|
Log-Analyse und Auswertung: Windows 7 : Windows Explorer öffnet sich oft im Hintergrund mit zu viel ArbeitsspeicherWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
01.09.2014, 15:12 | #1 |
| Windows 7 : Windows Explorer öffnet sich oft im Hintergrund mit zu viel Arbeitsspeicher Hallo, ich hatte seit einiger Zeit das Problem, dass ich in sämtlichen I-net Browsern Werbung von ad wizard u.ä. bekam und entfernte diese Addons aus dem Programmverzeichnis von Windows. Seitdem hab ich nun aber das Problem, dass sich der Internet Explorer immer selbst im Hintergrund öffnete (alle 30s ein neuer Prozess). daraufhin habe ich den Internet Explorer aus dem System entfernt, habe nun aber das Problem, dass sich statt des Internet Explorers der Windows Explorer in den Prozessen vervielfältigt (Arbeitsspeicher bis 400K) und dadurch auch die Internetleistung verringert. In Online Spielen muss ich so beispielsweise alle 20s den Bildschirm klein machen um die unnötigen Prozesse zu beenden. hier das FRST log Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02 Ran by Basti (administrator) on KUNDEN-C2A4T6U6 on 01-09-2014 14:55:44 Running from C:\Users\Basti\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Windows\System32\PnkBstrA.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe () C:\Windows\DAODx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe () C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (Creative Technology Ltd.) C:\Windows\V0640Mon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe () C:\Program Files (x86)\Drakonia Configurator\hid.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor) HKLM-x32\...\Run: [G Data AntiVirus Tray Application] => C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-08-02] (CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-23] (cyberlink) HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-08-07] (Bitleader) HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2010-12-23] (CyberLink Corp.) HKLM-x32\...\Run: [Live! Central 2] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 2\CTLVCentral2.exe [426140 2009-11-04] (Creative Technology Ltd) HKLM-x32\...\Run: [V0640Mon.exe] => C:\Windows\V0640Mon.exe [28672 2009-09-22] (Creative Technology Ltd.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] () HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-703785417-1565345126-2984759567-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1937600 2014-08-14] (Valve Corporation) HKU\S-1-5-21-703785417-1565345126-2984759567-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden HKU\S-1-5-21-703785417-1565345126-2984759567-1001\...\Run: [Windows Remote Service] => C:\Users\Basti\Desktop\Isos uns Setups\WinRemoteService_v1.2.9_portable\Windows Remote Service\WindowsRemoteService.exe [173568 2013-05-24] (Banamalon) HKU\S-1-5-21-703785417-1565345126-2984759567-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-703785417-1565345126-2984759567-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-703785417-1565345126-2984759567-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-08-31] (Electronic Arts) HKU\S-1-5-21-703785417-1565345126-2984759567-1001\...\MountPoints2: {9b9067ea-de6c-11e1-bf3d-806e6f6e6963} - D:\setup.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk ShortcutTarget: Play Wireless USB Adapter Utility.lnk -> C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe () Startup: C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk ShortcutTarget: Xfire.lnk -> C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=93ece75e-2672-b8d2-08f9-8178b9479fc1&searchtype=ds&q={searchTerms}&installDate={installDate} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://facebook.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://syb.msn.com hxxp://www.tecstore.net HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2A10C333036FCD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1381008728051&tguid=66920-6787-1381008728051-9434732C2688D9480473067CC62C039D&st=chrome&q= HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=93ece75e-2672-b8d2-08f9-8178b9479fc1&searchtype=ds&q={searchTerms}&installDate={installDate} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1381008728051&tguid=66920-6787-1381008728051-9434732C2688D9480473067CC62C039D&st=chrome&q= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope {98BF414D-8E2C-4584-B853-F3A6F5935D27} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1381008728051&tguid=66920-6787-1381008728051-9434732C2688D9480473067CC62C039D&q={searchTerms} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {98bf414d-8e2c-4584-b853-f3a6f5935d27} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1381008728051&tguid=66920-6787-1381008728051-9434732C2688D9480473067CC62C039D&q={searchTerms} SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=93ece75e-2672-b8d2-08f9-8178b9479fc1&searchtype=ds&q={searchTerms}&installDate={installDate} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=93ece75e-2672-b8d2-08f9-8178b9479fc1&searchtype=ds&q={searchTerms}&installDate={installDate} SearchScopes: HKCU - {010D46DF-85CC-4552-ABDC-7D8BF9F1EE08} URL = hxxp://www.ant.com/search?s=browser&q={searchTerms} SearchScopes: HKCU - {17B1D3AE-2CD3-4200-BFB1-BB1A7AF25B04} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=4D0BBBD8-62F0-4122-A06B-5E95CB2E58D3&apn_sauid=B1968C2B-D17E-44D0-ADAD-A85600365777 SearchScopes: HKCU - {4327fabe-3c22-4689-8dbf-d226cf777fe9} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1381008728051&tguid=66920-6787-1381008728051-9434732C2688D9480473067CC62C039D&q={searchTerms} SearchScopes: HKCU - {98BF414D-8E2C-4584-B853-F3A6F5935D27} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Ant.com browser helper (video detector) -> {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} -> C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com) BHO-x32: Funmoods Helper Object -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Ant.com Video Downloader toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File Toolbar: HKCU - No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\o6lub96e.default-1408107985754 FF Homepage: hxxp://de-de.facebook.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff FF HKLM-x32\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta993.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta993\ff FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha906.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha906\ff FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewerV1alpha1969.net] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1969\ff FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha8334.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8334\ff FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha5279.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5279\ff FF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home278.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home278\ff FF HKLM-x32\...\Firefox\Extensions: [ext@MediaBuzzV1mode6079.net] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6079\ff FF HKLM-x32\...\Firefox\Extensions: [ext@TrustMediaViewerV1alpha2380.net] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2380\ff Chrome: ======= CHR Profile: C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-24] CHR Extension: (Google Drive) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-24] CHR Extension: (YouTube) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-24] CHR Extension: (Google-Suche) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-24] CHR Extension: (Google Wallet) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-24] CHR Extension: (Google Mail) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-24] CHR HKLM-x32\...\Chrome\Extension: [cadmbhkjimoafaokdfdmpebbiapadccm] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6079\ch\MediaBuzzV1mode6079.crx [] CHR HKLM-x32\...\Chrome\Extension: [caeconejdgkoefeelomjfkkfcinkehlc] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8334\ch\MediaViewV1alpha8334.crx [] CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx [] CHR HKLM-x32\...\Chrome\Extension: [fepenaahbicpoholbpjhhilciepkeock] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha2380\ch\TrustMediaViewerV1alpha2380.crx [] CHR HKLM-x32\...\Chrome\Extension: [kfdfaggkibkljaklfepfminnfpfniijl] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1969\ch\MediaViewerV1alpha1969.crx [] CHR HKLM-x32\...\Chrome\Extension: [llopbnfbphgdlgapmfbdfeldkodlohaa] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home278\ch\MediaWatchV1home278.crx [] CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [] CHR HKLM-x32\...\Chrome\Extension: [onaefacfpoloobkpanchplbmpndadfog] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta993\ch\VideoPlayerV3beta993.crx [] CHR HKLM-x32\...\Chrome\Extension: [pnfeojhdgncechblgmlmehmjdhhikmhj] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5279\ch\MediaViewV1alpha5279.crx [] CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed] S3 Ant App service; C:\Program Files (x86)\Ant.com\File1 Package Manager\AppService.exe [504816 2013-02-05] (Helios Technologies Ltd) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.) S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-23] (CyberLink) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-19] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-19] () R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed] R2 WLANBelkinService; C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed] S2 DisplayFusionService; "C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe" [X] R3 WinHttpAutoProxySvc; winhttp.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-09-27] () R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.) R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-03] (DT Soft Ltd) S3 hugoio64; C:\Windows\system32\drivers\hugoio64.sys [13920 2012-08-06] () R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-09-27] () S3 V0640Vid; C:\Windows\System32\DRIVERS\V0640Vid.sys [319520 2009-12-03] (Creative Technology Ltd.) S3 tswNT; \??\C:\Users\ADMINI~1\AppData\Local\Temp\00013255\tswnt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-01 14:55 - 2014-09-01 14:56 - 00024060 _____ () C:\Users\Basti\Downloads\FRST.txt 2014-09-01 14:55 - 2014-09-01 14:55 - 00000000 ____D () C:\FRST 2014-09-01 14:54 - 2014-09-01 14:54 - 02104832 _____ (Farbar) C:\Users\Basti\Downloads\FRST64.exe 2014-09-01 14:53 - 2014-09-01 14:53 - 00000542 _____ () C:\Users\Basti\Downloads\defogger_disable.log 2014-09-01 14:53 - 2014-09-01 14:53 - 00000168 _____ () C:\Users\Basti\defogger_reenable 2014-09-01 14:52 - 2014-09-01 14:52 - 00050477 _____ () C:\Users\Basti\Downloads\Defogger.exe 2014-08-31 18:57 - 2014-08-31 18:57 - 00000000 ____D () C:\Users\Basti\AppData\Roaming\AVG2014 2014-08-31 18:56 - 2014-08-31 18:56 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-08-31 18:56 - 2014-08-31 18:56 - 00000000 ____D () C:\Users\Basti\AppData\Roaming\TuneUp Software 2014-08-31 18:56 - 2014-08-31 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-08-31 18:55 - 2014-09-01 14:32 - 00000000 ____D () C:\ProgramData\AVG2014 2014-08-31 18:55 - 2014-08-31 18:55 - 00000000 ___HD () C:\$AVG 2014-08-31 18:55 - 2014-08-31 18:55 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-08-31 18:44 - 2014-09-01 14:34 - 00000000 ____D () C:\ProgramData\MFAData 2014-08-31 18:44 - 2014-08-31 19:29 - 00000000 ____D () C:\Users\Basti\AppData\Local\Avg2014 2014-08-31 18:44 - 2014-08-31 18:44 - 00000000 ____D () C:\Users\Basti\AppData\Local\MFAData 2014-08-31 18:43 - 2014-08-31 18:44 - 04755920 _____ (AVG Technologies) C:\Users\Basti\Downloads\avg_avct_stb_all_2014_4744_comppg_24.exe 2014-08-31 16:04 - 2014-08-31 16:05 - 00000000 ____D () C:\Users\Basti\AppData\Local\Origin 2014-08-31 15:52 - 2014-09-01 14:30 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-08-31 15:52 - 2014-08-31 15:52 - 00000979 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-08-31 15:52 - 2014-08-31 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2014-08-31 15:44 - 2014-08-31 15:44 - 01397992 _____ () C:\Users\Basti\Downloads\battlelog-web-plugins_2.5.0_148.exe 2014-08-31 14:37 - 2014-08-31 14:38 - 02478784 _____ (Sysinternals - www.sysinternals.com) C:\Users\Basti\Downloads\procexp03 (1).exe 2014-08-31 14:30 - 2014-08-31 14:31 - 02478784 _____ (Sysinternals - www.sysinternals.com) C:\Users\Basti\Downloads\procexp03.exe 2014-08-25 19:28 - 2014-09-01 14:32 - 00000000 ____D () C:\Users\Basti\AppData\Roaming\Yqnu 2014-08-25 19:28 - 2014-08-25 19:33 - 00000000 ____D () C:\Users\Basti\AppData\Roaming\Osug 2014-08-24 18:21 - 2014-08-24 18:21 - 04495528 _____ () C:\Users\Basti\Downloads\AbsolutUninstaller_5.3.1.17.exe 2014-08-24 18:21 - 2014-08-24 18:21 - 00001270 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk 2014-08-24 18:21 - 2014-08-24 18:21 - 00001258 _____ () C:\Users\Public\Desktop\Absolute Uninstaller.lnk 2014-08-24 18:21 - 2014-08-24 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft 2014-08-24 18:21 - 2014-08-24 18:21 - 00000000 ____D () C:\Program Files (x86)\Glarysoft 2014-08-24 18:05 - 2014-08-24 18:05 - 00002247 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-08-24 18:05 - 2014-08-24 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-08-24 17:54 - 2014-09-01 14:29 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-24 17:54 - 2014-08-31 20:59 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-24 17:54 - 2014-08-24 18:05 - 00000000 ____D () C:\Program Files (x86)\Google 2014-08-24 17:54 - 2014-08-24 17:54 - 00895120 _____ (Google Inc.) C:\Users\Basti\Downloads\ChromeSetup.exe 2014-08-24 17:54 - 2014-08-24 17:54 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-08-24 17:54 - 2014-08-24 17:54 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-08-24 17:33 - 2014-08-31 20:15 - 00000000 ____D () C:\Users\Basti\AppData\Roaming\Ovco 2014-08-24 17:33 - 2014-08-24 17:38 - 00000000 ____D () C:\Users\Basti\AppData\Roaming\Imzec 2014-08-24 17:24 - 2014-08-24 17:24 - 00000687 _____ () C:\awhE8F7.tmp 2014-08-24 17:03 - 2014-08-24 17:06 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} 2014-08-24 16:59 - 2014-09-01 14:32 - 00000000 ____D () C:\ProgramData\AgumInij 2014-08-24 16:59 - 2014-08-24 16:59 - 00000687 _____ () C:\awhE3C9.tmp 2014-08-24 05:36 - 2014-09-01 14:31 - 00000000 ____D () C:\ProgramData\AtlisUwmeh 2014-08-24 05:36 - 2014-08-24 16:59 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-08-24 04:41 - 2014-08-24 04:41 - 00000687 _____ () C:\awhE003.tmp 2014-08-24 04:06 - 2014-08-24 04:06 - 00000687 _____ () C:\awhDBCD.tmp 2014-08-23 23:44 - 2014-08-23 23:53 - 46684696 _____ (PokerStars) C:\Users\Basti\Downloads\PokerStarsInstallPM.exe 2014-08-23 18:37 - 2014-08-23 18:37 - 00000687 _____ () C:\awh65CA.tmp 2014-08-22 14:45 - 2014-08-22 14:45 - 00000687 _____ () C:\awhE214.tmp 2014-08-21 16:10 - 2014-08-21 16:10 - 00000687 _____ () C:\awhE5BC.tmp 2014-08-20 15:34 - 2014-08-20 15:34 - 00000687 _____ () C:\awhE4C2.tmp 2014-08-19 22:13 - 2014-09-01 14:37 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-08-19 22:13 - 2014-08-31 20:35 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex1 2014-08-19 22:13 - 2014-08-19 22:13 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-08-19 18:47 - 2014-08-19 18:47 - 00000687 _____ () C:\awhFEE7.tmp 2014-08-19 15:04 - 2014-08-19 15:04 - 00000687 _____ () C:\awhDE7C.tmp 2014-08-18 22:50 - 2014-08-19 22:17 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe 2014-08-18 22:33 - 2014-08-18 22:33 - 00003140 _____ () C:\Windows\System32\Tasks\{32F8C2B5-B270-459D-AC50-DE0EC6FE4C50} 2014-08-18 22:22 - 2014-08-18 22:22 - 02247976 _____ () C:\Users\Basti\Downloads\battlelog-web-plugins_2.4.0_145(1).exe 2014-08-18 22:19 - 2014-08-18 22:19 - 00714207 _____ () C:\Users\Basti\Downloads\pbsetup-37.zip 2014-08-18 22:13 - 2014-08-18 22:13 - 01101648 _____ () C:\Users\Basti\Downloads\PunkBuster - CHIP-Installer.exe 2014-08-18 14:17 - 2014-08-18 14:34 - 00000000 ____D () C:\Users\Basti\AppData\Roaming\.minecraft 2014-08-18 13:03 - 2014-08-18 13:03 - 00000687 _____ () C:\awhEC41.tmp 2014-08-17 18:37 - 2014-08-17 18:37 - 00000687 _____ () C:\awhD326.tmp 2014-08-15 15:11 - 2014-08-15 15:11 - 00244408 _____ () C:\Users\Basti\Downloads\Firefox Setup Stub 31.0.exe 2014-08-15 15:06 - 2014-08-15 15:06 - 00000000 ____D () C:\Users\Basti\Desktop\Alte Firefox-Daten 2014-08-15 13:31 - 2014-08-15 13:31 - 00000687 _____ () C:\awhE455.tmp 2014-08-15 13:25 - 2014-08-15 13:25 - 01192533 _____ () C:\Windows\unins000.exe 2014-08-15 13:25 - 2014-08-15 13:25 - 00018426 _____ () C:\Windows\unins000.dat 2014-08-15 13:25 - 2014-08-15 13:25 - 00000000 ____D () C:\Users\Basti\AppData\Roaming\MingGuan 2014-08-15 13:25 - 2014-08-15 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drakonia Black 2014-08-15 13:25 - 2014-08-15 13:25 - 00000000 ____D () C:\Program Files (x86)\Drakonia Configurator 2014-08-15 12:05 - 2014-08-15 12:05 - 00000687 _____ () C:\awh8ACA.tmp 2014-08-15 11:33 - 2014-08-15 11:33 - 02247976 _____ () C:\Users\Basti\Downloads\battlelog-web-plugins_2.4.0_145.exe 2014-08-14 16:05 - 2014-08-31 14:52 - 00004096 _____ () C:\Users\Public\Documents\000099A0.LCS 2014-08-14 16:05 - 2014-08-21 20:50 - 00000000 ____D () C:\Users\Basti\AppData\Local\Risen3 2014-08-14 16:05 - 2014-08-14 16:05 - 00000000 ____D () C:\Users\Basti\AppData\Roaming\ProtectDISC 2014-08-14 15:28 - 2014-08-14 15:28 - 00002277 _____ () C:\Users\Public\Desktop\Risen 3 - Titan Lords.lnk 2014-08-14 15:25 - 2014-08-14 15:25 - 00000000 ____D () C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP 2014-08-14 15:06 - 2014-08-14 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver 2014-08-13 12:29 - 2014-08-13 12:29 - 00002119 _____ () C:\Users\Basti\Desktop\Firefox - CHIP Downloader.lnk 2014-08-13 12:29 - 2014-08-13 12:29 - 00000687 _____ () C:\awhEA2F.tmp 2014-08-13 12:28 - 2014-08-13 12:28 - 01101648 _____ () C:\Users\Basti\Downloads\Firefox - CHIP-Installer.exe 2014-08-12 12:57 - 2014-08-12 12:57 - 00000687 _____ () C:\awhF94C.tmp 2014-08-11 15:05 - 2014-08-11 15:04 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-11 14:50 - 2014-08-11 14:50 - 00000687 _____ () C:\awhED79.tmp 2014-08-11 14:15 - 2014-08-11 14:15 - 00000291 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log 2014-08-11 14:13 - 2014-08-11 14:13 - 00918440 _____ (Oracle Corporation) C:\Users\Basti\Downloads\JavaSetup7u67.exe 2014-08-11 12:34 - 2014-08-11 12:34 - 00000687 _____ () C:\awhDDFF.tmp 2014-08-10 15:15 - 2014-08-10 15:15 - 00000687 _____ () C:\awhDC0C.tmp 2014-08-09 13:32 - 2014-08-09 13:32 - 00000687 _____ () C:\awhDD82.tmp 2014-08-08 19:30 - 2014-08-08 19:44 - 41171024 _____ (Google Inc.) C:\Users\Basti\Downloads\ChromeStandaloneSetup-1985.125.exe 2014-08-08 11:44 - 2014-08-08 11:44 - 00000687 _____ () C:\awhEA6D.tmp 2014-08-07 14:20 - 2014-08-07 14:20 - 00000687 _____ () C:\awh933.tmp 2014-08-06 20:07 - 2014-08-06 20:07 - 00000687 _____ () C:\awhE752.tmp 2014-08-06 13:16 - 2014-08-06 13:16 - 00000687 _____ () C:\awhDF37.tmp 2014-08-06 10:50 - 2014-08-06 10:50 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2014-08-05 13:14 - 2014-08-05 13:14 - 00000687 _____ () C:\awhF49A.tmp 2014-08-04 13:37 - 2014-08-04 13:37 - 00000687 _____ () C:\awhE002.tmp 2014-08-03 14:13 - 2014-08-03 14:13 - 00000687 _____ () C:\awhDB41.tmp 2014-08-02 18:37 - 2014-08-02 18:37 - 00000687 _____ () C:\awhED5.tmp 2014-08-02 02:02 - 2014-08-02 02:02 - 00000687 _____ () C:\awhDE8B.tmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-01 14:56 - 2014-09-01 14:55 - 00024060 _____ () C:\Users\Basti\Downloads\FRST.txt 2014-09-01 14:55 - 2014-09-01 14:55 - 00000000 ____D () C:\FRST 2014-09-01 14:54 - 2014-09-01 14:54 - 02104832 _____ (Farbar) C:\Users\Basti\Downloads\FRST64.exe 2014-09-01 14:53 - 2014-09-01 14:53 - 00000542 _____ () C:\Users\Basti\Downloads\defogger_disable.log 2014-09-01 14:53 - 2014-09-01 14:53 - 00000168 _____ () C:\Users\Basti\defogger_reenable 2014-09-01 14:53 - 2012-07-31 11:12 - 00000000 ____D () C:\Users\Basti 2014-09-01 14:52 - 2014-09-01 14:52 - 00050477 _____ () C:\Users\Basti\Downloads\Defogger.exe 2014-09-01 14:50 - 2013-05-21 21:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-01 14:44 - 2012-07-31 12:07 - 00000000 ____D () C:\ProgramData\Origin 2014-09-01 14:37 - 2014-08-19 22:13 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-09-01 14:37 - 2009-07-14 06:45 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-01 14:37 - 2009-07-14 06:45 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-01 14:34 - 2014-08-31 18:44 - 00000000 ____D () C:\ProgramData\MFAData 2014-09-01 14:33 - 2012-07-30 16:40 - 01404422 _____ () C:\Windows\WindowsUpdate.log 2014-09-01 14:32 - 2014-08-31 18:55 - 00000000 ____D () C:\ProgramData\AVG2014 2014-09-01 14:32 - 2014-08-25 19:28 - 00000000 ____D () C:\Users\Basti\AppData\Roaming\Yqnu 2014-09-01 14:32 - 2014-08-24 16:59 - 00000000 ____D () C:\ProgramData\AgumInij 2014-09-01 14:32 - 2012-07-31 12:24 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-09-01 14:32 - 2010-11-21 05:24 - 00000000 __SHD () C:\Users\Basti\AppData\Roaming\dwcvajjb 2014-09-01 14:31 - 2014-08-24 05:36 - 00000000 ____D () C:\ProgramData\AtlisUwmeh 2014-09-01 14:31 - 2013-02-04 13:30 - 00000356 _____ () C:\Windows\Tasks\AmiUpdXp.job 2014-09-01 14:31 - 2013-02-04 13:30 - 00000000 ____D () C:\Users\Basti\AppData\Local\SwvUpdater 2014-09-01 14:31 - 2012-08-02 00:29 - 00000000 ____D () C:\Users\Basti\AppData\Roaming\Skype 2014-09-01 14:30 - 2014-08-31 15:52 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-09-01 14:29 - 2014-08-24 17:54 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-01 14:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-01 14:29 - 2009-07-14 06:51 - 00139630 _____ () C:\Windows\setupact.log 2014-09-01 14:28 - 2013-11-12 17:57 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-09-01 14:28 - 2010-11-21 05:47 - 00082346 _____ () C:\Windows\PFRO.log 2014-08-31 20:59 - 2014-08-24 17:54 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-31 20:35 - 2014-08-19 22:13 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex1 2014-08-31 20:35 - 2012-08-03 13:53 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-08-31 20:15 - 2014-08-24 17:33 - 00000000 ____D () C:\Users\Basti\AppData\Roaming\Ovco 2014-08-31 19:53 - 2013-10-16 19:37 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro 2014-08-31 19:29 - 2014-08-31 18:44 - 00000000 ____D () C:\Users\Basti\AppData\Local\Avg2014 2014-08-31 18:57 - 2014-08-31 18:57 - 00000000 ____D () C:\Users\Basti\AppData\Roaming\AVG2014 2014-08-31 18:56 - 2014-08-31 18:56 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-08-31 18:56 - 2014-08-31 18:56 - 00000000 ____D () C:\Users\Basti\AppData\Roaming\TuneUp Software 2014-08-31 18:56 - 2014-08-31 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-08-31 18:55 - 2014-08-31 18:55 - 00000000 ___HD () C:\$AVG 2014-08-31 18:55 - 2014-08-31 18:55 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-08-31 18:44 - 2014-08-31 18:44 - 00000000 ____D () C:\Users\Basti\AppData\Local\MFAData 2014-08-31 18:44 - 2014-08-31 18:43 - 04755920 _____ (AVG Technologies) C:\Users\Basti\Downloads\avg_avct_stb_all_2014_4744_comppg_24.exe 2014-08-31 16:05 - 2014-08-31 16:04 - 00000000 ____D () C:\Users\Basti\AppData\Local\Origin 2014-08-31 15:52 - 2014-08-31 15:52 - 00000979 _____ () C:\Users\Public\Desktop\Origin.lnk 2014-08-31 15:52 - 2014-08-31 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2014-08-31 15:44 - 2014-08-31 15:44 - 01397992 _____ () C:\Users\Basti\Downloads\battlelog-web-plugins_2.5.0_148.exe 2014-08-31 15:03 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-31 15:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-31 14:52 - 2014-08-14 16:05 - 00004096 _____ () C:\Users\Public\Documents\000099A0.LCS 2014-08-31 14:51 - 2012-08-21 14:36 - 00000000 ____D () C:\Users\Basti\AppData\Roaming\vlc 2014-08-31 14:38 - 2014-08-31 14:37 - 02478784 _____ (Sysinternals - www.sysinternals.com) C:\Users\Basti\Downloads\procexp03 (1).exe 2014-08-31 14:31 - 2014-08-31 14:30 - 02478784 _____ (Sysinternals - www.sysinternals.com) C:\Users\Basti\Downloads\procexp03.exe 2014-08-25 21:32 - 2014-02-03 22:16 - 00000000 ____D () C:\Users\Basti\AppData\Local\PokerStars.NET 2014-08-25 19:33 - 2014-08-25 19:28 - 00000000 ____D () C:\Users\Basti\AppData\Roaming\Osug 2014-08-25 01:11 - 2012-07-31 11:13 - 00131280 _____ () C:\Users\Basti\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-24 18:43 - 2014-05-13 18:32 - 00000000 ____D () C:\Program Files (x86)\RichMediaViewV1 2014-08-24 18:43 - 2009-07-14 06:45 - 00434784 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-24 18:23 - 2012-07-31 17:02 - 00000000 ____D () C:\Program Files (x86)\Catan 2014-08-24 18:21 - 2014-08-24 18:21 - 04495528 _____ () C:\Users\Basti\Downloads\AbsolutUninstaller_5.3.1.17.exe 2014-08-24 18:21 - 2014-08-24 18:21 - 00001270 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk 2014-08-24 18:21 - 2014-08-24 18:21 - 00001258 _____ () C:\Users\Public\Desktop\Absolute Uninstaller.lnk 2014-08-24 18:21 - 2014-08-24 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft 2014-08-24 18:21 - 2014-08-24 18:21 - 00000000 ____D () C:\Program Files (x86)\Glarysoft 2014-08-24 18:05 - 2014-08-24 18:05 - 00002247 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-08-24 18:05 - 2014-08-24 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-08-24 18:05 - 2014-08-24 17:54 - 00000000 ____D () C:\Program Files (x86)\Google 2014-08-24 18:05 - 2012-07-31 11:57 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-08-24 18:03 - 2012-10-12 15:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-24 17:54 - 2014-08-24 17:54 - 00895120 _____ (Google Inc.) C:\Users\Basti\Downloads\ChromeSetup.exe 2014-08-24 17:54 - 2014-08-24 17:54 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-08-24 17:54 - 2014-08-24 17:54 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-08-24 17:38 - 2014-08-24 17:33 - 00000000 ____D () C:\Users\Basti\AppData\Roaming\Imzec 2014-08-24 17:24 - 2014-08-24 17:24 - 00000687 _____ () C:\awhE8F7.tmp 2014-08-24 17:06 - 2014-08-24 17:03 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} 2014-08-24 16:59 - 2014-08-24 16:59 - 00000687 _____ () C:\awhE3C9.tmp 2014-08-24 16:59 - 2014-08-24 05:36 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-08-24 04:41 - 2014-08-24 04:41 - 00000687 _____ () C:\awhE003.tmp 2014-08-24 04:06 - 2014-08-24 04:06 - 00000687 _____ () C:\awhDBCD.tmp 2014-08-23 23:55 - 2014-02-03 22:15 - 00000000 ____D () C:\Program Files (x86)\PokerStars.NET 2014-08-23 23:54 - 2014-02-03 22:16 - 00001965 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.net.lnk 2014-08-23 23:54 - 2014-02-03 22:16 - 00001959 _____ () C:\Users\Public\Desktop\PokerStars.net.lnk 2014-08-23 23:53 - 2014-08-23 23:44 - 46684696 _____ (PokerStars) C:\Users\Basti\Downloads\PokerStarsInstallPM.exe 2014-08-23 18:37 - 2014-08-23 18:37 - 00000687 _____ () C:\awh65CA.tmp 2014-08-22 14:45 - 2014-08-22 14:45 - 00000687 _____ () C:\awhE214.tmp 2014-08-21 20:50 - 2014-08-14 16:05 - 00000000 ____D () C:\Users\Basti\AppData\Local\Risen3 2014-08-21 16:10 - 2014-08-21 16:10 - 00000687 _____ () C:\awhE5BC.tmp 2014-08-20 15:34 - 2014-08-20 15:34 - 00000687 _____ () C:\awhE4C2.tmp 2014-08-19 22:17 - 2014-08-18 22:50 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe 2014-08-19 22:13 - 2014-08-19 22:13 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-08-19 18:47 - 2014-08-19 18:47 - 00000687 _____ () C:\awhFEE7.tmp 2014-08-19 15:04 - 2014-08-19 15:04 - 00000687 _____ () C:\awhDE7C.tmp 2014-08-18 22:33 - 2014-08-18 22:33 - 00003140 _____ () C:\Windows\System32\Tasks\{32F8C2B5-B270-459D-AC50-DE0EC6FE4C50} 2014-08-18 22:22 - 2014-08-18 22:22 - 02247976 _____ () C:\Users\Basti\Downloads\battlelog-web-plugins_2.4.0_145(1).exe 2014-08-18 22:19 - 2014-08-18 22:19 - 00714207 _____ () C:\Users\Basti\Downloads\pbsetup-37.zip 2014-08-18 22:13 - 2014-08-18 22:13 - 01101648 _____ () C:\Users\Basti\Downloads\PunkBuster - CHIP-Installer.exe 2014-08-18 21:46 - 2013-09-29 16:33 - 00000000 ____D () C:\Users\Basti\Documents\FIFA 14 2014-08-18 14:34 - 2014-08-18 14:17 - 00000000 ____D () C:\Users\Basti\AppData\Roaming\.minecraft 2014-08-18 13:03 - 2014-08-18 13:03 - 00000687 _____ () C:\awhEC41.tmp 2014-08-18 12:59 - 2012-08-07 15:27 - 00000344 _____ () C:\Windows\lgfwup.ini 2014-08-18 12:59 - 2012-08-07 15:23 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate 2014-08-17 18:37 - 2014-08-17 18:37 - 00000687 _____ () C:\awhD326.tmp 2014-08-15 15:11 - 2014-08-15 15:11 - 00244408 _____ () C:\Users\Basti\Downloads\Firefox Setup Stub 31.0.exe 2014-08-15 15:06 - 2014-08-15 15:06 - 00000000 ____D () C:\Users\Basti\Desktop\Alte Firefox-Daten 2014-08-15 13:31 - 2014-08-15 13:31 - 00000687 _____ () C:\awhE455.tmp 2014-08-15 13:25 - 2014-08-15 13:25 - 01192533 _____ () C:\Windows\unins000.exe 2014-08-15 13:25 - 2014-08-15 13:25 - 00018426 _____ () C:\Windows\unins000.dat 2014-08-15 13:25 - 2014-08-15 13:25 - 00000000 ____D () C:\Users\Basti\AppData\Roaming\MingGuan 2014-08-15 13:25 - 2014-08-15 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drakonia Black 2014-08-15 13:25 - 2014-08-15 13:25 - 00000000 ____D () C:\Program Files (x86)\Drakonia Configurator 2014-08-15 12:05 - 2014-08-15 12:05 - 00000687 _____ () C:\awh8ACA.tmp 2014-08-15 11:33 - 2014-08-15 11:33 - 02247976 _____ () C:\Users\Basti\Downloads\battlelog-web-plugins_2.4.0_145.exe 2014-08-15 04:07 - 2013-11-12 17:57 - 00001194 _____ () C:\Users\Public\Desktop\Battlefield 4.lnk 2014-08-15 04:07 - 2013-11-12 17:57 - 00001170 _____ () C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk 2014-08-15 00:45 - 2012-07-31 12:07 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-08-14 16:05 - 2014-08-14 16:05 - 00000000 ____D () C:\Users\Basti\AppData\Roaming\ProtectDISC 2014-08-14 15:28 - 2014-08-14 15:28 - 00002277 _____ () C:\Users\Public\Desktop\Risen 3 - Titan Lords.lnk 2014-08-14 15:25 - 2014-08-14 15:25 - 00000000 ____D () C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP 2014-08-14 15:24 - 2012-07-31 12:58 - 00422801 _____ () C:\Windows\DirectX.log 2014-08-14 15:06 - 2014-08-14 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver 2014-08-14 15:06 - 2013-09-27 20:13 - 00000000 ____D () C:\Program Files (x86)\Deep Silver 2014-08-13 12:29 - 2014-08-13 12:29 - 00002119 _____ () C:\Users\Basti\Desktop\Firefox - CHIP Downloader.lnk 2014-08-13 12:29 - 2014-08-13 12:29 - 00000687 _____ () C:\awhEA2F.tmp 2014-08-13 12:28 - 2014-08-13 12:28 - 01101648 _____ () C:\Users\Basti\Downloads\Firefox - CHIP-Installer.exe 2014-08-12 12:57 - 2014-08-12 12:57 - 00000687 _____ () C:\awhF94C.tmp 2014-08-11 15:05 - 2013-12-20 15:26 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-11 15:04 - 2014-08-11 15:05 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-11 15:04 - 2013-06-28 20:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-08-11 15:04 - 2013-06-28 20:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-08-11 15:04 - 2013-06-28 20:07 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-11 14:50 - 2014-08-11 14:50 - 00000687 _____ () C:\awhED79.tmp 2014-08-11 14:25 - 2013-01-29 19:11 - 00000000 ____D () C:\Program Files\Oracle 2014-08-11 14:24 - 2012-10-24 19:35 - 00000000 ____D () C:\Program Files\Java 2014-08-11 14:15 - 2014-08-11 14:15 - 00000291 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log 2014-08-11 14:15 - 2012-09-29 12:00 - 00000000 ____D () C:\Program Files (x86)\Java 2014-08-11 14:13 - 2014-08-11 14:13 - 00918440 _____ (Oracle Corporation) C:\Users\Basti\Downloads\JavaSetup7u67.exe 2014-08-11 14:11 - 2012-09-29 12:02 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab 2014-08-11 12:34 - 2014-08-11 12:34 - 00000687 _____ () C:\awhDDFF.tmp 2014-08-10 15:15 - 2014-08-10 15:15 - 00000687 _____ () C:\awhDC0C.tmp 2014-08-09 13:32 - 2014-08-09 13:32 - 00000687 _____ () C:\awhDD82.tmp 2014-08-08 19:44 - 2014-08-08 19:30 - 41171024 _____ (Google Inc.) C:\Users\Basti\Downloads\ChromeStandaloneSetup-1985.125.exe 2014-08-08 11:44 - 2014-08-08 11:44 - 00000687 _____ () C:\awhEA6D.tmp 2014-08-07 19:00 - 2014-03-20 23:03 - 00000000 ____D () C:\Users\Basti\AppData\Local\Battle.net 2014-08-07 18:56 - 2014-03-19 19:52 - 00000000 ____D () C:\Users\Basti\Desktop\Diablo III 2014-08-07 15:05 - 2014-03-20 23:03 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-08-07 14:45 - 2013-01-01 19:26 - 00000000 ____D () C:\Users\Basti\Desktop\Games 2014-08-07 14:20 - 2014-08-07 14:20 - 00000687 _____ () C:\awh933.tmp 2014-08-07 03:17 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-08-06 20:07 - 2014-08-06 20:07 - 00000687 _____ () C:\awhE752.tmp 2014-08-06 13:16 - 2014-08-06 13:16 - 00000687 _____ () C:\awhDF37.tmp 2014-08-06 10:50 - 2014-08-06 10:50 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2014-08-05 13:14 - 2014-08-05 13:14 - 00000687 _____ () C:\awhF49A.tmp 2014-08-05 09:20 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-08-04 13:37 - 2014-08-04 13:37 - 00000687 _____ () C:\awhE002.tmp 2014-08-03 14:13 - 2014-08-03 14:13 - 00000687 _____ () C:\awhDB41.tmp 2014-08-02 18:37 - 2014-08-02 18:37 - 00000687 _____ () C:\awhED5.tmp 2014-08-02 02:02 - 2014-08-02 02:02 - 00000687 _____ () C:\awhDE8B.tmp Files to move or delete: ==================== C:\ProgramData\dsgsdgdsgdsgw.pad C:\ProgramData\hash.dat Some content of TEMP: ==================== C:\Users\Basti\AppData\Local\Temp\161E.tmp.exe C:\Users\Basti\AppData\Local\Temp\53544uninstall.exe C:\Users\Basti\AppData\Local\Temp\8A92.exe C:\Users\Basti\AppData\Local\Temp\APNStub.exe C:\Users\Basti\AppData\Local\Temp\AutoRun.exe C:\Users\Basti\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Basti\AppData\Local\Temp\Browser_Helper_Companion_DE.exe C:\Users\Basti\AppData\Local\Temp\COMAP.EXE C:\Users\Basti\AppData\Local\Temp\comver.dll C:\Users\Basti\AppData\Local\Temp\CTPBSeq.exe C:\Users\Basti\AppData\Local\Temp\detectionapi_rd.dll C:\Users\Basti\AppData\Local\Temp\detectionui_r.exe C:\Users\Basti\AppData\Local\Temp\devcon.exe C:\Users\Basti\AppData\Local\Temp\directx10tests_rd.dll C:\Users\Basti\AppData\Local\Temp\directx11tests_rd.dll C:\Users\Basti\AppData\Local\Temp\directx9tests_rd.dll C:\Users\Basti\AppData\Local\Temp\E159.exe C:\Users\Basti\AppData\Local\Temp\EAInstall.dll C:\Users\Basti\AppData\Local\Temp\eauninstall.exe C:\Users\Basti\AppData\Local\Temp\EDF7.tmp.exe C:\Users\Basti\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Basti\AppData\Local\Temp\i4jdel0.exe C:\Users\Basti\AppData\Local\Temp\i4jdel1.exe C:\Users\Basti\AppData\Local\Temp\i4jdel2.exe C:\Users\Basti\AppData\Local\Temp\ICReinstall_JDownloaderSetup.exe C:\Users\Basti\AppData\Local\Temp\IminentSetup_v2.exe C:\Users\Basti\AppData\Local\Temp\Installer.exe C:\Users\Basti\AppData\Local\Temp\installerdll3366376.dll C:\Users\Basti\AppData\Local\Temp\installerdll3426171.dll C:\Users\Basti\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe C:\Users\Basti\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\Basti\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\Basti\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Basti\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Basti\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Basti\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe C:\Users\Basti\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe C:\Users\Basti\AppData\Local\Temp\local.dll C:\Users\Basti\AppData\Local\Temp\mpsetup.exe C:\Users\Basti\AppData\Local\Temp\MSN20F7.exe C:\Users\Basti\AppData\Local\Temp\procexp03 (1)64.exe C:\Users\Basti\AppData\Local\Temp\rcpsetup_binstall21_binstall21.exe C:\Users\Basti\AppData\Local\Temp\rootsupd.exe C:\Users\Basti\AppData\Local\Temp\Setup.exe C:\Users\Basti\AppData\Local\Temp\Shortcut_sweetimsetup.exe C:\Users\Basti\AppData\Local\Temp\SIMEEIInstaller.exe C:\Users\Basti\AppData\Local\Temp\SkypeSetup.exe C:\Users\Basti\AppData\Local\Temp\sonarinst.exe C:\Users\Basti\AppData\Local\Temp\sqlite3.dll C:\Users\Basti\AppData\Local\Temp\SRLDetectionLibrary246908541541363318.dll C:\Users\Basti\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Basti\AppData\Local\Temp\tbuE54F.exe C:\Users\Basti\AppData\Local\Temp\tbuF23F.exe C:\Users\Basti\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe C:\Users\Basti\AppData\Local\Temp\tmp8D70.tmp.exe C:\Users\Basti\AppData\Local\Temp\ubi14CB.tmp.exe C:\Users\Basti\AppData\Local\Temp\ubiCD15.tmp.exe C:\Users\Basti\AppData\Local\Temp\Updater.exe C:\Users\Basti\AppData\Local\Temp\vcredist_x64.exe C:\Users\Basti\AppData\Local\Temp\vcredist_x86.exe C:\Users\Basti\AppData\Local\Temp\wajam_download.exe C:\Users\Basti\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe C:\Users\Basti\AppData\Local\Temp\wpsetup.exe C:\Users\Basti\AppData\Local\Temp\_is16EB.exe C:\Users\Basti\AppData\Local\Temp\_is2387.exe C:\Users\Basti\AppData\Local\Temp\_is2AAA.exe C:\Users\Basti\AppData\Local\Temp\_is8097.exe C:\Users\Basti\AppData\Local\Temp\_isBE80.exe C:\Users\Basti\AppData\Local\Temp\_isCA61.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-31 16:42 ==================== End Of Log ============================ und hier das Addition log Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02 Ran by Basti at 2014-09-01 14:56:40 Running from C:\Users\Basti\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Absolute Uninstaller 5.3.1.17 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.17 - Glarysoft Ltd) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader X (10.1.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) Age of Empires III - The Asian Dynasties (HKLM-x32\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios) Age of Empires III - The Asian Dynasties (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios) Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Fuel (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden Ant.com IE add-on (HKLM-x32\...\{B795F380-D3D6-4EA4-A4BB-27FC2FB0F8B2}) (Version: 2.2.3.1074 - Ant.com) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft) Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft) Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version: - Ubisoft) Assassin's Creed Revelations (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.00 - Ubisoft) Assassin's Creed(R) III v1.06 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.06 - Ubisoft) AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies) AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.3825 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.0 - EA Digital Illusions CE AB) BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - ) Blender (HKLM\...\Blender) (Version: 2.65a-release - Blender Foundation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Call of Duty(R) - World at War(TM) (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision) Call of Duty(R) - World at War(TM) (x32 Version: 1.0 - Activision) Hidden Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version: - Treyarch) Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - ) Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version: - ) Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version: - ) Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM-x32\...\Steam App 42750) (Version: - Infinity Ward - Sledgehammer Games) Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward - Sledgehammer Games) Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version: - Infinity Ward - Sledgehammer Games) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden Counter-Strike: Source (HKLM-x32\...\Counter-Strike: Source) (Version: - Valve) Creative Live! Cam Socialize (VF0640) (1.00.04.00) (HKLM\...\Creative VF0640) (Version: - Creative Technology Ltd.) Creative Live! Central 2 (HKLM-x32\...\Creative Live! Central 2) (Version: 2.00.29 - Creative Technology Ltd) Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: - ) CyberLink BD Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: - ) CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4703 - CyberLink Corp.) CyberLink Blu-ray Disc Suite (x32 Version: 6.0.4703 - CyberLink Corp.) Hidden CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.) CyberLink LabelPrint (x32 Version: 2.5.1916 - CyberLink Corp.) Hidden CyberLink LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.4619 - CyberLink Corp.) CyberLink LG Burning Tool (x32 Version: 6.2.4619 - CyberLink Corp.) Hidden CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3402 - CyberLink Corp.) CyberLink MediaShow (x32 Version: 4.1.3402 - CyberLink Corp.) Hidden CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3530.52 - CyberLink Corp.) CyberLink PowerDVD 9 (x32 Version: 9.0.3530.52 - CyberLink Corp.) Hidden CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2512 - CyberLink Corp.) CyberLink PowerProducer (x32 Version: 5.0.2.2512 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3718 - CyberLink Corp.) CyberLink YouCam (x32 Version: 2.0.3718 - CyberLink Corp.) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0314 - DT Soft Ltd) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{60098CE4-EB16-42D1-9FF6-923488C2AB26}) (Version: - Microsoft) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Die Schlacht um Mittelerde(tm) (HKLM-x32\...\{3F290582-3F4E-4B96-009C-E0BABAA40C42}) (Version: - ) Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks) Drakonia Black (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version: - ) Emergency 2012 (HKLM-x32\...\Emergency 2012) (Version: - Quadriga Games GmbH) Emergency4 (HKLM-x32\...\{9A4C534E-431F-4A17-97D4-D1682B19A054}) (Version: 1.03.001 - ) Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly) Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks) Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft) FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts) File1 Package Manager (HKLM-x32\...\{8A50D93C-79EE-425C-9464-3550978F4E56}) (Version: 0.1.2.75 - Helios Technologies) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Free Studio version 5.7.4.918 (HKLM-x32\...\Free Studio_is1) (Version: 5.7.4.918 - DVDVideoSoft Ltd.) GameShadow (HKLM-x32\...\{B2390904-74BD-48AA-B2CC-6612F8D46379}) (Version: 2.03.0000 - GameShadow Ltd) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Governor Of Poker en Español (HKLM-x32\...\Governor Of Poker en Español) (Version: - ) i-Menu 3.9 (HKLM-x32\...\i-Menu_is1) (Version: - AOC) iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden JavaFX 2.1.1 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-211648764D10}) (Version: 2.1.1 - Oracle Corporation) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - ) Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.01.0.0 - Electronic Arts) Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA) Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft) Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly) NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.) Pearl Harbor II (HKLM-x32\...\{8CBCA733-4D81-453D-95EB-28FD5C57430A}) (Version: 12 - FantasticTV) Pflanzen gegen Zombies (HKLM-x32\...\Pflanzen gegen Zombies) (Version: - ) Pharao (HKLM-x32\...\Pharao) (Version: - ) Play Wireless USB Adapter (HKLM-x32\...\InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}) (Version: 1.0.0.03 - Belkin) Play Wireless USB Adapter (x32 Version: 1.0.0.03 - Belkin) Hidden Playlist Creator 3.6.2 (HKLM-x32\...\Playlist Creator 3.6.2) (Version: 3.6.2.0 - oddgravity) PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net) ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.) RAGE (HKLM-x32\...\Steam App 9200) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.) Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver) Risen 3 - Titan Lords (HKLM-x32\...\{383CAA4A-9B72-4DE9-9B0F-780C49682780}) (Version: 1.00 - Deep Silver) Silent Hunter 4 Wolves of the Pacific (HKLM-x32\...\{0D005F09-A5F4-473B-A901-5735C6AF5628}) (Version: 1.03.0000 - Ubisoft) Silent Hunter 5 (HKLM-x32\...\{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}) (Version: 1.2.0 - Ubisoft) Simple Shutdown Timer (HKLM-x32\...\Simple Shutdown Timer1.1.2) (Version: 1.1.2 - PcWinTech.com) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.6 - ) <==== ATTENTION South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC) System Requirements Lab Detection (HKLM-x32\...\{E4D8E90E-B732-4205-AFE6-79B75B14DAAB}) (Version: 2.0.0.0 - Husdawg, LLC) Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) The Witcher 2 Enhanced Edition Version 3.0 (HKLM-x32\...\The Witcher 2 Enhanced Edition_is1) (Version: 3.0 - CD Projekt RED) Torchlight (HKLM-x32\...\{4F64A46D-67F7-4497-AEA2-313D4305A5F6}) (Version: 1.0.0 - JoWooD) Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - ) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{D1688F5A-9A61-42F0-B8D0-2C9DF315A141}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{32E700B9-1A94-48B4-99E1-CB8BD5F7340A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{007CC0F3-15DE-426D-95B5-B019FCEF58CE}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{0C175ED0-26B9-4B09-AFA9-3F16A03A29B9}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{651EE0E5-C789-48D8-8B91-F79352B783C9}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{326F9E80-FE16-4D2A-827A-4EE1A87B1CE8}) (Version: - Microsoft) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{81CA2EFA-7250-4B1E-B3A6-E0595224E2CD}) (Version: - Microsoft) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) Vegas Pro 10.0 (HKLM-x32\...\{6E0E4D61-11EC-11E0-B454-0013D3D69929}) (Version: 10.0.469 - Sony) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-703785417-1565345126-2984759567-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File CustomCLSID: HKU\S-1-5-21-703785417-1565345126-2984759567-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll () ==================== Restore Points ========================= 21-08-2014 01:26:56 Geplanter Prüfpunkt 21-08-2014 01:27:59 Windows Update 21-08-2014 01:56:01 Windows Defender Checkpoint 24-08-2014 01:33:42 Windows Update 24-08-2014 16:04:37 Entfernt muveeNow 2.0 - Creative 31-08-2014 12:21:34 Windows Modules Installer 31-08-2014 13:21:15 Windows Modules Installer 31-08-2014 16:55:04 Installed AVG 2014 31-08-2014 16:55:27 Installed AVG 2014 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2016CE31-07D9-4576-9FF9-C333A7887B2F} - System32\Tasks\AmiUpdXp => C:\Users\Basti\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION Task: {227F369D-AE30-4DD9-8270-4AB62C1999AC} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] () Task: {479F55BE-55C6-499F-A1C8-CE9462FC45DE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {6ADB4B99-57B1-4B12-9820-FB3B75E432D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-24] (Google Inc.) Task: {A971956C-6D2E-4067-9548-4183E4CB50F8} - System32\Tasks\{6B195EBD-4D27-41A6-80B2-5E573123B1ED} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.9.0.123&LastError=404 Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe Task: {B2C9FD99-D696-4E11-B8A4-91E02EF11268} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-24] (Google Inc.) Task: {CC4EAAF6-1C0D-410F-81C6-F4B148BC17C4} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe Task: {F43D1249-9FB6-446E-9511-21106C818884} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Basti\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-19 16:32 - 2012-12-19 16:32 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2012-10-17 19:39 - 2012-10-17 19:39 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2012-10-17 19:39 - 2012-10-17 19:39 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2012-12-19 16:32 - 2012-12-19 16:32 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-08-18 22:50 - 2014-08-19 22:17 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe 2012-08-07 15:13 - 2009-07-02 16:02 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2009-12-28 18:25 - 2009-12-28 18:25 - 00036864 ____N () C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe 2009-03-30 08:32 - 2009-03-30 08:32 - 00032768 ____R () C:\Windows\DAODx.exe 2009-11-25 19:45 - 2009-11-25 19:45 - 00110592 ____N () C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe 2014-08-15 13:25 - 2013-10-29 14:49 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe 2012-12-19 16:32 - 2012-12-19 16:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2009-09-15 20:17 - 2009-09-15 20:17 - 00200704 ____N () C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll 2009-12-15 13:46 - 2009-12-15 13:46 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2009-12-15 13:49 - 2009-12-15 13:49 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2014-08-15 13:25 - 2013-01-15 17:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll 2014-08-24 18:05 - 2014-08-07 05:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll 2014-08-24 18:05 - 2014-08-07 05:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll 2014-08-24 18:05 - 2014-08-07 05:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll 2014-08-24 18:05 - 2014-08-07 05:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll 2014-08-24 18:05 - 2014-08-07 05:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Realtek PCIe GBE Family Controller Description: Realtek PCIe GBE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8167 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/01/2014 02:30:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/31/2014 06:36:53 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm bf4.exe, Version 1.3.2.3825 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 404 Startzeit: 01cfc533824b5e46 Endzeit: 1482 Anwendungspfad: C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe Berichts-ID: Error: (08/31/2014 03:41:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/31/2014 03:24:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/31/2014 03:23:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: CLIStart.exe, Version: 3.5.0.0, Zeitstempel: 0x50d21fc3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c4909 ID des fehlerhaften Prozesses: 0xe74 Startzeit der fehlerhaften Anwendung: 0xCLIStart.exe0 Pfad der fehlerhaften Anwendung: CLIStart.exe1 Pfad des fehlerhaften Moduls: CLIStart.exe2 Berichtskennung: CLIStart.exe3 Error: (08/31/2014 03:05:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/31/2014 02:00:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/25/2014 09:06:21 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm bf4.exe, Version 1.3.2.3825 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1fd4 Startzeit: 01cfc09745192f1f Endzeit: 825 Anwendungspfad: C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe Berichts-ID: Error: (08/25/2014 04:13:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000024 Fehleroffset: 0x00000000000cd7d8 ID des fehlerhaften Prozesses: 0x1d54 Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0 Pfad der fehlerhaften Anwendung: explorer.exe1 Pfad des fehlerhaften Moduls: explorer.exe2 Berichtskennung: explorer.exe3 Error: (08/25/2014 02:06:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (09/01/2014 02:37:26 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (09/01/2014 02:29:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "DisplayFusionService" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/31/2014 04:06:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (08/31/2014 03:39:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "DisplayFusionService" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/31/2014 03:23:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "DisplayFusionService" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/31/2014 03:03:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "DisplayFusionService" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/31/2014 01:58:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "DisplayFusionService" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/25/2014 02:04:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "DisplayFusionService" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/25/2014 01:09:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "DisplayFusionService" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/24/2014 08:29:34 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Microsoft Office Sessions: ========================= Error: (09/01/2014 02:30:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/31/2014 06:36:53 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: bf4.exe1.3.2.382540401cfc533824b5e461482C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe Error: (08/31/2014 03:41:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/31/2014 03:24:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/31/2014 03:23:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: CLIStart.exe3.5.0.050d21fc3unknown0.0.0.000000000c0000005001c4909e7401cfc51ecec4dea1C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeunknown0d81b0b9-3112-11e4-88a1-9dc4165e5560 Error: (08/31/2014 03:05:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/31/2014 02:00:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/25/2014 09:06:21 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: bf4.exe1.3.2.38251fd401cfc09745192f1f825C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe Error: (08/25/2014 04:13:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: explorer.exe6.1.7601.175674d672ee4ntdll.dll6.1.7601.177254ec4aa8ec000002400000000000cd7d81d5401cfc05f2919e62aC:\Windows\explorer.exeC:\Windows\SYSTEM32\ntdll.dll0ae117a8-2c62-11e4-bc23-93670617f76c Error: (08/25/2014 02:06:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: AMD FX(tm)-6100 Six-Core Processor Percentage of memory in use: 30% Total physical RAM: 8138.43 MB Available physical RAM: 5630.15 MB Total Pagefile: 16276.87 MB Available Pagefile: 13270.22 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:219.16 GB) NTFS Drive d: (Risen3) (CDROM) (Total:6.77 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3F65C7BF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
Themen zu Windows 7 : Windows Explorer öffnet sich oft im Hintergrund mit zu viel Arbeitsspeicher |
4d36e972-e325-11ce-bfc1-08002be10318, bildschirm, branding, desktop, downloader, dvdvideosoft ltd., fehlercode 0x5, fehlercode 0xc0000005, fehlercode 0xc0000024, flash player, homepage, icreinstall, kunde, problem, realtek, security, software, svchost.exe, system, teredo, vcredist, werbung, win7 64, windows, windows explorer |