Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

(Malware) quick look would stop my panic


  • Please log in to reply

#1
zhazzy

zhazzy

    New Member

  • Member
  • Pip
  • 3 posts

Hi,

 

please someone tell me my PC is not infected, ive run OTL and FRST64

 

FRST;

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 08-09-2017
durchgeführt von Administrator (Administrator) auf INTEL775-PC (10-09-2017 15:40:38)
Gestartet von C:\Users\Administrator\Downloads
Geladene Profile: Administrator (Verfügbare Profile: Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: German (Germany)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Nicht auf der Ausnahmeliste) ====================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
 
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
AppInit_DLLs: prio.dll => C:\Program Files\Prio\prio.dll [17264 2012-11-08] (O&K Software)
AppInit_DLLs-x32: prio32.dll => C:\Program Files\Prio\prio32.dll [15216 2012-11-08] (O&K Software)
 
==================== Internet (Nicht auf der Ausnahmeliste) ====================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
 
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{00946D43-86E9-423C-96E9-FF3239925EE2}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1066935764-1894680920-224314404-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://imp.ytdwld.com/impression.do?source=395337&sub_id=20170910&user_id=7f3c637e-b0dc-481e-b691-591dbc53fe55&traffic_source=update&event=ro_homepage&implementation_id=ytdau&redir=https%3A%2F%2Fde.search.yahoo.com%2F%3Ftype%3D395337%26fr%3Dspigot-yhp-ie
SearchScopes: HKU\S-1-5-21-1066935764-1894680920-224314404-500 -> {94683077-5D43-404D-AE2C-F4AE548CC9E2} URL = hxxp://imp.ytdwld.com/impression.do?source=395337&sub_id=20170910&user_id=7f3c637e-b0dc-481e-b691-591dbc53fe55&traffic_source=update&event=ro_inb_search&implementation_id=ytdau&redir=https%3A%2F%2Fde.search.yahoo.com%2Fsearch%3Ffr%3Dchr-greentree_ie%26ei%3Dutf-8%26ilc%3D12%26type%3D395337%26p%3D&st={searchTerms}
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-21] (Google Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://search.searchytdau.com/s?remove=remove&query={searchTerms}
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-09-10]
CHR Extension: (Google Präsentationen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-21]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-21]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-21]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-21]
CHR Extension: (uBlock Origin) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-09-06]
CHR Extension: (Google Tabellen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-21]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-21]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Google Mail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-21]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-05]
CHR HKU\S-1-5-21-1066935764-1894680920-224314404-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ofhflkcfkbgjpodgmcdcmkdpfabieode] - hxxps://clients2.google.com/service/update2/crx
 
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\2.00.09\atkexComSvc.exe [411096 2017-06-27] (ASUSTeK Computer Inc.)
S4 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe [975832 2017-06-01] (ASUSTeK Computer Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-06-10] (Microsoft Corporation)
 
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-06-01] ()
S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [283480 2017-08-27] (Sysprogs OU)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2727936 2011-12-20] (C-Media Inc)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
 
==================== Ein Monat: Erstellte Dateien und Ordner ========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 
2017-09-10 15:40 - 2017-09-10 15:40 - 000008352 _____ C:\Users\Administrator\Downloads\FRST.txt
2017-09-10 15:40 - 2017-09-10 15:40 - 000000000 ____D C:\FRST
2017-09-10 15:39 - 2017-09-10 15:39 - 002396160 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2017-09-10 15:03 - 2017-09-10 15:35 - 000050398 _____ C:\Users\Administrator\Downloads\OTL.Txt
2017-09-10 15:03 - 2017-09-10 15:32 - 000030364 _____ C:\Users\Administrator\Downloads\Extras.Txt
2017-09-10 14:59 - 2017-09-10 14:59 - 000602112 _____ (OldTimer Tools) C:\Users\Administrator\Downloads\OTL.exe
2017-09-10 14:34 - 2017-09-10 14:34 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Administrator\Downloads\spybotsd-2.6.46.exe
2017-09-10 14:31 - 2017-09-10 14:31 - 000524248 _____ (F-Secure Corporation) C:\Users\Administrator\Downloads\F-SecureOnlineScanner.exe
2017-09-10 14:14 - 2017-09-10 14:14 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-10 14:14 - 2017-09-10 14:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-10 14:14 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-10 14:13 - 2017-09-10 14:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-10 14:08 - 2017-09-10 14:08 - 002002416 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HousecallLauncher.exe
2017-09-10 14:00 - 2017-09-10 14:00 - 000000000 ____D C:\Users\Administrator\AppData\Local\ESET
2017-09-10 13:59 - 2017-09-10 13:59 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Administrator\Downloads\esetonlinescanner_enu.exe
2017-09-10 13:54 - 2017-09-10 13:54 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Administrator\Downloads\AVG_Protection_Free_1606.exe
2017-09-10 13:52 - 2017-09-10 13:52 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-10 13:25 - 2017-09-10 13:25 - 066347240 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mb3-setup-consumer-3.2.2.2018.exe
2017-09-10 13:17 - 2017-09-10 13:17 - 000001884 _____ C:\Users\Administrator\Documents\cc_20170910_131737.reg
2017-09-10 13:12 - 2017-09-10 13:18 - 000000000 ____D C:\Program Files\WebDiscoverBrowser
2017-09-10 13:12 - 2017-09-10 13:12 - 000000000 ____D C:\Users\Administrator\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67}
2017-09-10 13:08 - 2017-09-10 13:11 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Bigasoft Video Downloader Pro
2017-09-10 13:08 - 2017-09-10 13:08 - 000000000 ____D C:\Users\Administrator\Documents\Bigasoft Video Downloader Pro
2017-09-10 13:08 - 2017-09-10 13:08 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\youtubejs
2017-09-10 13:06 - 2017-09-10 13:06 - 000000000 ____D C:\Program Files (x86)\Bigasoft
2017-09-10 12:57 - 2017-09-10 13:02 - 000000000 ____D C:\Program Files (x86)\YouTubeSongDownloader
2017-09-08 22:42 - 2017-09-08 22:43 - 135494821 _____ C:\Users\Administrator\Downloads\Teizokurei Daydream4.mp4
2017-09-08 22:41 - 2017-09-08 22:43 - 144004722 _____ C:\Users\Administrator\Downloads\Teizokurei Daydream3.mp4
2017-09-08 22:40 - 2017-09-08 22:42 - 150273400 _____ C:\Users\Administrator\Downloads\Teizokurei Daydream2.mp4
2017-09-08 22:39 - 2017-09-08 22:40 - 158578540 _____ C:\Users\Administrator\Downloads\Teizokurei Daydream1.mp4
2017-09-08 20:59 - 2017-09-08 21:58 - 007499574 _____ C:\Users\Administrator\Desktop\New Bitmap Image.bmp
2017-09-03 01:18 - 2017-09-03 01:18 - 054331872 _____ C:\Users\Administrator\Downloads\torbrowser-install-7.0.4_en-US.exe
2017-08-31 22:58 - 2009-09-18 11:15 - 000000000 ____D C:\Program Files\AISuite
2017-08-31 22:57 - 2017-08-31 22:58 - 022606750 _____ C:\Users\Administrator\Downloads\AISuite_V10537.zip
2017-08-31 22:52 - 2017-08-31 22:59 - 000000000 ____D C:\Program Files (x86)\ASUS
2017-08-31 22:52 - 2017-08-31 22:52 - 000000000 ____D C:\ProgramData\ASUS
2017-08-31 22:52 - 2017-06-01 16:24 - 000028672 _____ (ASUSTek Computer Inc.) C:\Windows\SysWOW64\AsIO.dll
2017-08-31 22:52 - 2017-06-01 16:24 - 000015232 _____ C:\Windows\SysWOW64\Drivers\AsIO.sys
2017-08-31 22:51 - 2017-08-31 22:51 - 000000000 ____D C:\Program Files\ASUS AI Suite
2017-08-31 22:50 - 2017-08-31 22:51 - 147398962 _____ C:\Users\Administrator\Downloads\PPSU_1.04.65_20170726.zip
2017-08-30 21:54 - 2017-08-30 22:17 - 749579564 _____ C:\Users\Administrator\Downloads\infernal.affairs.abstieg.in.die.achte.hoelle.2003.remastered.german.bdrip.x264-contributio.mkv.mp4
2017-08-27 20:53 - 2017-08-27 20:54 - 000000000 ____D C:\Program Files\Tabletop Simulator
2017-08-27 19:33 - 2017-08-27 19:34 - 288934561 _____ C:\Users\Administrator\Downloads\ad64618877f13b0476407fecbad686a1.flv.mp4
2017-08-25 00:07 - 2017-08-25 00:07 - 000000000 ____D C:\Users\Administrator\AppData\Local\Futuremark
2017-08-24 16:17 - 2017-08-24 16:17 - 000000061 _____ C:\Users\Administrator\Desktop\AndyMilonakis - Twitch.url
2017-08-24 10:27 - 2017-08-24 10:27 - 000003558 _____ C:\Users\Administrator\Documents\cc_20170824_102718.reg
2017-08-24 04:09 - 2017-08-23 10:24 - 914062866 _____ C:\Users\Administrator\Downloads\alzemne.br_300mbfilms.org.mkv
2017-08-24 02:28 - 2017-08-22 13:55 - 626921098 _____ C:\Users\Administrator\Downloads\lwrdss.wb72_300mbfilms.org.mkv
2017-08-24 02:17 - 2017-08-24 02:21 - 626921382 _____ C:\Users\Administrator\Downloads\lwrdss.wb72_300mbfilms.org.rar
2017-08-22 23:19 - 2017-08-31 14:54 - 000000135 _____ C:\Users\Administrator\Desktop\RandomRambo - Twitch.url
2017-08-22 18:59 - 2017-09-02 10:43 - 000000439 _____ C:\Users\Administrator\Desktop\New Text Document.txt
2017-08-22 18:35 - 2017-08-22 18:35 - 000001881 _____ C:\Users\Administrator\Desktop\csgo - Shortcut.lnk
2017-08-22 18:35 - 2017-08-22 18:35 - 000001651 _____ C:\Users\Administrator\Desktop\nvidiaInspector.exe - Shortcut.lnk
2017-08-21 23:28 - 2017-08-21 23:29 - 048766221 _____ C:\Users\Administrator\Downloads\eea93640-e117-4431-bb5e-a2b8820d8b31.dem.gz
2017-08-21 19:35 - 2017-08-21 19:35 - 000001503 _____ C:\Users\Administrator\Desktop\csgo.exe - Shortcut.lnk
2017-08-21 19:34 - 2017-08-21 19:34 - 000000219 _____ C:\Users\Administrator\Desktop\Counter-Strike Global Offensive.url
2017-08-21 00:42 - 2017-08-20 11:16 - 835385647 _____ C:\Users\Administrator\Downloads\shkwvvdual.br_300mbfilms.org.mkv
2017-08-20 10:56 - 2017-08-20 10:56 - 000001638 _____ C:\Users\Administrator\Documents\cc_20170820_105617.reg
2017-08-19 23:10 - 2017-08-19 23:12 - 491582328 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\dxsdk_aug2007.exe
2017-08-15 21:11 - 2017-08-15 21:52 - 523001119 _____ C:\Users\Administrator\Downloads\battqnn.wb72_300mbfilms.org.rar
2017-08-15 13:30 - 2017-08-15 13:30 - 000002450 _____ C:\Users\Administrator\Documents\cc_20170815_133040.reg
2017-08-14 20:13 - 2017-08-14 20:22 - 679097754 _____ C:\Users\Administrator\Downloads\clsls.wb72_300mbfilms.org.rar
2017-08-14 19:56 - 2017-08-14 21:21 - 810278419 _____ C:\Users\Administrator\Downloads\cngdass.br_300mbfilms.org.rar
2017-08-13 20:27 - 2017-08-13 20:27 - 006556224 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\vcredist_x86 (1).exe
2017-08-13 20:26 - 2017-08-13 20:26 - 007188616 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\vcredist_x64.exe
2017-08-13 16:41 - 2017-08-13 16:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titan Quest Anniversary Edition
2017-08-13 16:34 - 2017-08-27 20:52 - 000283480 _____ (Sysprogs OU) C:\Windows\system32\Drivers\BazisPortableCDBus.sys
2017-08-13 13:21 - 2017-08-13 13:23 - 465960941 _____ C:\Users\Administrator\Downloads\video (14).mp4
2017-08-13 09:32 - 2017-08-13 09:33 - 172969639 _____ C:\Users\Administrator\Downloads\video (13).mp4
2017-08-12 22:02 - 2017-08-12 22:02 - 006661544 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\vcredist_IA64.exe
2017-08-12 21:32 - 2017-08-12 23:40 - 783615239 _____ C:\Users\Administrator\Downloads\spdrmnhcmm.hdtc72_300mbfilms.org.rar
2017-08-12 21:32 - 2017-08-12 21:35 - 467434639 _____ C:\Users\Administrator\Downloads\atmccblndd.hdts_300mbfilms.org.rar
 
==================== Ein Monat: Geänderte Dateien und Ordner ========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 
2017-09-10 14:15 - 2017-05-21 20:18 - 000000874 _____ C:\Users\Administrator\AppData\Roaming\prio.ini
2017-09-10 13:59 - 2017-05-21 18:13 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-10 13:43 - 2017-05-21 18:30 - 000066504 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-10 13:22 - 2009-07-14 06:45 - 000298968 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-10 13:20 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-09-10 13:16 - 2017-05-21 20:29 - 000000000 ____D C:\Program Files\AdiIRC
2017-09-02 09:12 - 2017-05-21 19:45 - 000000259 _____ C:\Windows\prio.ini
2017-08-31 22:59 - 2017-05-23 16:09 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-08-24 10:27 - 2017-05-22 11:08 - 000000000 ____D C:\Windows\Minidump
2017-08-21 14:12 - 2017-06-18 23:08 - 000000000 ____D C:\Users\Administrator\Desktop\DE
2017-08-20 00:10 - 2017-05-24 18:57 - 000728064 _____ C:\Users\Administrator\AppData\Local\file__0.localstorage
2017-08-15 13:29 - 2017-06-18 17:36 - 000000000 ____D C:\Users\Administrator\Downloads\[Guide] Create A -- Vanilla 1.12.1 Server Of Your Own -- In Less Than 5 Minutes_files
2017-08-13 20:28 - 2017-06-09 18:32 - 000000000 ____D C:\Users\Administrator\Documents\My Games
2017-08-13 20:27 - 2017-05-21 18:06 - 000000000 ____D C:\ProgramData\Package Cache
 
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
 
2017-05-21 20:18 - 2017-09-10 14:15 - 000000874 _____ () C:\Users\Administrator\AppData\Roaming\prio.ini
2017-05-24 00:12 - 2009-06-23 19:10 - 000685102 ___SH () C:\Users\Administrator\AppData\Roaming\unhosts.exe
2017-05-24 18:57 - 2017-08-20 00:10 - 000728064 _____ () C:\Users\Administrator\AppData\Local\file__0.localstorage
 
==================== Bamital & volsnap ======================
 
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
 
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
 
LastRegBack: 2017-05-21 17:13
 
==================== Ende von FRST.txt ============================
 

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 08-09-2017
durchgeführt von Administrator (10-09-2017 15:41:03)
Gestartet von C:\Users\Administrator\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2017-05-21 15:31:47)
Start-Modus: Normal
==========================================================
 
 
==================== Konten: =============================
 
Administrator (S-1-5-21-1066935764-1894680920-224314404-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-1066935764-1894680920-224314404-501 - Limited - Disabled)
 
==================== Sicherheits-Center ========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
 
 
==================== Installierte Programme ======================
 
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
 
AdiIRC (HKLM-x32\...\AdiIRC) (Version: 2.7 - Per Amundsen)
Age of Empires II HD The Rise of the Rajas GERMAN (HKLM\...\YWdlb2ZlbXBpcmVzaWloZA_is1) (Version: 1 - )
Any Video Converter Ultimate 6.1.3 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version:  - Any-Video-Converter.com)
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Battlefield: Bad Company 2 (HKLM\...\Steam App 24960) (Version:  - DICE)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Counter-Strike (HKLM\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z 1.79 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
FINAL FANTASY IX (HKLM-x32\...\FINAL FANTASY IX_is1) (Version:  - )
Final Fantasy VIII (HKLM-x32\...\Final Fantasy VIII_is1) (Version:  - )
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Gothic II - Gold Edition (HKLM-x32\...\Gothic II - Gold Edition_is1) (Version:  - )
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Heritage of Kings - The Settlers (HKLM-x32\...\1207658793_is1) (Version: 2.2.0.8 - GOG.com)
K-Lite Codec Pack 13.1.6 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.1.6 - KLCP)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{82f2609e-68ba-408d-963f-530ad8809435}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{577ff5ba-39aa-4d8c-a3a9-f95012763438}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Mortal Kombat (HKLM-x32\...\1207667043_is1) (Version: 2.0.0.2 - GOG.com)
Mortal Kombat 2 (HKLM-x32\...\1207667053_is1) (Version: 2.0.0.2 - GOG.com)
Mortal Kombat 3 (HKLM-x32\...\1207667063_is1) (Version: 2.0.0.2 - GOG.com)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.3 (HKLM-x32\...\{8D5FCC56-BB9F-4122-923C-71753F50F6F5}) (Version: 4.13.9783 - Apache Software Foundation)
Painkiller Black (HKLM-x32\...\1207658715_is1) (Version: 2.1.0.9 - GOG.com)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
Port Forward Network Utilities (HKLM-x32\...\{4C109C49-5A19-458B-8DF6-A2C469A92679}) (Version: 3.0.30 - Portforward, LLC)
Prio (HKLM\...\Prio) (Version: 2.0.0.2960 - )
Quake 4 (HKLM-x32\...\Quake4UninstallKey_is1) (Version: 1.4.2 - Activision)
Quake III Mod: Beyond the Portals (HKLM-x32\...\Quake3BTPUninstallKey_is1) (Version: 1.0 - Activision)
Quake III Mod: Challenge ProMode Arena (HKLM-x32\...\Quake3CPMAUninstallKey_is1) (Version: 1.47 - Activision)
Quake III Mod: Excessive Plus (HKLM-x32\...\Quake3EXPlusUninstallKey_is1) (Version: 1.03 - Activision)
Quake III Mod: Invasion (HKLM-x32\...\Quake3InvasionUninstallKey_is1) (Version: 2.8 Beta - Activision)
Quake III Mod: Lego Carnage (HKLM-x32\...\Quake3LegoCUninstallKey_is1) (Version: 3.0 - Activision)
Quake III Mod: Lost Arena (HKLM-x32\...\Quake3LostArenaUninstallKey_is1) (Version: 1.0 - Activision)
Quake III Mod: Matrix (HKLM-x32\...\Quake3MatrixUninstallKey_is1) (Version: 2.4 Beta - Activision)
Quake III Mod: Mega Man X Zero (HKLM-x32\...\Quake3mmzeroxUninstallKey_is1) (Version: Alpha 01 - Activision)
Quake III Mod: Monkey Kombat (HKLM-x32\...\Quake3MonkeyUninstallKey_is1) (Version: 0.05 - Activision)
Quake III Mod: OSP Tourney Q3A (HKLM-x32\...\Quake3OSPUninstallKey_is1) (Version: 1.33 - Activision)
Quake III Mod: PainKeep Arena (HKLM-x32\...\Quake3PKAUninstallKey_is1) (Version: 3.1 - Activision)
Quake III Mod: Quake 3 Rally (HKLM-x32\...\Quake3RallyUninstallKey_is1) (Version: 1.3 - Activision)
Quake III: Arena (HKLM-x32\...\Quake3UninstallKey_is1) (Version: 1.32c - Activision)
S.T.A.L.K.E.R. Call of Pripyat (HKLM-x32\...\GOGPACKSTALKERCOP_is1) (Version: 2.0.0.12 - GOG.com)
S.T.A.L.K.E.R. Clear Sky (HKLM-x32\...\GOGPACKSTALKERSTCS_is1) (Version: 2.0.0.8 - GOG.com)
S.T.A.L.K.E.R. Shadow of Chernobyl (HKLM-x32\...\GOGPACKSTALKERSHOC_is1) (Version: 2.0.0.5 - GOG.com)
SimCity 3000 Unlimited (HKLM-x32\...\2086050016_is1) (Version: 2.0.0.3 - GOG.com)
Söldner Secret Wars - Community Edition version 33980 (HKLM-x32\...\{F3AF62F5-665E-4B3E-8899-5C46D1793391}_is1) (Version: 33980 - soldnersecretwars.de)
Söldner Secret Wars Language Pack German Version 1.1 (HKLM-x32\...\{7D27AC27-37F4-4A30-A1FC-53D22549F468}_is1) (Version: 1.1 - soldnersecretwars.de)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Elder Scrolls V Skyrim - Legendary Edition (HKLM-x32\...\The Elder Scrolls V Skyrim - Legendary Edition_is1) (Version:  - )
Titan Quest Anniversary Edition (HKLM-x32\...\Titan Quest Anniversary Edition_is1) (Version:  - )
TrackMania² Stadium (HKLM\...\Steam App 232910) (Version:  - Nadeo)
Wildlife Park 3 Dino Invasion (HKLM-x32\...\Wildlife Park 3 Dino Invasion_is1) (Version:  - )
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
 
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
Task: {1BD678B2-B7A1-4F65-90DA-E15AEA92A94E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-21] (Google Inc.)
Task: {50E98B7C-FAED-44B3-A498-05F30E39A6E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-21] (Google Inc.)
Task: {65703FE2-8247-41C7-A797-8339F2069948} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-05-10] ()
Task: {DC7DA04C-3E95-42C3-8299-1DF0B1C0163C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
 
 
==================== Verknüpfungen & WMI ========================
 
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
 
 
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
 
2017-05-21 18:22 - 2016-11-14 13:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-08-05 17:15 - 2017-08-02 09:39 - 002692952 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\swiftshader\libglesv2.dll
2017-08-05 17:15 - 2017-08-02 09:39 - 000137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\swiftshader\libegl.dll
2017-07-17 19:30 - 2017-07-17 19:30 - 000863744 _____ () C:\Windows\mod_frst.exe
 
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
 
 
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
 
 
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
 
 
==================== Hosts Inhalt: ==========================
 
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
 
2009-07-14 04:34 - 2017-05-24 00:12 - 000000917 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1   q4master.idsoftware.com
127.0.0.1   idnet.ua-corp.com
 
==================== Andere Bereiche ============================
 
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
 
HKU\S-1-5-21-1066935764-1894680920-224314404-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Dienst läuft nicht.
MpsSvc => Firewall Dienst läuft nicht.
bfe => Firewall Dienst läuft nicht.
 
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
 
MSCONFIG\startupreg: Cmaudio8788 => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
MSCONFIG\startupreg: Cmaudio8788GX => C:\Windows\syswow64\HsMgr.exe Envoke
MSCONFIG\startupreg: Cmaudio8788GX64 => C:\Windows\system\HsMgr64.exe Envoke
 
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
FirewallRules: [{474DA6FE-FFF3-4DF9-958C-A69D71CB5188}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1649E0C7-817A-4920-A92C-F13AF54FE07E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{392D15F8-7B83-40D7-AE56-C13A59CC2111}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{95C057FD-8540-48FF-8235-95E335C59C33}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B9F38802-253B-4CF7-8765-19A21181787A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
 
==================== Wiederherstellungspunkte =========================
 
ACHTUNG: Systemwiederherstellung ist deaktiviert
Wiederherstellungspunkte konnten nicht aufgelistet werden
Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.
 
 
==================== Fehlerhafte Geräte im Gerätemanager =============
 
Konnte Geräte nicht auflisten. Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.
 
 
==================== Fehlereinträge in der Ereignisanzeige: =========================
 
Applikationsfehler:
==================
Error: (05/21/2017 07:03:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/21/2017 06:52:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/21/2017 06:43:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/21/2017 06:33:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/21/2017 06:28:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/21/2017 06:01:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/21/2017 05:39:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/21/2017 05:36:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/21/2017 05:31:46 PM) (Source: MsiInstaller) (EventID: 11309) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4.5.2 (DEU) -- Fehler 1309. Fehler beim Lesen der Datei: C:\windows\setup\scripts\Windows\Microsoft.NET\Framework64\v4\de\AddInUtil.resources.dll.  Systemfehler 3. Stellen Sie sicher, dass die Datei vorhanden ist, und Sie darauf zugreifen können.
 
 
Systemfehler:
=============
Error: (09/10/2017 01:53:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (09/10/2017 01:53:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (09/10/2017 01:53:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (09/10/2017 01:53:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (09/10/2017 01:53:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (09/10/2017 01:52:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (09/10/2017 01:52:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (09/10/2017 01:52:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (09/10/2017 01:52:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (09/10/2017 01:52:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Malwarebytes Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
==================== Speicherinformationen =========================== 
 
Prozessor: Intel® Core™2 Quad CPU Q9300 @ 2.50GHz
Prozentuale Nutzung des RAM: 24%
Installierter physikalischer RAM: 3327.12 MB
Verfügbarer physikalischer RAM: 2513.59 MB
Summe virtueller Speicher: 3325.32 MB
Verfügbarer virtueller Speicher: 2634.82 MB
 
==================== Laufwerke ================================
 
Drive c: () (Fixed) (Total:232.88 GB) (Free:60.09 GB) NTFS
Drive d: (Steam) (Fixed) (Total:19.58 GB) (Free:4.04 GB) NTFS
Drive e: (Programs) (Fixed) (Total:184.01 GB) (Free:38.81 GB) NTFS
Drive f: () (Fixed) (Total:29.2 GB) (Free:8.57 GB) NTFS
 
==================== MBR & Partitionstabelle ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E1EC8B0E)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=100 MB) - (Type=42)
Partition 3: (Not Active) - (Size=29.2 GB) - (Type=42)
Partition 4: (Not Active) - (Size=203.6 GB) - (Type=42)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: E5C7E5C7)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
==================== Ende von Addition.txt ============================
 
 
OTL(2012)

OTL logfile created on: 10.09.2017 15:33:39 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17843)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 76,57% Memory free
3,25 Gb Paging File | 2,60 Gb Available in Paging File | 80,08% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 60,16 Gb Free Space | 25,83% Space Free | Partition Type: NTFS
Drive D: | 19,58 Gb Total Space | 4,04 Gb Free Space | 20,64% Space Free | Partition Type: NTFS
Drive E: | 184,01 Gb Total Space | 38,81 Gb Free Space | 21,09% Space Free | Partition Type: NTFS
Drive F: | 29,20 Gb Total Space | 8,57 Gb Free Space | 29,36% Space Free | Partition Type: NTFS
 
Computer Name: INTEL775-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2017.09.10 14:59:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2017.08.21 07:32:12 | 006,058,960 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
SRV:64bit: - [2015.06.10 07:04:20 | 001,255,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015.06.10 06:48:03 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2015.06.10 06:40:39 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2017.09.07 06:51:50 | 001,610,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2017.06.27 11:49:17 | 000,411,096 | ---- | M] (ASUSTeK Computer Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\AXSP\2.00.09\atkexComSvc.exe -- (asComSvc)
SRV - [2017.06.01 16:24:11 | 000,975,832 | ---- | M] (ASUSTeK Computer Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe -- (asHmComSvc)
SRV - [2015.11.05 20:36:48 | 000,105,144 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2015.06.10 06:52:00 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2017.08.27 20:52:50 | 000,283,480 | ---- | M] (Sysprogs OU) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BazisPortableCDBus.sys -- (BazisPortableCDBus)
DRV:64bit: - [2015.06.10 17:07:05 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2015.06.10 17:07:05 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2015.06.10 06:47:19 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2015.06.10 06:47:19 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2015.06.10 06:43:13 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2015.06.10 06:42:25 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2015.06.10 06:42:25 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.05.12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011.12.20 08:59:12 | 002,727,936 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2011.12.07 20:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
 
 
 
IE - HKU\S-1-5-21-1066935764-1894680920-224314404-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-1066935764-1894680920-224314404-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com[binary data]
IE - HKU\S-1-5-21-1066935764-1894680920-224314404-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://imp.ytdwld.co...r=spigot-yhp-ie
IE - HKU\S-1-5-21-1066935764-1894680920-224314404-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1066935764-1894680920-224314404-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKU\S-1-5-21-1066935764-1894680920-224314404-500\..\SearchScopes\{94683077-5D43-404D-AE2C-F4AE548CC9E2}: "URL" = http://imp.ytdwld.co...t={searchTerms}
IE - HKU\S-1-5-21-1066935764-1894680920-224314404-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.14.8_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6017.605.1.4_0\
 
O1 HOSTS File: ([2017.05.24 00:12:12 | 000,000,917 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1   q4master.idsoftware.com
O1 - Hosts: 127.0.0.1   idnet.ua-corp.com
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1066935764-1894680920-224314404-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00946D43-86E9-423C-96E9-FF3239925EE2}: DhcpNameServer = 192.168.0.1
O20:64bit: - AppInit_DLLs: (prio.dll) - C:\Program Files\Prio\prio.dll (O&K Software)
O20 - AppInit_DLLs: (prio32.dll) - C:\Program Files\Prio\prio32.dll (O&K Software)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2017.09.10 14:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2017.09.10 14:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2017.09.10 14:00:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ESET
[2017.09.10 13:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2017.09.10 13:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\WebDiscoverBrowser
[2017.09.10 13:12:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67}
[2017.09.10 13:08:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\youtubejs
[2017.09.10 13:08:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Bigasoft Video Downloader Pro
[2017.09.10 13:08:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Bigasoft Video Downloader Pro
[2017.09.10 13:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bigasoft
[2017.09.10 12:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTubeSongDownloader
[2017.08.31 22:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\AISuite
[2017.08.31 22:52:09 | 000,028,672 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\AsIO.dll
[2017.08.31 22:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS
[2017.08.31 22:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2017.08.31 22:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS AI Suite
[2017.08.27 20:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\Tabletop Simulator
[2017.08.25 00:07:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Futuremark
[2017.08.13 16:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titan Quest Anniversary Edition
[2017.08.13 16:34:44 | 000,283,480 | ---- | C] (Sysprogs OU) -- C:\Windows\SysNative\drivers\BazisPortableCDBus.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2017.09.10 14:15:19 | 000,000,874 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\prio.ini
[2017.09.10 14:14:55 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017.09.10 13:45:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017.09.10 13:22:06 | 000,298,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2017.09.10 13:17:39 | 000,001,884 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20170910_131737.reg
[2017.09.08 21:58:55 | 007,499,574 | ---- | M] () -- C:\Users\Administrator\Desktop\New Bitmap Image.bmp
[2017.09.02 09:12:21 | 000,000,259 | ---- | M] () -- C:\Windows\prio.ini
[2017.08.31 14:54:32 | 000,000,135 | ---- | M] () -- C:\Users\Administrator\Desktop\RandomRambo - Twitch.url
[2017.08.27 20:52:50 | 000,283,480 | ---- | M] (Sysprogs OU) -- C:\Windows\SysNative\drivers\BazisPortableCDBus.sys
[2017.08.27 01:40:26 | 000,004,809 | ---- | M] () -- C:\Users\Administrator\Desktop\avatar92.jpg
[2017.08.24 16:17:54 | 000,000,061 | ---- | M] () -- C:\Users\Administrator\Desktop\AndyMilonakis - Twitch.url
[2017.08.24 11:27:36 | 000,077,440 | ---- | M] () -- C:\Windows\SysNative\drivers\mbae64.sys
[2017.08.24 10:27:20 | 000,003,558 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20170824_102718.reg
[2017.08.22 18:35:57 | 000,001,881 | ---- | M] () -- C:\Users\Administrator\Desktop\csgo - Shortcut.lnk
[2017.08.22 18:35:44 | 000,001,651 | ---- | M] () -- C:\Users\Administrator\Desktop\nvidiaInspector.exe - Shortcut.lnk
[2017.08.21 19:35:17 | 000,001,503 | ---- | M] () -- C:\Users\Administrator\Desktop\csgo.exe - Shortcut.lnk
[2017.08.21 19:34:23 | 000,000,219 | ---- | M] () -- C:\Users\Administrator\Desktop\Counter-Strike Global Offensive.url
[2017.08.20 10:56:19 | 000,001,638 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20170820_105617.reg
[2017.08.20 00:10:04 | 000,728,064 | ---- | M] () -- C:\Users\Administrator\AppData\Local\file__0.localstorage
[2017.08.15 13:30:42 | 000,002,450 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20170815_133040.reg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2017.09.10 14:14:04 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017.09.10 14:14:03 | 000,077,440 | ---- | C] () -- C:\Windows\SysNative\drivers\mbae64.sys
[2017.09.10 13:17:39 | 000,001,884 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20170910_131737.reg
[2017.09.08 20:59:48 | 007,499,574 | ---- | C] () -- C:\Users\Administrator\Desktop\New Bitmap Image.bmp
[2017.08.31 22:52:09 | 000,015,232 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2017.08.27 01:40:26 | 000,004,809 | ---- | C] () -- C:\Users\Administrator\Desktop\avatar92.jpg
[2017.08.24 16:17:54 | 000,000,061 | ---- | C] () -- C:\Users\Administrator\Desktop\AndyMilonakis - Twitch.url
[2017.08.24 10:27:19 | 000,003,558 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20170824_102718.reg
[2017.08.22 23:19:35 | 000,000,135 | ---- | C] () -- C:\Users\Administrator\Desktop\RandomRambo - Twitch.url
[2017.08.22 18:35:57 | 000,001,881 | ---- | C] () -- C:\Users\Administrator\Desktop\csgo - Shortcut.lnk
[2017.08.22 18:35:44 | 000,001,651 | ---- | C] () -- C:\Users\Administrator\Desktop\nvidiaInspector.exe - Shortcut.lnk
[2017.08.21 19:35:17 | 000,001,503 | ---- | C] () -- C:\Users\Administrator\Desktop\csgo.exe - Shortcut.lnk
[2017.08.21 19:34:23 | 000,000,219 | ---- | C] () -- C:\Users\Administrator\Desktop\Counter-Strike Global Offensive.url
[2017.08.20 10:56:18 | 000,001,638 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20170820_105617.reg
[2017.08.15 13:30:41 | 000,002,450 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20170815_133040.reg
[2017.05.24 18:57:09 | 000,728,064 | ---- | C] () -- C:\Users\Administrator\AppData\Local\file__0.localstorage
[2017.05.24 00:29:06 | 000,000,934 | ---- | C] () -- C:\Windows\QIII.INI
[2017.05.24 00:29:06 | 000,000,032 | ---- | C] () -- C:\Windows\Q3version.ini
[2017.05.24 00:29:06 | 000,000,031 | ---- | C] () -- C:\Windows\Q3CDKey.ini
[2017.05.24 00:12:11 | 000,685,102 | -HS- | C] () -- C:\Users\Administrator\AppData\Roaming\unhosts.exe
[2017.05.23 19:07:51 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2017.05.22 11:17:34 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2017.05.21 20:18:56 | 000,000,874 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\prio.ini
[2017.05.21 19:45:52 | 000,000,259 | ---- | C] () -- C:\Windows\prio.ini
[2017.05.21 18:29:50 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2017.05.21 18:29:50 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2017.05.21 18:29:50 | 000,000,049 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2017.05.21 18:29:44 | 000,044,950 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2017.05.21 18:29:39 | 000,000,907 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2017.05.21 18:29:37 | 000,005,066 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2017.05.21 18:29:35 | 000,000,594 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2017.05.21 17:24:12 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015.06.10 07:01:12 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015.06.10 07:01:12 | 012,875,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
 
 

OTL Extras logfile created on: 10.09.2017 15:29:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17843)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 77,57% Memory free
3,25 Gb Paging File | 2,62 Gb Available in Paging File | 80,53% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 60,16 Gb Free Space | 25,83% Space Free | Partition Type: NTFS
Drive D: | 19,58 Gb Total Space | 4,04 Gb Free Space | 20,64% Space Free | Partition Type: NTFS
Drive E: | 184,01 Gb Total Space | 38,81 Gb Free Space | 21,09% Space Free | Partition Type: NTFS
Drive F: | 29,20 Gb Total Space | 8,57 Gb Free Space | 29,36% Space Free | Partition Type: NTFS
 
Computer Name: INTEL775-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc64.enqueue] -- "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc64.play] -- "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" "%1" (MPC-HC Team)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc64.enqueue] -- "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc64.play] -- "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" "%1" (MPC-HC Team)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{474DA6FE-FFF3-4DF9-958C-A69D71CB5188}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1649E0C7-817A-4920-A92C-F13AF54FE07E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{392D15F8-7B83-40D7-AE56-C13A59CC2111}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{95C057FD-8540-48FF-8235-95E335C59C33}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe | 
"{B9F38802-253B-4CF7-8765-19A21181787A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes version 3.2.2.2018
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{50A2BC33-C9CD-3BF1-A8FF-53C10A0B183C}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24215
"{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.6.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 342.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 342.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.16.0318
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}" = Microsoft .NET Framework 4.6.1
"{CB0836EC-B072-368D-82B2-D3470BF95707}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{EF1EC6A9-17DE-3DA9-B040-686A1E8A8B04}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24215
"CCleaner" = CCleaner
"C-Media Oxygen HD Audio Driver" = ASUS Xonar DG Audio Driver
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.79
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.31
"Prio" = Prio
"Steam App 10" = Counter-Strike
"Steam App 232910" = TrackMania² Stadium
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 730" = Counter-Strike: Global Offensive
"WinRAR archiver" = WinRAR 5.21 (64-Bit)
"YWdlb2ZlbXBpcmVzaWloZA_is1" = Age of Empires II HD The Rise of the Rajas GERMAN
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{1045AB6F-6151-3634-8C2C-EE308AA1A6A7}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23506
"{23daf363-3020-4059-b3ae-dc4ad39fed19}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506
"{4C109C49-5A19-458B-8DF6-A2C469A92679}" = Port Forward Network Utilities
"{4fd02573-5f12-4ae4-8027-c63f8e1115af}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{577ff5ba-39aa-4d8c-a3a9-f95012763438}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{65AD78AD-D23D-3A1E-9305-3AE65CD522C2}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23506
"{7D27AC27-37F4-4A30-A1FC-53D22549F468}_is1" = Söldner Secret Wars Language Pack German Version 1.1
"{7DAD0258-515C-3DD4-8964-BD714199E0F7}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660
"{82f2609e-68ba-408d-963f-530ad8809435}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660
"{8D5FCC56-BB9F-4122-923C-71753F50F6F5}" = OpenOffice 4.1.3
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{b341426f-8543-4e0d-96c3-e976f8ec5ab6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{d992c12e-cab2-426f-bde3-fb8c53950b0d}" = Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
"{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3AF62F5-665E-4B3E-8899-5C46D1793391}_is1" = Söldner Secret Wars - Community Edition version 33980
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"1207658715_is1" = Painkiller Black
"1207658793_is1" = Heritage of Kings - The Settlers
"1207667043_is1" = Mortal Kombat
"1207667053_is1" = Mortal Kombat 2
"1207667063_is1" = Mortal Kombat 3
"2086050016_is1" = SimCity 3000 Unlimited
"AdiIRC" = AdiIRC
"Any Video Converter Ultimate_is1" = Any Video Converter Ultimate 6.1.3
"FINAL FANTASY IX_is1" = FINAL FANTASY IX
"Final Fantasy VIII_is1" = Final Fantasy VIII
"Fraps" = Fraps
"GOGPACKSTALKERCOP_is1" = S.T.A.L.K.E.R. Call of Pripyat
"GOGPACKSTALKERSHOC_is1" = S.T.A.L.K.E.R. Shadow of Chernobyl
"GOGPACKSTALKERSTCS_is1" = S.T.A.L.K.E.R. Clear Sky
"Google Chrome" = Google Chrome
"Gothic II - Gold Edition_is1" = Gothic II - Gold Edition
"KLiteCodecPack_is1" = K-Lite Codec Pack 13.1.6 Standard
"OpenAL" = OpenAL
"pcsx2" = PCSX2 - Playstation 2 Emulator
"Quake3BTPUninstallKey_is1" = Quake III Mod: Beyond the Portals
"Quake3CPMAUninstallKey_is1" = Quake III Mod: Challenge ProMode Arena
"Quake3EXPlusUninstallKey_is1" = Quake III Mod: Excessive Plus
"Quake3InvasionUninstallKey_is1" = Quake III Mod: Invasion
"Quake3LegoCUninstallKey_is1" = Quake III Mod: Lego Carnage
"Quake3LostArenaUninstallKey_is1" = Quake III Mod: Lost Arena
"Quake3MatrixUninstallKey_is1" = Quake III Mod: Matrix
"Quake3mmzeroxUninstallKey_is1" = Quake III Mod: Mega Man X Zero
"Quake3MonkeyUninstallKey_is1" = Quake III Mod: Monkey Kombat
"Quake3OSPUninstallKey_is1" = Quake III Mod: OSP Tourney Q3A
"Quake3PKAUninstallKey_is1" = Quake III Mod: PainKeep Arena
"Quake3RallyUninstallKey_is1" = Quake III Mod: Quake 3 Rally
"Quake3UninstallKey_is1" = Quake III: Arena
"Quake4UninstallKey_is1" = Quake 4
"Steam" = Steam
"The Elder Scrolls V Skyrim - Legendary Edition_is1" = The Elder Scrolls V Skyrim - Legendary Edition
"Titan Quest Anniversary Edition_is1" = Titan Quest Anniversary Edition
"Unigine Heaven Benchmark (Basic Edition)_is1" = Heaven Benchmark version 4.0
"Wildlife Park 3 Dino Invasion_is1" = Wildlife Park 3 Dino Invasion
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
 
< End of report >
 

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,749 posts
  • MVP

Something ugly I'm afraid:

 

mpsdrv => Firewall Dienst läuft nicht.
MpsSvc => Firewall Dienst läuft nicht.
bfe => Firewall Dienst läuft nicht.
 
Download ESET's Service Repair http://www.wintips.o...vicesRepair.zipand Save it then right click on it Extract All.
 
Find ServicesRepair.exe and Run As Admin.  Reboot when done and run a new FRST scan with addition.txt checked.  Post both logs.
 

  • 0

#3
zhazzy

zhazzy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

nothing else fishy, like bad 3rd party software? just the firewall thingy service? then i'm ok and thank you for taking your time


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,749 posts
  • MVP

WMI & System Restore are also not working.  BFE is a critical service often attacked by the zero access malware.   I would run the free online ESET scan and see if it finds anything 

 

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  
 
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

  • 0

#5
zhazzy

zhazzy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Ive disabled all those services on my own, also Base Filtering Engine.

 

I became panic because ive installed yesterday 3 warez programs and neither of them did work. One of them installed some [bleep] toolbar and this "microsoft_vc100_crt_sp1_x86". deinstalled all of it - hope so.

 

i would like to share a pic of my taskmg is it normal for chrome to have this much udp tasks - if not could this be a hint of a botnet?

 

i dont wanna sound stubborn for asking "other" questions instead of doing what uve told me to do

Attached Thumbnails

  • Untitled.png

Edited by zhazzy, 11 September 2017 - 06:41 AM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,749 posts
  • MVP

How many tabs do you have open?  If you go into Chrome, Settings, Advanced then scroll down to System you will see an option to Continue Running Background Apps when Google Chrome is closed.  Make sure it is off.  Close Chrome.  Open just one tab then:

 

Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP