Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Keine Server Online-Games via Steam / ADs trotz ADblock (https://www.trojaner-board.de/166528-keine-server-online-games-via-steam-ads-trotz-adblock.html)

Seso 29.04.2015 10:52
Keine Server Online-Games via Steam / ADs trotz ADblock
 
Guten Tag!

Ich habe folgendes Problem:

Im Mozilla Firefox bekomme ich seit neustem Ads von allen Seiten vorgesetzt, trotz meines Adblocks der wunderbar funktioniert hat.
Desweiteren, und weshalb ich überhaupt erst darauf aufmerksam geworden bin, bekomme ich folgende Fehlermeldung beim Starten von beispielsweise DayZ via Steam: C:Windows/xxxx/sysWOW64/abengine.dll

Das Spiel startet trotzdem, es werden aber keine Online-Server angezeigt. Es scheint bisher auch nur dieses eine Spiel zu betreffen.

Ich bin nun über Google und in Verbindung mit den Schlagwörtern "adware verhindert online spielen" auf dese Seite gestoßen.


Nachdem ich Skype auf chip.de Heruntergeladen habe, gab es erst keine Probleme. Ich habe seitdem auch keine E-Mailanhänge geöffnet oder andere Programme geladen. Skype habe ich vor 3 Tagen geladen und die ersten ADs die mir aufgefallen sind, erschienen gestern Abend. Und das Problem mit den Online Servern besteht auch erst seit kurzer Zeit (10 Stunden etwa).

Ich musste nachdem Avira durchgelaufen ist auf "in Quarantäne verschieben" klicken damit ich zu den Logs komme, ich hoffe das war kein grober Fehler. Ich habe einmal einen Log bekommen (nach Anleitung auf dieser seite / Exportierte Ereignisse):

Exportierte Ereignisse:

4/29/2015 11:35 AM [System-Scanner] Malware gefunden
Die Datei 'C:\Users\zup\AppData\Local\Temp\awh10DD.tmp'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '39fc1168.qua'
verschoben!

4/29/2015 11:35 AM [System-Scanner] Malware gefunden
Die Datei 'C:\Users\zup\AppData\Local\Temp\setup.exe'
enthielt einen Virus oder unerwünschtes Programm 'PUA/Outbrowse.Gen' [riskware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1a5373fe.qua'
verschoben!

4/29/2015 11:35 AM [System-Scanner] Malware gefunden
Die Datei 'C:\Users\zup\AppData\Local\Temp\awh96B.tmp'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7c783c2a.qua'
verschoben!

4/29/2015 11:34 AM [System-Scanner] Malware gefunden
Die Datei
'C:\Users\zup\AppData\Local\Temp\Setup__10924_i1504794846_il1372006.exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen2' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '480c291a.qua'
verschoben!

4/29/2015 11:34 AM [System-Scanner] Malware gefunden
Die Datei 'C:\Users\zup\Downloads\Marsimoto Grüner
Samt_10924_i2616066_il345.exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '509d0685.qua'
verschoben!


Und desweiteren der "Report" den das Programm automatisch ausgibt:


[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '141' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'abengine.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'Fuel.Service.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'SkypeC2CAutoUpdateSvc.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SkypeC2CPNRSvc.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'sppsvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '151' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'Steam.exe' - '140' Modul(e) wurden durchsucht
Durchsuche Prozess 'DiscSoftBusService.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.EXE' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '257' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'steamwebhelper.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteamService.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'steamwebhelper.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'steamwebhelper.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '154' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_17_0_0_169.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_17_0_0_169.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '165' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '141' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '148' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1545' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\zup\AppData\Local\Temp\awh10DD.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen
C:\Users\zup\AppData\Local\Temp\awh96B.tmp
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
C:\Users\zup\AppData\Local\Temp\setup.exe
[0] Archivtyp: NSIS
--> ProgramFilesDir/[PluginsDir]/swbddzhb.dll
[FUND] Enthält Muster der Software PUA/Outbrowse.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\zup\AppData\Local\Temp\Setup__10924_i1504794846_il1372006.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen2
C:\Users\zup\Downloads\Marsimoto Grüner Samt_10924_i2616066_il345.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen7
Beginne mit der Suche in 'D:\' <DEUS_EX_HR>

Beginne mit der Desinfektion:
C:\Users\zup\Downloads\Marsimoto Grüner Samt_10924_i2616066_il345.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen7
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '509d0685.qua' verschoben!
C:\Users\zup\AppData\Local\Temp\Setup__10924_i1504794846_il1372006.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '480c291a.qua' verschoben!
C:\Users\zup\AppData\Local\Temp\setup.exe
[FUND] Enthält Muster der Software PUA/Outbrowse.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1a5373fe.qua' verschoben!
C:\Users\zup\AppData\Local\Temp\awh96B.tmp
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7c783c2a.qua' verschoben!
C:\Users\zup\AppData\Local\Temp\awh10DD.tmp
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '39fc1168.qua' verschoben!


Ende des Suchlaufs: Wednesday, April 29, 2015 11:35
Benötigte Zeit: 34:36 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

41294 Verzeichnisse wurden überprüft
791581 Dateien wurden geprüft
5 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
5 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
791576 Dateien ohne Befall
5232 Archive wurden durchsucht
1 Warnungen
5 Hinweise

--------------------------------

Wie soll ich nun weiter verfahren? Die Ads scheinen nach dem Avira Scan und Quarantänemaßnahme verschwunden zu sein.

Grüße

schrauber 29.04.2015 10:54
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)





So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Seso 29.04.2015 11:08
FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015
Ran by zup (administrator) on ZUP-PC on 29-04-2015 12:06:29
Running from C:\Users\zup\Downloads
Loaded Profiles: zup (Available profiles: zup)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-10] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-03-25] (Raptr, Inc)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [130048 2015-04-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [726320 2015-03-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2165114972-3253581132-320316221-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
HKU\S-1-5-21-2165114972-3253581132-320316221-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-26] (Disc Soft Ltd)
HKU\S-1-5-21-2165114972-3253581132-320316221-1000\...\MountPoints2: {f1a6ca7d-e8d4-11e4-9412-001583403b15} - E:\setup.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2165114972-3253581132-320316221-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Addition:


Code:
==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2165114972-3253581132-320316221-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2165114972-3253581132-320316221-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2165114972-3253581132-320316221-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2165114972-3253581132-320316221-1000\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2165114972-3253581132-320316221-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1 - 192.168.0.2

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{90946028-D51A-4FAA-9281-71459573A5BE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{91B29BCF-7968-4CA3-BB96-B6B36CEE4A03}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C50105A2-AECA-4C26-9A98-110E87F840C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D9792F77-614B-4E8A-A05D-5C4F241F2C05}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C67D19A1-0D3E-4E3D-9212-02FD7B5B5220}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{28EEEBEE-CD82-4703-A208-CEE3AD552990}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F269C0B9-20C3-43BB-AE0A-B5DE0BADAC21}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{643AE75A-40A6-420B-8220-4E7FF3BD6E71}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3B15C166-EAD7-41F0-BB9A-A589AB3961E1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A71B35E4-EB73-48E6-89ED-272E1B300651}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4B25D6E6-030E-4B69-95F6-0AE5C55B377B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{F64CA9D9-6BCB-462C-A0E1-7772857B5AC4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{5E1164FA-C4BB-4806-B4A8-83F4CD5D10A6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{7B26C54E-0339-46C7-8E6D-CBC6E19BB1C9}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{513F3A5A-50E8-470B-AECF-8E761F13C658}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{F9F6AEA4-9ACE-4D57-A4EB-4B271D5C9862}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{C41060C7-10DF-45C8-B110-0BF5B5EB4DDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{28182B83-7B86-4314-947D-70D484B4C58E}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{AD0543A7-5478-49DA-8D9F-4BD0D9F84018}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1984CA87-3D62-4F0B-B7B1-F3FFC2338323}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{09780254-98A5-4F09-8EBF-91E6D7AF86E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{C39623F0-BAFB-48AB-883E-0A56A7406F45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{ED45B808-C254-47DA-93E3-F5478F99BFA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{03571550-8FDB-42C5-A743-AE1910199AFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E1D58FFF-2F7E-4005-8057-6D8A8B850A00}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{9DFADFC5-35A0-4D5B-80F8-DD165D57CF10}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{610C7D6F-6CA4-4ADA-A569-13E380BC5B43}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{D5A10D1E-A43B-4EFC-A581-585A68795164}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{1B5CF595-5B34-4FB5-9A9C-B9D9DE82A115}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{E9A79B04-E016-46C0-91D4-1EEE01C96F9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{E23BF434-874E-4B1E-8BF4-E9350F4D4792}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{36A3A0E5-B25C-4CD7-BF13-6E1A2B045995}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{96E48942-D586-49D9-B9EE-D1B161ECE856}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{C71777FA-897B-4515-B186-8BC0D0C5BB49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{7BE31693-09B3-4AAE-9B4A-6BD7313CB5EC}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{50F8BF31-4A22-47DC-BDE8-1580D1DCDBDC}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{F1A115FF-C025-4985-89AF-8E6FFD68AE0C}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{2432FCAD-AFDC-4B23-8165-F1375D6E3EB6}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [{7983C8C2-E42E-4A1D-9D62-50D117EA6C2F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{BB669C28-7C89-442B-82D6-8207DC07B500}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{9B6063D1-0104-46B4-9C6D-C7B228A94633}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{11A9BF9F-17A9-4BA6-B22A-8565742D0AC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{16E588F3-2067-4B02-87DA-3D4E025F0B3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{135FA462-F1E0-46A0-B54F-C0F6D57325E1}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{27F4AC16-5885-49B9-A9FE-CD10382757C2}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{E0398E51-0BAF-41B2-B080-9B2E99E040B7}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{C28F7620-6BDB-4211-A138-1BB48CB37EEC}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{32EC4128-BA6B-49F6-A740-FE3F8D7498B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{41E09675-B2A5-4982-80A3-F434695477C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{8FEC1286-F183-4C68-937C-89BD46BACBA3}] => (Allow) C:\Users\zup\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EDA9948E-C952-47DE-AE69-D043C8A664DF}] => (Allow) C:\Users\zup\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{8BEB4F45-E8CC-4010-BE4A-00E3AE2D971C}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{B83E1C49-7E94-4A55-A5CD-AEB705B53554}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [TCP Query User{CC77644B-AC58-4366-9015-795F31A58502}C:\program files (x86)\assassins creed chronicles china\binaries\win32\accgame-win32-shipping.exe] => (Allow) C:\program files (x86)\assassins creed chronicles china\binaries\win32\accgame-win32-shipping.exe
FirewallRules: [UDP Query User{A202B002-9DEB-4F25-9CF8-A972BE3D8E81}C:\program files (x86)\assassins creed chronicles china\binaries\win32\accgame-win32-shipping.exe] => (Allow) C:\program files (x86)\assassins creed chronicles china\binaries\win32\accgame-win32-shipping.exe
FirewallRules: [TCP Query User{73509FA3-7E9A-4C5A-9AAD-087B0E3375A8}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{ED06AD92-0FB7-4042-B97A-5EEA66B00A4E}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2015 00:02:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dwm.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc541
Faulting module name: ltc_game64-94307.dll_unloaded, version: 0.0.0.0, time stamp: 0x5511f6fc
Exception code: 0xc0000005
Fault offset: 0x000007fee7b53b98
Faulting process id: 0xb94
Faulting application start time: 0xDwm.exe0
Faulting application path: Dwm.exe1
Faulting module path: Dwm.exe2
Report Id: Dwm.exe3

Error: (04/29/2015 00:01:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (04/29/2015 11:58:23 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (04/29/2015 11:57:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/29/2015 11:57:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.

Error: (04/29/2015 11:57:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Disc Soft Lite Bus Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/29/2015 11:57:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/29/2015 11:57:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/29/2015 11:57:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/29/2015 11:57:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/29/2015 11:57:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/29/2015 11:57:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (04/29/2015 00:02:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Dwm.exe6.1.7600.163854a5bc541ltc_game64-94307.dll_unloaded0.0.0.05511f6fcc0000005000007fee7b53b98b9401d08263474db6d3C:\Windows\system32\Dwm.exeltc_game64-94307.dlle9febc75-ee56-11e4-ac42-001583403b15

Error: (04/29/2015 00:01:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 965 Processor
Percentage of memory in use: 42%
Total physical RAM: 4095.18 MB
Available physical RAM: 2370.93 MB
Total Pagefile: 8188.56 MB
Available Pagefile: 6073.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:134.93 GB) NTFS
Drive d: (DEUS_EX_HR) (CDROM) (Total:7.15 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: C43361BA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

schrauber 30.04.2015 07:08
Beide Logs bitte nochmal, da fehlt die Hälfte :)

Seso 30.04.2015 08:11
upsi.. sorry


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015
Ran by zup (administrator) on ZUP-PC on 29-04-2015 12:06:29
Running from C:\Users\zup\Downloads
Loaded Profiles: zup (Available profiles: zup)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-10] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-03-25] (Raptr, Inc)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [130048 2015-04-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [726320 2015-03-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2165114972-3253581132-320316221-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
HKU\S-1-5-21-2165114972-3253581132-320316221-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-26] (Disc Soft Ltd)
HKU\S-1-5-21-2165114972-3253581132-320316221-1000\...\MountPoints2: {f1a6ca7d-e8d4-11e4-9412-001583403b15} - E:\setup.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2165114972-3253581132-320316221-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\zup\AppData\Roaming\Mozilla\Firefox\Profiles\4odmyjrq.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-22] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\zup\AppData\Roaming\Mozilla\Firefox\Profiles\4odmyjrq.default\Extensions\abs@avira.com [2015-04-29]
FF Extension: YouTube Unblocker - C:\Users\zup\AppData\Roaming\Mozilla\Firefox\Profiles\4odmyjrq.default\Extensions\youtubeunblocker@unblocker.yt [2015-04-17]
FF Extension: Zoom It - C:\Users\zup\AppData\Roaming\Mozilla\Firefox\Profiles\4odmyjrq.default\Extensions\{552d231f-64c8-1316-2388-5d2244c8780a} [2015-04-27]
FF Extension: Adblock Plus - C:\Users\zup\AppData\Roaming\Mozilla\Firefox\Profiles\4odmyjrq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-03-21]

Chrome:
=======
CHR Profile: C:\Users\zup\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\zup\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-29]
CHR Extension: (Google Docs) - C:\Users\zup\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-29]
CHR Extension: (Google Drive) - C:\Users\zup\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-29]
CHR Extension: (YouTube) - C:\Users\zup\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-29]
CHR Extension: (Google Search) - C:\Users\zup\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-29]
CHR Extension: (Google Sheets) - C:\Users\zup\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\zup\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-11]
CHR Extension: (Google Wallet) - C:\Users\zup\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-29]
CHR Extension: (Gmail) - C:\Users\zup\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [815920 2015-03-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [434424 2015-03-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [434424 2015-03-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1004280 2015-03-24] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [205104 2015-04-10] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [967040 2015-04-08] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-24] (Avira Operations GmbH & Co. KG)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-04-22] (Disc Soft Ltd)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-29 12:06 - 2015-04-29 12:06 - 00014243 _____ () C:\Users\zup\Downloads\FRST.txt
2015-04-29 12:05 - 2015-04-29 12:06 - 00000000 ____D () C:\FRST
2015-04-29 12:04 - 2015-04-29 12:04 - 02101248 _____ (Farbar) C:\Users\zup\Downloads\FRST64.exe
2015-04-29 12:00 - 2015-04-29 12:00 - 00005870 _____ () C:\Users\zup\Desktop\AdwCleaner[S0].txt
2015-04-29 11:56 - 2015-04-29 11:57 - 00000000 ____D () C:\AdwCleaner
2015-04-29 11:42 - 2015-04-29 11:42 - 00056280 _____ () C:\Users\zup\Desktop\AVSCAN-20150429-105843-97D9BEA8.LOG
2015-04-29 11:36 - 2015-04-29 11:36 - 00003570 _____ () C:\Users\zup\Desktop\Ereignisse.txt
2015-04-29 11:05 - 2015-04-29 11:05 - 02224640 _____ () C:\Users\zup\Downloads\AdwCleaner_4.202.exe
2015-04-29 10:50 - 2015-04-29 10:50 - 00000000 ____D () C:\Users\zup\AppData\Roaming\Avira
2015-04-29 10:48 - 2015-03-24 14:59 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-29 10:48 - 2015-03-24 14:59 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-29 10:48 - 2015-03-24 14:59 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-29 10:48 - 2015-03-24 14:59 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-29 10:46 - 2015-04-29 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-29 10:46 - 2015-04-29 10:48 - 00000000 ____D () C:\ProgramData\Avira
2015-04-29 10:46 - 2015-04-29 10:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-29 10:46 - 2015-04-29 10:46 - 00001207 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-29 10:45 - 2015-04-29 10:45 - 04636584 _____ (Avira Operations GmbH & Co. KG) C:\Users\zup\Downloads\avira_de_av_55409a2949bab__ws.exe
2015-04-28 18:35 - 2015-04-28 18:35 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-04-28 11:41 - 2015-04-28 11:44 - 00000000 ____D () C:\Users\zup\AppData\Roaming\PDF Architect 3
2015-04-28 11:40 - 2015-04-28 18:44 - 00000000 ____D () C:\ProgramData\PDF Architect 3
2015-04-28 11:39 - 2015-04-28 11:39 - 27837984 _____ (pdfforge ) C:\Users\zup\Downloads\PDFCreator-2_1_1-setup.exe
2015-04-26 11:03 - 2015-04-26 11:03 - 00000222 _____ () C:\Users\zup\Desktop\H1Z1.url
2015-04-26 10:23 - 2015-04-26 10:23 - 00003292 _____ () C:\Users\zup\Desktop\DownloadManager.lnk
2015-04-26 10:22 - 2015-04-26 10:22 - 00003086 _____ () C:\Windows\System32\Tasks\iren3006
2015-04-26 10:22 - 2015-04-26 10:22 - 00001100 _____ () C:\Users\zup\Desktop\Continue installation .lnk
2015-04-25 19:14 - 2015-04-25 19:14 - 00000000 ____D () C:\Users\zup\Tracing
2015-04-25 19:12 - 2015-04-25 19:12 - 00000000 ____D () C:\Users\zup\AppData\Local\Skype
2015-04-25 19:11 - 2015-04-28 18:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-25 19:11 - 2015-04-28 18:35 - 00000000 ____D () C:\ProgramData\Skype
2015-04-25 19:11 - 2015-04-28 11:20 - 00000000 ____D () C:\Users\zup\AppData\Roaming\Skype
2015-04-25 19:09 - 2015-04-25 19:09 - 01384064 _____ (Skype Technologies S.A.) C:\Users\zup\Downloads\SkypeSetup.exe
2015-04-22 21:02 - 2015-04-22 21:02 - 00000000 ____D () C:\Users\zup\AppData\Roaming\uplay
2015-04-22 20:58 - 2015-04-22 20:58 - 00001534 _____ () C:\Users\zup\Desktop\Assassins Creed Chronicles China.lnk
2015-04-22 20:56 - 2015-04-22 20:58 - 00000000 ____D () C:\Program Files (x86)\Assassins Creed Chronicles China
2015-04-22 20:52 - 2015-04-22 20:55 - 00000000 ____D () C:\Users\zup\AppData\Roaming\DAEMON Tools Lite
2015-04-22 20:52 - 2015-04-22 20:54 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-04-22 20:52 - 2015-04-22 20:52 - 00001743 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-04-22 20:52 - 2015-04-22 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-04-22 20:52 - 2015-04-22 20:52 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2015-04-22 20:52 - 2015-04-22 20:52 - 00000000 ____D () C:\Program Files (x86)\Disc Soft
2015-04-22 20:51 - 2015-04-22 20:51 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-04-22 20:50 - 2015-04-22 20:51 - 13223208 _____ (Disc Soft Ltd) C:\Users\zup\Downloads\DTLite501-0406.exe
2015-04-22 16:50 - 2015-04-22 20:05 - 00000000 ____D () C:\Users\zup\Downloads\Assassins.Creed.Chronicles.China.CODEX
2015-04-22 16:49 - 2015-04-22 16:49 - 00000811 _____ () C:\Users\zup\Desktop\µTorrent.lnk
2015-04-22 16:49 - 2015-04-22 16:49 - 00000791 _____ () C:\Users\zup\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-04-22 16:48 - 2015-04-22 21:04 - 00000000 ____D () C:\Users\zup\AppData\Roaming\uTorrent
2015-04-22 16:48 - 2015-04-22 16:48 - 01744976 _____ (BitTorrent Inc.) C:\Users\zup\Downloads\uTorrent40.exe
2015-04-21 12:18 - 2015-04-21 12:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-20 11:39 - 2015-04-20 11:39 - 00001155 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-04-20 11:38 - 2015-04-20 11:39 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-04-20 11:38 - 2015-04-20 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-04-15 01:05 - 2015-04-15 01:05 - 00000000 ____D () C:\Users\zup\AppData\Local\openvr
2015-04-14 09:49 - 2015-04-21 09:55 - 00000000 ____D () C:\Users\zup\Documents\StarCraft II
2015-04-14 09:49 - 2015-04-21 00:50 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-04-14 09:49 - 2015-04-14 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2015-04-12 22:39 - 2015-04-12 22:42 - 00000000 ____D () C:\Users\zup\Documents\Heroes of the Storm
2015-04-12 22:13 - 2015-04-12 22:13 - 00001195 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-04-12 22:13 - 2015-04-12 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-04-12 21:58 - 2015-04-22 12:05 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-04-12 21:55 - 2015-04-12 21:55 - 00000000 ____D () C:\Users\zup\AppData\Roaming\AMD
2015-04-12 21:55 - 2015-04-12 21:55 - 00000000 ____D () C:\Users\zup\AppData\Local\Blizzard Entertainment
2015-04-12 21:54 - 2015-04-27 16:02 - 00000000 ____D () C:\Users\zup\AppData\Local\Battle.net
2015-04-12 21:54 - 2015-04-14 09:49 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-04-12 21:54 - 2015-04-12 21:55 - 00000000 ____D () C:\Users\zup\AppData\Roaming\Battle.net
2015-04-12 21:54 - 2015-04-12 21:54 - 00001118 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2015-04-12 21:54 - 2015-04-12 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-04-12 21:54 - 2015-04-12 21:54 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-12 21:52 - 2015-04-12 21:52 - 03057720 _____ (Blizzard Entertainment) C:\Users\zup\Downloads\Hearthstone-Setup-deDE.exe
2015-04-12 21:52 - 2015-04-12 21:52 - 00000000 ____D () C:\ProgramData\Battle.net
2015-04-09 14:59 - 2015-04-09 14:59 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-09 14:59 - 2015-04-09 14:59 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-04-03 21:01 - 2015-04-03 21:01 - 00000000 ____D () C:\ProgramData\ATI
2015-04-03 20:53 - 2015-04-03 20:55 - 302470552 _____ (AMD Inc.) C:\Users\zup\Downloads\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
2015-04-03 20:50 - 2015-04-03 20:50 - 00000000 ____D () C:\Users\zup\AppData\Roaming\library_dir
2015-04-03 20:50 - 2015-04-03 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2015-04-03 20:49 - 2015-04-29 12:03 - 00000000 ____D () C:\Users\zup\AppData\Roaming\Raptr
2015-04-03 20:49 - 2015-04-03 20:50 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-04-03 20:49 - 2015-04-03 20:49 - 00058610 _____ () C:\Windows\SysWOW64\CCCInstall_201504032049326499.log
2015-04-03 20:49 - 2015-04-03 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-04-03 20:49 - 2015-04-03 20:49 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-04-03 20:46 - 2015-04-03 20:49 - 00000000 ____D () C:\Program Files\AMD
2015-04-03 20:46 - 2015-04-03 20:49 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-04-03 20:38 - 2015-04-03 20:38 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\zup\Downloads\autodetectutility.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-29 12:05 - 2015-03-21 19:32 - 00465642 _____ () C:\Windows\WindowsUpdate.log
2015-04-29 12:00 - 2015-03-21 12:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-29 11:59 - 2015-03-29 12:32 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-29 11:59 - 2010-11-21 05:47 - 00286566 _____ () C:\Windows\PFRO.log
2015-04-29 11:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-29 11:59 - 2009-07-14 06:51 - 00034584 _____ () C:\Windows\setupact.log
2015-04-29 11:57 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-29 11:57 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-29 11:37 - 2015-03-29 12:32 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-29 10:46 - 2015-03-21 22:47 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-29 03:37 - 2015-03-21 20:28 - 00000000 ____D () C:\Users\zup\AppData\Roaming\TS3Client
2015-04-26 10:04 - 2009-07-14 07:13 - 00779724 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-25 19:14 - 2015-03-21 19:36 - 00000000 ____D () C:\Users\zup
2015-04-22 21:01 - 2015-03-22 00:40 - 00000000 ____D () C:\Users\zup\Documents\My Games
2015-04-22 11:54 - 2015-03-21 11:38 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-22 11:54 - 2015-03-21 11:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-22 11:50 - 2015-03-21 11:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-16 11:39 - 2015-03-29 12:33 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-16 11:03 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-15 21:55 - 2015-03-21 23:28 - 00000000 ____D () C:\Users\zup\Documents\DayZ
2015-04-08 08:38 - 2015-03-21 23:28 - 00000000 ____D () C:\Users\zup\AppData\Local\DayZ
2015-04-04 01:05 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-03 20:49 - 2015-03-21 11:55 - 00000000 ____D () C:\ProgramData\AMD
2015-04-03 20:48 - 2015-03-21 11:55 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-04-03 20:44 - 2015-03-22 00:35 - 00771962 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-03 20:41 - 2015-03-21 11:54 - 00000000 ____D () C:\AMD
2015-04-03 20:29 - 2015-03-21 11:49 - 00000678 _____ () C:\Windows\LkmdfCoInst.log
2015-04-03 20:28 - 2015-03-21 11:49 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-03-30 20:22 - 2015-03-21 12:15 - 00000000 ____D () C:\Users\zup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

==================== Files in the root of some directories =======

2015-03-21 11:46 - 2015-03-21 11:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\zup\AppData\Local\Temp\13-9-legacy_vista_win7_64_dd_ccc_whql.exe
C:\Users\zup\AppData\Local\Temp\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
C:\Users\zup\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\zup\AppData\Local\Temp\avgnt.exe
C:\Users\zup\AppData\Local\Temp\devcon.exe
C:\Users\zup\AppData\Local\Temp\ecgcabfbdfjg.exe
C:\Users\zup\AppData\Local\Temp\LMkRstPt.exe
C:\Users\zup\AppData\Local\Temp\Quarantine.exe
C:\Users\zup\AppData\Local\Temp\raptrpatch.exe
C:\Users\zup\AppData\Local\Temp\raptr_stub.exe
C:\Users\zup\AppData\Local\Temp\sqlite3.dll
C:\Users\zup\AppData\Local\Temp\ZoomWeb_Installer.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-24 20:52

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015
Ran by zup at 2015-04-29 12:07:02
Running from C:\Users\zup\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2165114972-3253581132-320316221-500 - Administrator - Disabled)
Guest (S-1-5-21-2165114972-3253581132-320316221-501 - Limited - Disabled)
zup (S-1-5-21-2165114972-3253581132-320316221-1000 - Administrator - Enabled) => C:\Users\zup

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2165114972-3253581132-320316221-1000\...\uTorrent) (Version: 3.4.3.40097 - BitTorrent Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassins Creed Chronicles China (HKLM-x32\...\Assassins Creed Chronicles China_is1) (Version:  - )
Avira (HKLM-x32\...\{d8490d5d-0f24-4000-b2e4-4b500a9a704d}) (Version: 1.1.35.25717 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.35.25717 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DriverEasy 4.9.0 (HKLM\...\DriverEasy_is1) (Version: 4.9.0.0 - Easeware)
Evolve (HKLM-x32\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Sony Online Entertainment)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Adhesive Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.3 - Mozilla)
Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 150401.105367 - Square Enix Ltd)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-04-2015 20:54:30 Device Driver Package Install: Disc Soft Ltd Storage controllers
28-04-2015 11:41:04 Installed PDF Architect 3 View Module
28-04-2015 11:41:25 Installed PDF Architect 3 Edit Module
28-04-2015 11:41:42 Installed PDF Architect 3 Create Module
28-04-2015 18:35:07 Removed Skype™ 7.4

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {372220F0-B2C2-4BEE-8DC0-071480A58518} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.)
Task: {5FF1FF01-0B78-428E-909B-ACF4852F1DAA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.)
Task: {6B7BE5CA-F273-4AD4-A873-8E74CC328630} - System32\Tasks\iren3006 => C:\PROGRA~2\HIGHLI~1\iren3006.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2015-02-13 13:20 - 2015-02-13 13:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 13:20 - 2015-02-13 13:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-21 12:02 - 2015-03-10 08:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-03-21 12:02 - 2014-12-02 02:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-03-21 12:02 - 2014-12-02 02:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-03-21 12:02 - 2014-12-02 02:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-03-21 12:02 - 2015-04-14 01:44 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll
2015-03-21 12:02 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-03-21 12:02 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-03-21 12:02 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-03-21 12:02 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-03-21 12:02 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-03-21 12:02 - 2015-04-14 01:44 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2010-11-23 00:56 - 2010-11-23 00:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2014-08-14 02:37 - 2014-08-14 02:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-14 02:37 - 2014-08-14 02:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-21 02:05 - 2013-11-21 02:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 02:56 - 2014-06-18 02:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 01:06 - 2010-11-23 01:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2015-03-21 12:02 - 2015-02-25 03:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-04-22 11:54 - 2015-04-22 11:54 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2165114972-3253581132-320316221-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2165114972-3253581132-320316221-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2165114972-3253581132-320316221-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2165114972-3253581132-320316221-1000\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2165114972-3253581132-320316221-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1 - 192.168.0.2

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{90946028-D51A-4FAA-9281-71459573A5BE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{91B29BCF-7968-4CA3-BB96-B6B36CEE4A03}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C50105A2-AECA-4C26-9A98-110E87F840C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D9792F77-614B-4E8A-A05D-5C4F241F2C05}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C67D19A1-0D3E-4E3D-9212-02FD7B5B5220}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{28EEEBEE-CD82-4703-A208-CEE3AD552990}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F269C0B9-20C3-43BB-AE0A-B5DE0BADAC21}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{643AE75A-40A6-420B-8220-4E7FF3BD6E71}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3B15C166-EAD7-41F0-BB9A-A589AB3961E1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A71B35E4-EB73-48E6-89ED-272E1B300651}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4B25D6E6-030E-4B69-95F6-0AE5C55B377B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{F64CA9D9-6BCB-462C-A0E1-7772857B5AC4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{5E1164FA-C4BB-4806-B4A8-83F4CD5D10A6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{7B26C54E-0339-46C7-8E6D-CBC6E19BB1C9}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{513F3A5A-50E8-470B-AECF-8E761F13C658}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{F9F6AEA4-9ACE-4D57-A4EB-4B271D5C9862}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{C41060C7-10DF-45C8-B110-0BF5B5EB4DDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{28182B83-7B86-4314-947D-70D484B4C58E}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{AD0543A7-5478-49DA-8D9F-4BD0D9F84018}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1984CA87-3D62-4F0B-B7B1-F3FFC2338323}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{09780254-98A5-4F09-8EBF-91E6D7AF86E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{C39623F0-BAFB-48AB-883E-0A56A7406F45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{ED45B808-C254-47DA-93E3-F5478F99BFA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{03571550-8FDB-42C5-A743-AE1910199AFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E1D58FFF-2F7E-4005-8057-6D8A8B850A00}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{9DFADFC5-35A0-4D5B-80F8-DD165D57CF10}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{610C7D6F-6CA4-4ADA-A569-13E380BC5B43}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{D5A10D1E-A43B-4EFC-A581-585A68795164}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{1B5CF595-5B34-4FB5-9A9C-B9D9DE82A115}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{E9A79B04-E016-46C0-91D4-1EEE01C96F9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{E23BF434-874E-4B1E-8BF4-E9350F4D4792}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{36A3A0E5-B25C-4CD7-BF13-6E1A2B045995}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{96E48942-D586-49D9-B9EE-D1B161ECE856}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{C71777FA-897B-4515-B186-8BC0D0C5BB49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{7BE31693-09B3-4AAE-9B4A-6BD7313CB5EC}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{50F8BF31-4A22-47DC-BDE8-1580D1DCDBDC}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{F1A115FF-C025-4985-89AF-8E6FFD68AE0C}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{2432FCAD-AFDC-4B23-8165-F1375D6E3EB6}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [{7983C8C2-E42E-4A1D-9D62-50D117EA6C2F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{BB669C28-7C89-442B-82D6-8207DC07B500}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{9B6063D1-0104-46B4-9C6D-C7B228A94633}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{11A9BF9F-17A9-4BA6-B22A-8565742D0AC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{16E588F3-2067-4B02-87DA-3D4E025F0B3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{135FA462-F1E0-46A0-B54F-C0F6D57325E1}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{27F4AC16-5885-49B9-A9FE-CD10382757C2}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{E0398E51-0BAF-41B2-B080-9B2E99E040B7}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{C28F7620-6BDB-4211-A138-1BB48CB37EEC}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{32EC4128-BA6B-49F6-A740-FE3F8D7498B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{41E09675-B2A5-4982-80A3-F434695477C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{8FEC1286-F183-4C68-937C-89BD46BACBA3}] => (Allow) C:\Users\zup\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EDA9948E-C952-47DE-AE69-D043C8A664DF}] => (Allow) C:\Users\zup\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{8BEB4F45-E8CC-4010-BE4A-00E3AE2D971C}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{B83E1C49-7E94-4A55-A5CD-AEB705B53554}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [TCP Query User{CC77644B-AC58-4366-9015-795F31A58502}C:\program files (x86)\assassins creed chronicles china\binaries\win32\accgame-win32-shipping.exe] => (Allow) C:\program files (x86)\assassins creed chronicles china\binaries\win32\accgame-win32-shipping.exe
FirewallRules: [UDP Query User{A202B002-9DEB-4F25-9CF8-A972BE3D8E81}C:\program files (x86)\assassins creed chronicles china\binaries\win32\accgame-win32-shipping.exe] => (Allow) C:\program files (x86)\assassins creed chronicles china\binaries\win32\accgame-win32-shipping.exe
FirewallRules: [TCP Query User{73509FA3-7E9A-4C5A-9AAD-087B0E3375A8}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{ED06AD92-0FB7-4042-B97A-5EEA66B00A4E}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2015 00:02:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dwm.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc541
Faulting module name: ltc_game64-94307.dll_unloaded, version: 0.0.0.0, time stamp: 0x5511f6fc
Exception code: 0xc0000005
Fault offset: 0x000007fee7b53b98
Faulting process id: 0xb94
Faulting application start time: 0xDwm.exe0
Faulting application path: Dwm.exe1
Faulting module path: Dwm.exe2
Report Id: Dwm.exe3

Error: (04/29/2015 00:01:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (04/29/2015 11:58:23 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (04/29/2015 11:57:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/29/2015 11:57:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.

Error: (04/29/2015 11:57:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Disc Soft Lite Bus Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/29/2015 11:57:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/29/2015 11:57:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/29/2015 11:57:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/29/2015 11:57:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/29/2015 11:57:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/29/2015 11:57:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (04/29/2015 00:02:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Dwm.exe6.1.7600.163854a5bc541ltc_game64-94307.dll_unloaded0.0.0.05511f6fcc0000005000007fee7b53b98b9401d08263474db6d3C:\Windows\system32\Dwm.exeltc_game64-94307.dlle9febc75-ee56-11e4-ac42-001583403b15

Error: (04/29/2015 00:01:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/29/2015 11:47:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 965 Processor
Percentage of memory in use: 42%
Total physical RAM: 4095.18 MB
Available physical RAM: 2370.93 MB
Total Pagefile: 8188.56 MB
Available Pagefile: 6073.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:134.93 GB) NTFS
Drive d: (DEUS_EX_HR) (CDROM) (Total:7.15 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: C43361BA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 30.04.2015 10:57
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Seso 01.05.2015 14:58
Code:
ComboFix 15-04-28.01 - zup 05/01/2015  15:47:12.1.4 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.1.1033.18.4095.2780 [GMT 2:00]
Running from: c:\users\zup\Downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\zup\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((((  Files Created from 2015-04-01 to 2015-05-01  )))))))))))))))))))))))))))))))
.
.
2015-05-01 13:51 . 2015-05-01 13:51        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-04-29 10:05 . 2015-04-29 10:07        --------        d-----w-        C:\FRST
2015-04-29 09:56 . 2015-04-29 09:57        --------        d-----w-        C:\AdwCleaner
2015-04-29 08:50 . 2015-04-29 08:50        --------        d-----w-        c:\users\zup\AppData\Roaming\Avira
2015-04-29 08:48 . 2015-03-24 12:59        44088        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2015-04-29 08:48 . 2015-03-24 12:59        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2015-04-29 08:48 . 2015-03-24 12:59        132120        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2015-04-29 08:48 . 2015-03-24 12:59        128536        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2015-04-29 08:46 . 2015-04-29 08:48        --------        d-----w-        c:\programdata\Avira
2015-04-29 08:46 . 2015-04-29 08:48        --------        d-----w-        c:\program files (x86)\Avira
2015-04-28 16:35 . 2015-04-28 16:35        --------        d-----w-        c:\windows\system32\appmgmt
2015-04-28 09:41 . 2015-04-28 09:44        --------        d-----w-        c:\users\zup\AppData\Roaming\PDF Architect 3
2015-04-28 09:40 . 2015-04-28 16:44        --------        d-----w-        c:\programdata\PDF Architect 3
2015-04-25 17:14 . 2015-04-25 17:14        --------        d-----w-        c:\users\zup\Tracing
2015-04-25 17:12 . 2015-04-25 17:12        --------        d-----w-        c:\users\zup\AppData\Local\Skype
2015-04-25 17:11 . 2015-04-28 09:20        --------        d-----w-        c:\users\zup\AppData\Roaming\Skype
2015-04-25 17:11 . 2015-04-28 16:35        --------        d-----r-        c:\program files (x86)\Skype
2015-04-25 17:11 . 2015-04-28 16:35        --------        d-----w-        c:\programdata\Skype
2015-04-22 19:02 . 2015-04-22 19:02        --------        d-----w-        c:\users\zup\AppData\Roaming\uplay
2015-04-22 18:56 . 2015-04-22 18:58        --------        d-----w-        c:\program files (x86)\Assassins Creed Chronicles China
2015-04-22 18:52 . 2015-04-22 18:52        --------        d-----w-        c:\program files (x86)\Disc Soft
2015-04-22 18:52 . 2015-04-22 18:54        30352        ----a-w-        c:\windows\system32\drivers\dtlitescsibus.sys
2015-04-22 18:52 . 2015-04-22 18:55        --------        d-----w-        c:\users\zup\AppData\Roaming\DAEMON Tools Lite
2015-04-22 18:52 . 2015-04-22 18:52        --------        d-----w-        c:\program files\DAEMON Tools Lite
2015-04-22 18:51 . 2015-04-22 18:51        --------        d-----w-        c:\programdata\DAEMON Tools Lite
2015-04-22 14:48 . 2015-04-22 19:04        --------        d-----w-        c:\users\zup\AppData\Roaming\uTorrent
2015-04-20 09:38 . 2015-04-20 09:39        --------        d-----w-        c:\program files (x86)\Hearthstone
2015-04-14 23:05 . 2015-04-14 23:05        --------        d-----w-        c:\users\zup\AppData\Local\openvr
2015-04-14 07:49 . 2015-04-20 09:39        --------        d-----w-        c:\program files (x86)\Common Files\Blizzard Entertainment
2015-04-14 07:49 . 2015-04-20 22:50        --------        d-----w-        c:\program files (x86)\StarCraft II
2015-04-12 19:58 . 2015-04-30 11:47        --------        d-----w-        c:\program files (x86)\Heroes of the Storm
2015-04-12 19:55 . 2015-04-12 19:55        --------        d-----w-        c:\users\zup\AppData\Roaming\AMD
2015-04-12 19:55 . 2015-04-12 19:55        --------        d-----w-        c:\users\zup\AppData\Local\Blizzard Entertainment
2015-04-12 19:54 . 2015-04-30 11:54        --------        d-----w-        c:\users\zup\AppData\Local\Battle.net
2015-04-12 19:54 . 2015-04-12 19:55        --------        d-----w-        c:\users\zup\AppData\Roaming\Battle.net
2015-04-12 19:54 . 2015-04-14 07:49        --------        d-----w-        c:\programdata\Blizzard Entertainment
2015-04-12 19:54 . 2015-04-12 19:54        --------        d-----w-        c:\program files (x86)\Battle.net
2015-04-12 19:52 . 2015-04-12 19:52        --------        d-----w-        c:\programdata\Battle.net
2015-04-09 12:59 . 2015-04-09 12:59        --------        d-----w-        c:\program files (x86)\NVIDIA Corporation
2015-04-09 12:59 . 2015-04-09 12:59        --------        d-----w-        c:\program files (x86)\AGEIA Technologies
2015-04-08 06:57 . 2015-03-23 00:32        12002392        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5DBDDF3-10E2-4D53-A4A7-01DA60196CE6}\mpengine.dll
2015-04-03 19:01 . 2015-04-03 19:01        --------        d-----w-        c:\programdata\ATI
2015-04-03 18:50 . 2015-04-03 18:50        --------        d-----w-        c:\users\zup\AppData\Roaming\library_dir
2015-04-03 18:49 . 2015-04-30 07:02        --------        d-----w-        c:\users\zup\AppData\Roaming\Raptr
2015-04-03 18:49 . 2015-04-03 18:50        --------        d-----w-        c:\program files (x86)\Raptr
2015-04-03 18:49 . 2015-04-03 18:49        --------        d-----w-        c:\program files (x86)\AMD AVT
2015-04-03 18:46 . 2015-04-03 18:49        --------        d-----w-        c:\program files\AMD
2015-04-03 18:46 . 2015-04-03 18:49        --------        d-----w-        c:\program files (x86)\AMD
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-22 09:54 . 2015-03-21 09:38        778416        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-22 09:54 . 2015-03-21 09:38        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-03 18:28 . 2015-03-21 09:49        18960        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2015-02-24 02:17 . 2010-11-21 03:27        295552        ------w-        c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-04-13 2889408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2015-02-26 5583120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2015-03-25 55568]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-04-10 130048]
"avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2015-03-24 726320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-16 09:38        988488        ----a-w-        c:\program files (x86)\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29 10:32]
.
2015-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29 10:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-10 13672152]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2014-05-19 3100440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1 192.168.0.2
FF - ProfilePath - c:\users\zup\AppData\Roaming\Mozilla\Firefox\Profiles\4odmyjrq.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\Antivirus\avguard.exe
.
**************************************************************************
.
Completion time: 2015-05-01  15:56:20 - machine was rebooted
ComboFix-quarantined-files.txt  2015-05-01 13:56
.
Pre-Run: 128,154,357,760 bytes free
Post-Run: 129,210,142,720 bytes free
.
- - End Of File - - 6D96DEBFA9E481A88C903EB2D6CC08B9
A36C5E4F47E84449FF07ED3517B43A31

schrauber 02.05.2015 08:02
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:38 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131