuperr.log
2014-01-22 19:20 - 2013-12-27 19:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-01-22 19:20 - 2013-12-27 19:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-01-21 16:48 - 2014-01-21 16:48 - 00251315 _____ C:\ProgramData\1390318821.bdinstall.bin
2014-01-21 16:12 - 2014-01-28 13:00 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-15 12:44 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 12:44 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 12:44 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 12:44 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 12:44 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 12:44 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 12:44 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 12:44 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 12:44 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-11 17:26 - 2013-12-19 21:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-01-11 17:26 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 00357152 _____ C:\Windows\system32\NvIFROpenGL.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-01-11 17:26 - 2013-12-19 21:33 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-01-11 17:26 - 2013-11-28 14:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-01-11 17:26 - 2013-11-28 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-01-11 17:26 - 2013-11-22 09:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2013-12-31 13:46 - 2013-12-31 13:46 - 00000027 _____ C:\Users\Thomas\AppData\Roaming\WB.CFG
2013-12-31 13:07 - 2013-12-31 14:40 - 00000000 ____D C:\Program Files (x86)\PC Speed Up
2013-12-31 13:07 - 2013-12-31 13:07 - 00006500 _____ C:\Users\Thomas\Downloads\Afflicted.zip
2013-12-31 13:06 - 2013-12-31 13:06 - 00109128 _____ () C:\Users\Thomas\Downloads\7zip_920_setup.exe
2013-12-31 12:46 - 2013-12-31 12:46 - 00351124 _____ C:\Users\Thomas\AppData\Local\mysearchdial-speeddial.crx
2013-12-31 12:46 - 2013-12-31 12:46 - 00000000 ____D C:\Program Files (x86)\Mysearchdial
2013-12-31 12:45 - 2013-12-31 12:45 - 00702824 _____ C:\Users\Thomas\Downloads\WinZip175_mfse_fah.exe
==================== One Month Modified Files and Folders =======
2014-01-29 14:39 - 2014-01-29 14:39 - 00010380 _____ C:\Users\Thomas\Desktop\FRST.txt
2014-01-29 14:39 - 2014-01-28 16:55 - 00000000 ____D C:\FRST
2014-01-29 14:38 - 2014-01-29 14:38 - 02079744 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe
2014-01-29 14:37 - 2009-07-14 05:45 - 00014784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-29 14:37 - 2009-07-14 05:45 - 00014784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-29 14:36 - 2009-07-14 18:58 - 00699432 _____ C:\Windows\system32\perfh007.dat
2014-01-29 14:36 - 2009-07-14 18:58 - 00149572 _____ C:\Windows\system32\perfc007.dat
2014-01-29 14:36 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-29 14:35 - 2014-01-28 15:15 - 00000234 _____ C:\Windows\Tasks\SLOW-PCfighter64-Thomas-Startup.job
2014-01-29 14:31 - 2012-06-11 20:45 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Skype
2014-01-29 14:30 - 2014-01-28 15:15 - 00000236 _____ C:\Windows\Tasks\SLOW-PCfighter64-Thomas-Notification.job
2014-01-29 14:30 - 2014-01-27 19:12 - 00000740 _____ C:\Windows\setupact.log
2014-01-29 14:30 - 2013-10-13 16:00 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec824e522088c.job
2014-01-29 14:30 - 2012-07-08 21:22 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Spotify
2014-01-29 14:30 - 2012-05-25 19:16 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-29 14:30 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-28 22:29 - 2013-10-27 13:33 - 01549066 _____ C:\Windows\WindowsUpdate.log
2014-01-28 22:29 - 2012-05-26 16:52 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\TS3Client
2014-01-28 22:03 - 2012-05-25 19:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-28 21:59 - 2013-01-27 16:24 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-28 18:43 - 2014-01-28 12:40 - 00106440 _____ C:\Windows\PFRO.log
2014-01-28 17:11 - 2014-01-28 17:11 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Avira
2014-01-28 17:11 - 2014-01-28 17:11 - 00000000 ____D C:\ProgramData\APN
2014-01-28 17:10 - 2014-01-28 17:10 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2014-01-28 17:10 - 2014-01-28 17:10 - 00000000 ____D C:\ProgramData\Avira
2014-01-28 17:10 - 2014-01-28 17:10 - 00000000 ____D C:\Program Files (x86)\Avira
2014-01-28 17:09 - 2014-01-28 17:06 - 129598176 _____ C:\Users\Thomas\Downloads\avira_free344_antivirus_de.exe
2014-01-28 16:45 - 2012-05-26 16:47 - 00000000 ____D C:\Users\Thomas\AppData\Local\Deployment
2014-01-28 15:24 - 2013-11-21 15:40 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2014-01-28 15:15 - 2014-01-28 15:15 - 00003304 _____ C:\Windows\System32\Tasks\SLOW-PCfighter64-Thomas-Notification
2014-01-28 15:15 - 2014-01-28 15:15 - 00002618 _____ C:\Windows\System32\Tasks\SLOW-PCfighter64-Thomas-Startup
2014-01-28 15:15 - 2014-01-28 15:15 - 00001403 _____ C:\Users\Public\Desktop\SLOW-PCfighter.lnk
2014-01-28 15:15 - 2014-01-28 15:15 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Fighters
2014-01-28 15:15 - 2014-01-28 15:14 - 00000000 ____D C:\ProgramData\Fighters
2014-01-28 15:14 - 2014-01-28 15:14 - 00000000 ____D C:\Program Files (x86)\Fighters
2014-01-28 14:26 - 2014-01-28 14:26 - 00000000 ____D C:\ProgramData\CheckPoint
2014-01-28 13:00 - 2014-01-21 16:12 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-28 12:40 - 2013-02-18 14:14 - 00000000 ____D C:\Program Files\Google
2014-01-28 12:40 - 2013-01-27 16:24 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-28 12:40 - 2012-05-25 19:08 - 00062968 _____ C:\Users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-28 12:40 - 2009-07-14 05:45 - 00285544 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-27 19:17 - 2012-06-23 10:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2014-01-27 19:12 - 2014-01-27 19:12 - 00007794 _____ C:\Windows\DPINST.LOG
2014-01-27 19:12 - 2014-01-27 19:12 - 00000000 _____ C:\Windows\setuperr.log
2014-01-27 19:12 - 2013-01-27 16:24 - 00000000 ____D C:\Users\Thomas\AppData\Local\Google
2014-01-27 19:12 - 2012-05-25 18:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-27 19:09 - 2012-08-07 15:01 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2014-01-27 19:07 - 2012-06-05 18:16 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-22 19:22 - 2012-07-08 21:22 - 00000000 ____D C:\Users\Thomas\AppData\Local\Spotify
2014-01-22 19:20 - 2012-05-25 19:15 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2014-01-22 15:05 - 2013-12-23 16:10 - 00000000 ____D C:\ProgramData\Bitdefender
2014-01-22 15:05 - 2013-12-23 16:10 - 00000000 ____D C:\Program Files\Bitdefender
2014-01-21 16:55 - 2012-12-30 15:56 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2014-01-21 16:55 - 2012-06-11 20:45 - 00000000 ____D C:\ProgramData\Skype
2014-01-21 16:48 - 2014-01-21 16:48 - 00251315 _____ C:\ProgramData\1390318821.bdinstall.bin
2014-01-21 16:43 - 2013-12-23 11:56 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2014-01-21 03:53 - 2013-10-28 16:03 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-01-21 03:53 - 2013-10-28 16:03 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-01-17 13:24 - 2012-05-25 22:16 - 00000000 ____D C:\World of Warcraft
2014-01-15 16:50 - 2013-08-15 11:13 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 16:50 - 2012-05-25 22:03 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-31 14:40 - 2013-12-31 13:07 - 00000000 ____D C:\Program Files (x86)\PC Speed Up
2013-12-31 13:46 - 2013-12-31 13:46 - 00000027 _____ C:\Users\Thomas\AppData\Roaming\WB.CFG
2013-12-31 13:08 - 2013-12-23 11:57 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\QuickScan
2013-12-31 13:07 - 2013-12-31 13:07 - 00006500 _____ C:\Users\Thomas\Downloads\Afflicted.zip
2013-12-31 13:06 - 2013-12-31 13:06 - 00109128 _____ () C:\Users\Thomas\Downloads\7zip_920_setup.exe
2013-12-31 12:46 - 2013-12-31 12:46 - 00351124 _____ C:\Users\Thomas\AppData\Local\mysearchdial-speeddial.crx
2013-12-31 12:46 - 2013-12-31 12:46 - 00000000 ____D C:\Program Files (x86)\Mysearchdial
2013-12-31 12:45 - 2013-12-31 12:45 - 00702824 _____ C:\Users\Thomas\Downloads\WinZip175_mfse_fah.exe
Files to move or delete:
====================
C:\Users\Thomas\AppData\Roaming\skype.ini
Some content of TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\avgnt.exe
C:\Users\Thomas\AppData\Local\Temp\Offercast_AVIRAV7_.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-22 15:23
==================== End Of Log ============================
--- --- ---
--- --- ---
FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2014 01
Ran by Thomas at 2014-01-29 14:41:29
Running from C:\Users\Thomas\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
CCleaner (Version: 4.04 - Piriform)
Curse Client (HKCU Version: 5.1.1.792 - Curse)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Java(TM) 7 Update 5 (64-bit) (Version: 7.0.50 - Oracle)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2 (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (Version: 1.2.20 - NVIDIA Corporation)
Realtek Ethernet Controller Driver (x32 Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6564 - Realtek Semiconductor Corp.)
Samsung_MonSetup (x32 Version: 1.00.0000 - Samsung)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SLOW-PCfighter (Version: 1.7.75 - SPAMfighter ApS) Hidden
SLOW-PCfighter (Version: 1.7.75 - SPAMfighter ApS.)
Spotify (HKCU Version: 0.9.7.16.g4b197456 - Spotify AB)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (Version: 3.0.6 - TeamSpeak Systems GmbH)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
WinRAR 4.11 (64-Bit) (Version: 4.11.0 - win.rar GmbH)
World of Warcraft (x32 Version: - Blizzard Entertainment)
==================== Restore Points =========================
28-01-2014 14:14:45 Installed SLOW-PCfighter.
28-01-2014 14:16:52 SLOW-PCfighter (64-bit) Backup
28-01-2014 14:24:35 SLOW-PCfighter (64-bit) Backup
28-01-2014 14:27:52 SLOW-PCfighter (64-bit) Backup
28-01-2014 16:59:06 SLOW-PCfighter (64-bit) Backup
28-01-2014 17:56:54 SLOW-PCfighter (64-bit) Backup
28-01-2014 19:28:54 SLOW-PCfighter (64-bit) Backup
29-01-2014 13:35:11 SLOW-PCfighter (64-bit) Backup
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0E885487-94EF-4FB3-BFD0-588806CB047D} - System32\Tasks\SLOW-PCfighter64-Thomas-Notification => E:\Sync.exe [2014-01-09] (SPAMfighter ApS)
Task: {1CE8AB8E-6C3C-4999-A975-92454C7558D1} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert
Task: {4917A3F4-7486-4BE1-9FA8-9E8904311151} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-27] (Google Inc.)
Task: {5E11B366-C173-4EB1-8604-76E339531DB4} - System32\Tasks\SLOW-PCfighter64-Thomas-Startup => E:\SLOW-PCfighter64.exe [2014-01-09] (SPAMfighter ApS)
Task: {6ADEC46D-A2C9-4117-AACA-9CF3BCC48A84} - System32\Tasks\GoogleUpdateTaskMachineCore1cec824e522088c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-27] (Google Inc.)
Task: {8C15F840-400C-4626-BB6E-C6F3AB1D009D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {B3E172F5-C598-4FE6-AB19-A607B398F7D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-27] (Google Inc.)
Task: {F388BB8A-37CB-4C05-81F6-700314B9664D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec824e522088c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SLOW-PCfighter64-Thomas-Notification.job => E:\Sync.exe
Task: C:\Windows\Tasks\SLOW-PCfighter64-Thomas-Startup.job => E:\SLOW-PCfighter64.exe
==================== Loaded Modules (whitelisted) =============
2012-05-25 19:15 - 2013-12-19 19:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-05-25 20:32 - 2012-02-17 19:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2014-01-28 17:10 - 2013-12-09 11:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-07-08 21:22 - 2014-01-15 12:24 - 36967424 _____ () C:\Users\Thomas\AppData\Roaming\Spotify\Data\libcef.dll
2013-09-25 16:54 - 2014-01-15 12:24 - 00887808 _____ () C:\Users\Thomas\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-25 16:54 - 2014-01-15 12:24 - 00109568 _____ () C:\Users\Thomas\AppData\Roaming\Spotify\Data\libegl.dll
2013-05-22 14:45 - 2013-12-18 21:35 - 23950848 _____ () C:\World of Warcraft\Utils\libcef.dll
2014-01-28 13:00 - 2014-01-23 06:56 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
2014-01-28 13:00 - 2014-01-23 06:56 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll
2014-01-28 13:00 - 2014-01-23 06:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-28 13:00 - 2014-01-23 06:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-28 13:00 - 2014-01-23 06:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Thomas\Downloads\7zip_920_setup.exe:BDU
AlternateDataStreams: C:\Users\Thomas\Downloads\WinZip175_mfse_fah.exe:BDU
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/29/2014 02:35:10 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {ee79515e-699f-4de0-9de8-86eba9ae9615}
Error: (01/28/2014 06:56:53 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {87135e45-1244-476d-924f-a68f92e71bad}
Error: (01/28/2014 05:59:06 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {8f10a2dc-7ad9-4e58-b75d-f8e9a92541f7}
Error: (01/26/2014 08:13:38 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.16428 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: d9c
Startzeit: 01cf1ac3034a7928
Endzeit: 5
Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe
Berichts-ID:
Error: (01/26/2014 07:20:47 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.16428, Zeitstempel: 0x525b664c
Name des fehlerhaften Moduls: Flash32_11_9_900_170.ocx, Version: 11.9.900.170, Zeitstempel: 0x529b7962
Ausnahmecode: 0xc0000005
Fehleroffset: 0x005a8b19
ID des fehlerhaften Prozesses: 0xb48
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (01/26/2014 05:07:28 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.16428 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 7f0
Startzeit: 01cf1a90bf00689a
Endzeit: 148
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (01/25/2014 10:52:13 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/25/2014 10:52:13 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/25/2014 10:52:13 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/25/2014 10:52:13 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
System errors:
=============
Error: (01/28/2014 06:40:26 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Kaspersky Anti-Virus Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/28/2014 03:22:21 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (01/28/2014 03:22:21 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (01/28/2014 01:13:09 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (01/28/2014 01:13:09 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (01/28/2014 01:13:09 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (01/28/2014 01:13:09 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (01/28/2014 01:13:09 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (01/27/2014 06:53:39 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (01/27/2014 06:34:28 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Microsoft Office Sessions:
=========================
Error: (01/29/2014 02:35:10 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {ee79515e-699f-4de0-9de8-86eba9ae9615}
Error: (01/28/2014 06:56:53 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {87135e45-1244-476d-924f-a68f92e71bad}
Error: (01/28/2014 05:59:06 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {8f10a2dc-7ad9-4e58-b75d-f8e9a92541f7}
Error: (01/26/2014 08:13:38 PM) (Source: Application Hang)(User: )
Description: iexplore.exe11.0.9600.16428d9c01cf1ac3034a79285C:\Program Files\Internet Explorer\iexplore.exe
Error: (01/26/2014 07:20:47 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cFlash32_11_9_900_170.ocx11.9.900.170529b7962c0000005005a8b19b4801cf1ac35494d64fC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_11_9_900_170.ocx933b3dd0-86b6-11e3-a58f-8c89a5cbb570
Error: (01/26/2014 05:07:28 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.164287f001cf1a90bf00689a148C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (01/25/2014 10:52:13 AM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/25/2014 10:52:13 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/25/2014 10:52:13 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (01/25/2014 10:52:13 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
CodeIntegrity Errors:
===================================
Date: 2014-01-23 18:05:40.045
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-23 18:05:40.043
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-23 18:05:40.042
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-23 18:05:40.036
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-23 18:05:40.035
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-23 18:05:40.033
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-22 15:23:36.242
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-22 15:23:36.240
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-22 15:23:36.238
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-22 15:23:36.235
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 31%
Total physical RAM: 16338.28 MB
Available physical RAM: 11249.71 MB
Total Pagefile: 32674.74 MB
Available Pagefile: 25943.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:119.14 GB) (Free:21.24 GB) NTFS
Drive e: (Volume) (Fixed) (Total:465.76 GB) (Free:460.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 5D78A389)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1A6DE33B)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
--- --- --- |
FRST 32-Bit | FRST 64-Bit
Lesestoff:
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
AdwCleaner auf deinen Desktop.
