| |
| |||||||
Log-Analyse und Auswertung: Wird immer langsamer, knickt einWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.08.2013, 21:12
| #1 |
| |  Wird immer langsamer, knickt ein Hi, mein PC wird immer langsamer und knickt manchmal ein. Da er relativ neu ist und das OS auf einer SSD installiert wurde, dürfte der Rechner auch nicht so lange (1min) zum Starten benötigen. Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-10 20:21:34
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 M4-CT064 rev.0309 59,63GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\XXXXXXXXX\AppData\Local\Temp\fgayifod.sys
---- User code sections - GMER 2.1 ----
.text K:\_sys\bin\Agent.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077511465 2 bytes [51, 77]
.text K:\_sys\bin\Agent.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775114bb 2 bytes [51, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077511465 2 bytes [51, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775114bb 2 bytes [51, 77]
.text ... * 2
.text C:\Windows\SysWOW64\vmnat.exe[2672] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 26 0000000070cf13c6 2 bytes [CF, 70]
.text C:\Windows\SysWOW64\vmnat.exe[2672] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 74 0000000070cf13f6 2 bytes [CF, 70]
.text C:\Windows\SysWOW64\vmnat.exe[2672] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 257 0000000070cf14ad 2 bytes [CF, 70]
.text C:\Windows\SysWOW64\vmnat.exe[2672] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 303 0000000070cf14db 2 bytes [CF, 70]
.text ... * 2
.text C:\Windows\SysWOW64\vmnat.exe[2672] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 79 0000000070cf1577 2 bytes [CF, 70]
.text C:\Windows\SysWOW64\vmnat.exe[2672] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 175 0000000070cf15d7 2 bytes [CF, 70]
.text C:\Windows\SysWOW64\vmnat.exe[2672] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 620 0000000070cf1794 2 bytes [CF, 70]
.text C:\Windows\SysWOW64\vmnat.exe[2672] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 921 0000000070cf18c1 2 bytes [CF, 70]
.text H:\_trash\VMWare Player\vmware-authd.exe[2848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077511465 2 bytes [51, 77]
.text H:\_trash\VMWare Player\vmware-authd.exe[2848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775114bb 2 bytes [51, 77]
.text ... * 2
.text C:\Users\XXXXXXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4812] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000077511465 2 bytes [51, 77]
.text C:\Users\XXXXXXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[4812] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000775114bb 2 bytes [51, 77]
.text ... * 2
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077511465 2 bytes [51, 77]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775114bb 2 bytes [51, 77]
.text ... * 2
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077511465 2 bytes [51, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775114bb 2 bytes [51, 77]
.text ... * 2
---- EOF - GMER 2.1 ----
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2013
Ran by XXXXXXXXX at 2013-08-10 20:17:35
Running from H:\
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Activision(R) (x32 Version: 1.00.0000)
Adobe AIR (x32 Version: 3.5.0.1060)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Photoshop CS6 (x32 Version: 13.0)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.14.3.0)
Asmedia ASM106x SATA Host Controller Driver (x32 Version: 1.3.4.000)
AVG Security Toolbar (x32 Version: 15.4.0.5)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.2.663)
AxCrypt 1.7.2976.0 (Version: 1.7.2976.0)
BCL easyConverter 3.0 Licensing Module (BCL License) (x32 Version: 3.0.18)
BCL easyConverter 3.0 Loader SDK Module (x32 Version: 3.0.18)
BCL easyConverter 3.0 Module (Loader, BCL License) (x32 Version: 3.0.18)
BCL easyConverter 3.0 Module (RTF, BCL License) (x32 Version: 3.0.18)
BCL easyConverter 3.0 RTF SDK Module (x32 Version: 3.0.18)
BCL easyConverter 3.0 SDK Module (x32 Version: 3.0.18)
Black Mesa™ Source (x32 Version: 1.0.1.0)
Borderlands 2 (x32)
Bullzip PDF Printer 9.7.0.1592 (Version: 9.7.0.1592)
CCleaner (Version: 4.04)
Command & Conquer 3 (x32 Version: 1.00.0000)
Command & Conquer™ Alarmstufe Rot 3 (x32 Version: 1.0.1.0)
Counter-Strike: Global Offensive (x32)
Crysis®3 (x32 Version: 1.1.0.0)
CrystalDiskInfo 5.3.1 (x32 Version: 5.3.1)
Dead Space 3 Awakened DLC 1.0 (x32 Version: 1.0)
Deadpool (x32 Version: 1.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Diablo III (x32 Version: 1.0.8.16603)
Dropbox (HKCU Version: 2.0.22)
Dust: An Elysian Tail (x32)
EaseUS Todo Backup Free 5.8 (x32 Version: 5.8)
EPSON Scan (x32)
EPSON SX410 Series Printer Uninstall
GNU Privacy Guard (x32 Version: 1.4.13)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 8.0.2.1410)
Intel(R) Network Connections 16.6.126.0 (Version: 16.6.126.0)
Intel(R) Rapid Storage Technology (x32 Version: 11.1.0.1006)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.1.209)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JDownloader 0.9 (x32 Version: 0.9)
King’s Bounty: The Legend (Nur entfernen) (x32 Version: 1.0.0.0)
LightScribe System Software (x32 Version: 1.18.22.2)
Logitech Gaming Software (Version: 8.45.88)
Logitech Gaming Software 8.45 (Version: 8.45.88)
Metro 2033 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
MotioninJoy Gamepad tool 0.7.1001 (Version: 0.7.1001)
Mozilla Firefox 18.0.2 (x86 de) (x32 Version: 18.0.2)
Mozilla Firefox 22.0 (x86 de) (HKCU Version: 22.0)
Mozilla Maintenance Service (x32 Version: 18.0.2)
Mp3tag v2.57 (x32 Version: v2.57)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nation Red (x32)
Need for Speed Most Wanted (x32)
Nero 12 (x32 Version: 12.0.02000)
Nero 12 (x32 Version: 12.5.01900)
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0)
Nero BackItUp (x32 Version: 12.5.1000)
Nero Blu-ray Player (x32 Version: 12.0.20014)
Nero Burning ROM (x32 Version: 12.5.5001)
Nero ControlCenter (x32 Version: 11.0.15600)
Nero Core Components (x32 Version: 11.0.20200)
Nero Disc Menus Basic (x32 Version: 12.0.11500)
Nero Effects Basic (x32 Version: 12.0.11500)
Nero Express (x32 Version: 12.5.5002)
Nero Kwik Media (x32 Version: 1.18.20100)
Nero Kwik Themes Basic (x32 Version: 12.0.11500)
Nero PiP Effects Basic (x32 Version: 12.0.11500)
Nero Recode (x32 Version: 12.5.6000)
Nero RescueAgent (x32 Version: 12.0.10002)
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0)
Nero Video (x32 Version: 12.5.2001)
neroxml (x32 Version: 1.0.0)
NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49)
NVIDIA 3D Vision Treiber 320.49 (Version: 320.49)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
ObjectDock Plus 2 (x32 Version: 1.00)
oHotkey 1.1.09.02 (Version: 1.1.09.02)
ONAIR 4.0.0.882
PDF Settings CS6 (x32 Version: 11.0)
PDF2Word Converter Version 1.0.8 (Build 164) (x32 Version: PDF2Word Converter - Version 1.0.8 (Build 164))
PDF-Viewer (Version: 2.5.211.0)
Plantronics® GameCom 780 Software for Dolby® Headphone (x32 Version: 1.00.0001)
Prerequisite installer (x32 Version: 12.0.0003)
Rainmeter (x32 Version: 2.5 r1842)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6570)
ROCCAT Kone XTD Mouse Driver (x32)
Samsung SSD Magician (x32 Version: 3.2)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Singularity(TM) (x32 Version: 1.00.0000)
Skype™ 6.6 (x32 Version: 6.6.106)
Sniper Elite: Nazi Zombie Army (x32)
StarCraft II (x32 Version: 2.0.10.26585)
Stardock Software (x32 Version: 1.00)
Steam (x32 Version: 1.0.0.0)
Sweet Home 3D version 3.7 (x32)
TeamSpeak 3 Client (Version: 3.0.10)
Tomb Raider version 5.1 (x32 Version: 5.1)
Tunngle beta (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Uplay (x32 Version: 2.1)
VirtualCloneDrive (x32)
VLC media player 2.0.6 (Version: 2.0.6)
VmciSockets (Version: 9.1.54.1)
VMware Player (x32 Version: 4.0.2.28060)
Welcome App (Start-up experience) (x32 Version: 12.0.15000)
Winamp (x32 Version: 5.63 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
==================== Restore Points =========================
02-08-2013 11:17:32 Entfernt Age of Empires III
02-08-2013 11:18:10 Entfernt Age of Empires III - The Asian Dynasties
02-08-2013 11:19:47 Entfernt Age of Empires III - The WarChiefs
02-08-2013 13:13:42 Installed Command & Conquer 3.
02-08-2013 13:15:31 Installed Command & Conquer 3.
03-08-2013 03:39:25 Windows Update
09-08-2013 20:46:24 Windows Update
09-08-2013 20:59:56 Installed Deadpool
09-08-2013 21:49:34 Gerätetreiber-Paketinstallation: www.MotioninJoy.com Microsoft Common Controller für Windows-Klasse
==================== Hosts content: ==========================
2013-07-24 16:47 - 2011-12-22 16:11 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1334F547-8FB8-4E7E-9B63-8420E1A316C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-13] (Adobe Systems Incorporated)
Task: {190BC737-105E-444F-A17D-D6CAE750739B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {42B94343-454F-4CD6-AF0A-817EACF02FA7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {6D76510B-ED03-4880-898D-C1FA9A67B3D5} - System32\Tasks\AdobeAAMUpdater-1.0-XXXXXXXXX--XXXXXXXXX => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {E3C1A9E3-EEB0-4AF9-9BD7-A2A5C597C9BA} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation)
Task: {E749F782-A967-4DE1-BB8F-58C9CB7787B4} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Faulty Device Manager Devices =============
Name: Intel(R) 82579V Gigabit Network Connection
Description: Intel(R) 82579V Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1cexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: G:\
Description: MS/MS-Pro
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/10/2013 04:29:18 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Rainmeter.exe, Version: 2.5.0.1842, Zeitstempel: 0x514f1009
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c40f2
ID des fehlerhaften Prozesses: 0x11fc
Startzeit der fehlerhaften Anwendung: 0xRainmeter.exe0
Pfad der fehlerhaften Anwendung: Rainmeter.exe1
Pfad des fehlerhaften Moduls: Rainmeter.exe2
Berichtskennung: Rainmeter.exe3
Error: (08/02/2013 00:35:24 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: age3.exe, Version: 4.105.919.3236, Zeitstempel: 0x432f3eca
Name des fehlerhaften Moduls: ConfigDetect.dll, Version: 1.0.0.9, Zeitstempel: 0x455a359a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000003
ID des fehlerhaften Prozesses: 0x1cfc
Startzeit der fehlerhaften Anwendung: 0xage3.exe0
Pfad der fehlerhaften Anwendung: age3.exe1
Pfad des fehlerhaften Moduls: age3.exe2
Berichtskennung: age3.exe3
Error: (08/02/2013 00:34:55 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: age3.exe, Version: 4.105.919.3236, Zeitstempel: 0x432f3eca
Name des fehlerhaften Moduls: ConfigDetect.dll, Version: 1.0.0.9, Zeitstempel: 0x455a359a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000003
ID des fehlerhaften Prozesses: 0x2478
Startzeit der fehlerhaften Anwendung: 0xage3.exe0
Pfad der fehlerhaften Anwendung: age3.exe1
Pfad des fehlerhaften Moduls: age3.exe2
Berichtskennung: age3.exe3
Error: (08/02/2013 00:32:06 PM) (Source: MsiInstaller) (User: XXXXXXXXX-)
Description: Produkt: NVIDIA PhysX -- Installation terminated
Error: (08/02/2013 00:01:26 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {1d7fbcc2-19dd-4694-97a1-5200668833a0}
Error: (08/02/2013 03:40:58 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Rainmeter.exe, Version: 2.5.0.1842, Zeitstempel: 0x514f1009
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c40f2
ID des fehlerhaften Prozesses: 0x10e0
Startzeit der fehlerhaften Anwendung: 0xRainmeter.exe0
Pfad der fehlerhaften Anwendung: Rainmeter.exe1
Pfad des fehlerhaften Moduls: Rainmeter.exe2
Berichtskennung: Rainmeter.exe3
Error: (08/01/2013 01:36:18 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LolClient.exe, Version: 0.0.0.0, Zeitstempel: 0x515663e0
Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.7.0.1530, Zeitstempel: 0x5156646c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006dd76
ID des fehlerhaften Prozesses: 0x908
Startzeit der fehlerhaften Anwendung: 0xLolClient.exe0
Pfad der fehlerhaften Anwendung: LolClient.exe1
Pfad des fehlerhaften Moduls: LolClient.exe2
Berichtskennung: LolClient.exe3
Error: (07/31/2013 10:08:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SplitSecond.exe, Version: 1.0.0.1, Zeitstempel: 0x4be13c66
Name des fehlerhaften Moduls: SplitSecond.exe, Version: 1.0.0.1, Zeitstempel: 0x4be13c66
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0017c288
ID des fehlerhaften Prozesses: 0x2278
Startzeit der fehlerhaften Anwendung: 0xSplitSecond.exe0
Pfad der fehlerhaften Anwendung: SplitSecond.exe1
Pfad des fehlerhaften Moduls: SplitSecond.exe2
Berichtskennung: SplitSecond.exe3
Error: (07/31/2013 09:23:38 PM) (Source: Application Error) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm autorun.exe wurde wegen dieses Fehlers geschlossen.
Programm: autorun.exe
Datei:
Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
- diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.
Zusätzliche Daten
Fehlerwert: C0000012
Datenträgertyp: 0
Error: (07/31/2013 09:23:33 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: autorun.exe_unknown, Version: 0.0.0.0, Zeitstempel: 0x4f749cd0
Name des fehlerhaften Moduls: autorun.exe, Version: 0.0.0.0, Zeitstempel: 0x4f749cd0
Ausnahmecode: 0xc0000006
Fehleroffset: 0x000d87fa
ID des fehlerhaften Prozesses: 0x2184
Startzeit der fehlerhaften Anwendung: 0xautorun.exe_unknown0
Pfad der fehlerhaften Anwendung: autorun.exe_unknown1
Pfad des fehlerhaften Moduls: autorun.exe_unknown2
Berichtskennung: autorun.exe_unknown3
System errors:
=============
Error: (08/10/2013 08:15:39 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004
Error: (08/10/2013 08:15:21 PM) (Source: BugCheck) (User: )
Description: 0x0000003b (0x0000000080000004, 0xfffff80002e687e9, 0xfffff8800c454980, 0x0000000000000000)C:\Windows\MEMORY.DMP081013-23727-01
Error: (08/10/2013 08:15:11 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 10.08.2013 um 20:13:52 unerwartet heruntergefahren.
Error: (08/10/2013 10:53:24 AM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004
Error: (08/09/2013 08:31:36 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004
Error: (08/09/2013 08:31:36 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004
Error: (08/01/2013 08:03:57 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error: (08/01/2013 08:03:56 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error: (08/01/2013 08:03:56 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error: (08/01/2013 08:03:55 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Microsoft Office Sessions:
=========================
Error: (08/10/2013 04:29:18 AM) (Source: Application Error)(User: )
Description: Rainmeter.exe2.5.0.1842514f1009ntdll.dll6.1.7601.177254ec4aa8ec000037400000000000c40f211fc01ce952f01da9a83C:\Program Files\Rainmeter\Rainmeter.exeC:\Windows\SYSTEM32\ntdll.dlla7b77eca-0164-11e3-af12-bc0543069d4b
Error: (08/02/2013 00:35:24 PM) (Source: Application Error)(User: )
Description: age3.exe4.105.919.3236432f3ecaConfigDetect.dll1.0.0.9455a359ac0000005000000031cfc01ce8f6bfc04c41fD:\Spiele\Age of Empires III\age3.exeD:\Spiele\Age of Empires III\ConfigDetect.dll3ca6041a-fb5f-11e2-870c-bc0543069d4b
Error: (08/02/2013 00:34:55 PM) (Source: Application Error)(User: )
Description: age3.exe4.105.919.3236432f3ecaConfigDetect.dll1.0.0.9455a359ac000000500000003247801ce8f6be6f24bb7D:\Spiele\Age of Empires III\age3.exeD:\Spiele\Age of Empires III\ConfigDetect.dll2b58024e-fb5f-11e2-870c-bc0543069d4b
Error: (08/02/2013 00:32:06 PM) (Source: MsiInstaller)(User: XXXXXXXXX-)
Description: Produkt: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/02/2013 00:01:26 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {1d7fbcc2-19dd-4694-97a1-5200668833a0}
Error: (08/02/2013 03:40:58 AM) (Source: Application Error)(User: )
Description: Rainmeter.exe2.5.0.1842514f1009ntdll.dll6.1.7601.177254ec4aa8ec000037400000000000c40f210e001ce8df89dde8ff8C:\Program Files\Rainmeter\Rainmeter.exeC:\Windows\SYSTEM32\ntdll.dll93cfd28c-fb14-11e2-870c-bc0543069d4b
Error: (08/01/2013 01:36:18 AM) (Source: Application Error)(User: )
Description: LolClient.exe0.0.0.0515663e0Adobe AIR.dll3.7.0.15305156646cc00000050006dd7690801ce8e465e0c0aa3D:\Spiele\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.35\deploy\LolClient.exeD:\Spiele\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.35\deploy\Adobe AIR\Versions\1.0\Adobe AIR.dllfef785a9-fa39-11e2-870c-bc0543069d4b
Error: (07/31/2013 10:08:36 PM) (Source: Application Error)(User: )
Description: SplitSecond.exe1.0.0.14be13c66SplitSecond.exe1.0.0.14be13c66c00000050017c288227801ce8e29a0480209D:\Spiele\Split Second\SplitSecond.exeD:\Spiele\Split Second\SplitSecond.exefb0b5979-fa1c-11e2-870c-bc0543069d4b
Error: (07/31/2013 09:23:38 PM) (Source: Application Error)(User: )
Description: autorun.exeC00000120
Error: (07/31/2013 09:23:33 PM) (Source: Application Error)(User: )
Description: autorun.exe_unknown0.0.0.04f749cd0autorun.exe0.0.0.04f749cd0c0000006000d87fa218401ce8e23076eb192M:\autorun.exeM:\autorun.exeb031e339-fa16-11e2-870c-bc0543069d4b
CodeIntegrity Errors:
===================================
Date: 2013-03-04 16:50:55.976
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-03-04 16:50:55.960
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 14%
Total physical RAM: 16329.13 MB
Available physical RAM: 13905.62 MB
Total Pagefile: 32656.45 MB
Available Pagefile: 30018.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (/usr) (Fixed) (Total:59.62 GB) (Free:14.48 GB) NTFS (Disk=0 Partition=1)
Drive d: (/usr/main) (Fixed) (Total:232.88 GB) (Free:81.9 GB) NTFS (Disk=1 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive e: (/dl/movies) (Fixed) (Total:2794.39 GB) (Free:674.72 GB) NTFS (Disk=4 Partition=2)
Drive f: (/dl/serien) (Fixed) (Total:1863.01 GB) (Free:895.59 GB) NTFS (Disk=3 Partition=1)
Drive g: (/dl/stuff) (Fixed) (Total:1397.26 GB) (Free:750.5 GB) NTFS (Disk=9 Partition=1)
Drive h: (/cache) (Fixed) (Total:596.17 GB) (Free:511.14 GB) NTFS (Disk=2 Partition=1)
Drive k: (BACKUP) (Removable) (Total:7.4 GB) (Free:4.4 GB) NTFS (Disk=5 Partition=1)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 60 GB) (Disk ID: 68CE0BF5)
Partition 1: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 7892C5B4)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: C3E4D77F)
Partition 1: (Active) - (Size=596 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4B2381EB)
Partition 1: (Active) - (Size=-198626508800) - (Type=07 NTFS)
========================================================
Disk: 4 (Size: 2795 GB) (Disk ID: 4A3C4D15)
Partition: GPT Partition Type
========================================================
Disk: 5 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=07 NTFS)
========================================================
Disk: 9 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: 0008B592)
Partition 1: (Active) - (Size=-698724909056) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2013
Ran by XXXXXXXXXXXXX (administrator) on 10-08-2013 20:17:22
Running from H:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(CHENGDU YIWO Tech Development Co., Ltd) K:\_sys\bin\Agent.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(CHENGDU YIWO Tech Development Co., Ltd) K:\_sys\bin\GuardAgent.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
(VMware, Inc.) H:\_trash\VMWare Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Program Files\Plantronics\GameCom780\GameCom780.exe
(Dropbox, Inc.) C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CHENGDU YIWO Tech Development Co., Ltd) K:\_sys\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) K:\_sys\bin\TrayNotify.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
() H:\Defogger.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [GamecomSound] - C:\Program Files\Plantronics\GameCom780\GameCom780.exe [775560 2012-06-29] ()
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7468784 2013-02-28] (Logitech Inc.)
HKCU\...\Run: [ONAIR] - D:\Program Files\ONAIR\ONAIR.exe [3515392 2013-07-26] (DJMASTER.COM)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [EaseUs Watch] - K:\_sys\bin\EuWatch.exe [70728 2013-03-16] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] - K:\_sys\bin\TrayNotify.exe [1372232 2013-03-16] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2285232 2013-07-30] ()
HKLM-x32\...\Run: [BCSSync] - D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [RoccatKoneXTD] - C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [558944 2012-11-30] (ROCCAT GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Winamp.lnk
ShortcutTarget: Winamp.lnk -> D:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
Startup: C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
ShortcutTarget: Persbackup.lnk -> K:\_sys\Persbackup.exe (No File)
Startup: C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog9 20 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Winsock: Catalog9 21 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.)
Winsock: Catalog9-x64 20 %SystemRoot%\system32\vsocklib.dll [67184] (VMware, Inc.)
Winsock: Catalog9-x64 21 %SystemRoot%\system32\vsocklib.dll [67184] (VMware, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\txvl5yxi.default
FF NewTab: https://startpage.com/
FF Homepage: https://startpage.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Extension: DoNotTrackMe - C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\txvl5yxi.default\Extensions\donottrackplus@abine.com
FF Extension: HTTPS-Everywhere - C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\txvl5yxi.default\Extensions\https-everywhere@eff.org
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\txvl5yxi.default\Extensions\ich@maltegoetz.de
FF Extension: WOT - C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\txvl5yxi.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: autopager - C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\txvl5yxi.default\Extensions\autopager@mozilla.org.xpi
FF Extension: facebook - C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\txvl5yxi.default\Extensions\facebook@disconnect.me.xpi
FF Extension: firebug - C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\txvl5yxi.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: personas - C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\txvl5yxi.default\Extensions\personas@christopher.beard.xpi
FF Extension: toolbar_AVIRA-V7 - C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\txvl5yxi.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF Extension: No Name - C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\txvl5yxi.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
FF Extension: No Name - C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\txvl5yxi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\txvl5yxi.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] C:\ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-15] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
S3 becldr3Service; C:\Program Files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [176128 2011-04-19] ()
R2 EaseUS Agent; K:\_sys\bin\Agent.exe [68168 2013-03-16] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Guard Agent; K:\_sys\bin\GuardAgent.exe [23624 2013-03-16] (CHENGDU YIWO Tech Development Co., Ltd)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [30798512 2013-03-09] (Microsoft Corporation)
S3 TunngleService; D:\Program Files (x86)\Tunngle\TnglCtrl.exe [754584 2013-06-24] (Tunngle.net GmbH)
R2 VMAuthdService; H:\_trash\VMWare Player\vmware-authd.exe [79872 2012-01-18] (VMware, Inc.)
R2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-07-30] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-15] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-30] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-07-15] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-03-16] ()
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R3 NAL; C:\Windows\system32\Drivers\iqvw64e.sys [32936 2011-08-15] (Intel Corporation )
R3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1327616 2012-03-29] (C-Media Electronics Inc)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-10 20:15 - 2013-08-10 20:15 - 00293816 _____ C:\Windows\Minidump\081013-23727-01.dmp
2013-08-10 20:11 - 2013-08-10 20:11 - 00000000 ____D C:\FRST
2013-08-10 20:10 - 2013-08-10 20:10 - 00000000 _____ C:\Users\XXXXXXXXXXXXX\defogger_reenable
2013-08-10 11:10 - 2013-08-10 11:11 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\NFS Most Wanted
2013-08-10 11:10 - 2013-08-10 11:10 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\NFS Most Wanted Backups
2013-08-10 00:07 - 2013-08-10 00:07 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\Criterion Games
2013-08-09 23:49 - 2013-08-09 23:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2013-08-09 23:49 - 2013-08-09 23:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2013-08-09 23:41 - 2013-08-09 23:41 - 00000543 _____ C:\Windows\NGO.cer
2013-08-09 23:37 - 2013-08-09 23:41 - 00116224 _____ (MotioninJoy) C:\Windows\system32\Drivers\MijXfilt.sys
2013-08-09 23:37 - 2013-08-09 23:41 - 00070016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys
2013-08-09 23:37 - 2013-08-09 23:37 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\MotioninJoy
2013-08-09 23:37 - 2013-08-09 23:37 - 00000000 ____D C:\Program Files\MotioninJoy
2013-08-09 23:37 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll
2013-08-02 17:14 - 2012-09-04 13:22 - 00656896 _____ (CRX Studios Berlin) C:\Users\XXXXXXXXXXXXX\Desktop\EasyShutdown.exe
2013-08-02 15:21 - 2013-08-02 15:21 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2013-08-02 13:23 - 2013-08-02 13:23 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\Singularity
2013-08-02 12:33 - 2013-08-02 12:33 - 00000000 ____D C:\ProgramData\Age of Empires 3
2013-08-02 12:32 - 2013-08-02 12:32 - 00000000 ____D C:\Windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
2013-08-02 01:29 - 2013-08-02 01:29 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\NeocoreGames
2013-08-01 19:32 - 2013-08-01 19:32 - 00000000 ____D C:\ProgramData\ROCCAT
2013-08-01 19:21 - 2013-08-01 19:21 - 00000000 ____D C:\Program Files (x86)\ROCCAT
2013-07-31 21:10 - 2013-07-31 21:10 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\Shiner
2013-07-31 16:23 - 2012-01-18 16:11 - 00354416 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2013-07-31 16:23 - 2012-01-18 16:11 - 00063088 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2013-07-31 16:22 - 2012-01-18 16:11 - 00942192 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2013-07-31 16:22 - 2012-01-18 16:11 - 00433264 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2013-07-31 16:22 - 2012-01-18 16:11 - 00032880 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2013-07-31 16:22 - 2012-01-18 16:10 - 00030320 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2013-07-31 16:22 - 2011-08-29 22:11 - 00039024 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2013-07-31 16:15 - 2013-07-31 16:15 - 00000000 ____D C:\Program Files\Common Files\VMware
2013-07-28 14:59 - 2013-07-28 14:59 - 00000000 ____D C:\Program Files\Axantum
2013-07-24 17:53 - 2013-07-24 18:06 - 00000132 _____ C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
2013-07-24 16:47 - 2013-07-24 16:47 - 00000025 _____ C:\Windows\system32\Drivers\etc\hosts.old
2013-07-24 10:00 - 2013-07-24 17:14 - 00013066 _____ C:\Windows\avmfwlanci.log
2013-07-24 03:52 - 2013-07-24 03:52 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\CrashRpt
2013-07-23 23:38 - 2013-07-23 23:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ssadadb_01005.Wdf
2013-07-23 08:50 - 2013-07-23 08:50 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-07-23 06:03 - 2013-07-23 06:03 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\EA Games
2013-07-20 18:23 - 2013-07-22 21:08 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\Sniper Elite Nazi Zombie Army
2013-07-19 01:06 - 2013-07-19 01:06 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\EMU
2013-07-17 23:40 - 2013-07-17 23:40 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\Activision
2013-07-17 23:05 - 2013-08-02 15:18 - 00098020 _____ C:\Windows\DirectX.log
2013-07-17 22:33 - 2013-08-10 04:32 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\CrashDumps
2013-07-17 06:34 - 2013-07-17 06:34 - 00287434 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-07-17 06:34 - 2013-07-17 06:34 - 00283358 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-07-17 06:34 - 2013-07-17 06:34 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-07-17 06:33 - 2013-07-17 06:34 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 06:12 - 2013-07-17 06:22 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\gnupg
2013-07-17 06:12 - 2013-07-17 06:12 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GNU Privacy Guard
2013-07-17 06:12 - 2013-07-17 06:12 - 00000000 ____D C:\Program Files (x86)\GNU
2013-07-16 01:05 - 2013-07-16 01:05 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\NeroBurnServer
2013-07-16 00:57 - 2013-07-16 00:57 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\NeroVideo
2013-07-16 00:57 - 2013-07-16 00:57 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\Nero
2013-07-15 22:23 - 2013-07-15 22:23 - 00000000 ____D C:\Windows\system32\appmgmt
2013-07-15 22:22 - 2013-07-16 01:53 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Nero
2013-07-15 22:22 - 2013-07-15 22:22 - 00000000 ____D C:\ProgramData\LightScribe
2013-07-15 22:19 - 2013-07-30 10:14 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-07-15 22:19 - 2013-07-30 10:14 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-07-15 22:19 - 2013-07-15 22:19 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\AVG Secure Search
2013-07-15 22:19 - 2013-07-15 22:19 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-07-15 22:18 - 2013-07-16 00:53 - 00000000 ____D C:\ProgramData\Nero
2013-07-15 13:05 - 2013-07-15 13:05 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Avira
2013-07-15 13:01 - 2013-07-15 13:01 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-07-15 13:01 - 2013-07-15 13:01 - 00000000 ____D C:\ProgramData\APN
2013-07-15 13:01 - 2013-07-15 13:01 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-07-15 13:00 - 2013-07-15 13:00 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-07-15 13:00 - 2013-07-15 13:00 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-07-15 13:00 - 2013-07-15 13:00 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-15 13:00 - 2013-07-15 13:00 - 00000000 ____D C:\ProgramData\Avira
2013-07-15 13:00 - 2013-07-15 13:00 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-15 12:49 - 2013-08-09 20:31 - 00004966 _____ C:\Windows\PFRO.log
2013-07-14 15:42 - 2013-07-14 16:09 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-14 15:42 - 2013-07-14 15:42 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\NPE
2013-07-14 15:42 - 2013-07-14 15:42 - 00000000 ____D C:\ProgramData\Norton
2013-07-14 15:42 - 2013-07-14 15:42 - 00000000 ____D C:\Program Files (x86)\stinger
2013-07-14 15:38 - 2013-07-14 15:38 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\CrystalDiskMark
2013-07-13 22:05 - 2013-07-13 22:05 - 00000000 ____D C:\ProgramData\Origin
2013-07-13 15:55 - 2013-07-13 15:55 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\SavedGames
2013-07-13 14:43 - 2013-07-13 14:43 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-07-13 14:42 - 2013-06-21 14:06 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 15920536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 15144928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 11235104 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-07-13 14:42 - 2013-06-21 14:06 - 09239344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 07641832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 02953504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 02363680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 01832224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432049.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432049.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 00925648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 00572704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 00570656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 00432928 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 00372000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 00266448 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 00218592 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 00214448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-07-13 14:42 - 2013-06-21 14:06 - 00181488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-07-13 14:42 - 2013-02-25 07:27 - 00194848 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-07-13 14:42 - 2013-02-25 07:27 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-07-13 14:41 - 2013-08-10 20:15 - 00009464 _____ C:\Windows\setupact.log
2013-07-13 14:41 - 2013-07-13 14:41 - 00000000 _____ C:\Windows\setuperr.log
2013-07-13 01:32 - 2013-07-13 01:34 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\DayZ
2013-07-13 01:32 - 2013-07-13 01:32 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\DayZ
2013-07-13 01:02 - 2013-07-13 01:02 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-07-12 18:26 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 18:26 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 18:26 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 18:26 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 18:26 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 18:26 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 18:26 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 18:26 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 18:26 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 18:26 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 18:26 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 18:26 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 18:26 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 18:26 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 18:26 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 18:26 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 18:26 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 18:26 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 18:26 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 18:26 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 18:26 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 18:26 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 18:26 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 18:26 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 18:26 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 18:26 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 18:26 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 18:26 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 18:26 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 18:26 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 18:26 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 18:23 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 18:23 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 18:23 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 18:23 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 18:22 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 18:22 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 18:22 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
==================== One Month Modified Files and Folders =======
2013-08-10 20:15 - 2013-08-10 20:15 - 00293816 _____ C:\Windows\Minidump\081013-23727-01.dmp
2013-08-10 20:15 - 2013-07-13 14:41 - 00009464 _____ C:\Windows\setupact.log
2013-08-10 20:15 - 2013-05-05 09:24 - 00000000 ____D C:\ProgramData\VMware
2013-08-10 20:15 - 2013-02-06 01:40 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Dropbox
2013-08-10 20:15 - 2013-02-03 16:26 - 00000000 ____D C:\Windows\Minidump
2013-08-10 20:15 - 2013-02-03 00:36 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-10 20:15 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-10 20:13 - 2013-08-10 20:17 - 00027156 _____ C:\Users\XXXXXXXXXXXXX\Desktop\Addition.txt
2013-08-10 20:11 - 2013-08-10 20:11 - 00000000 ____D C:\FRST
2013-08-10 20:10 - 2013-08-10 20:10 - 00000000 _____ C:\Users\XXXXXXXXXXXXX\defogger_reenable
2013-08-10 20:10 - 2013-02-03 00:10 - 00000000 ____D C:\Users\XXXXXXXXXXXXX
2013-08-10 20:09 - 2013-02-09 15:58 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Skype
2013-08-10 19:43 - 2013-02-03 23:37 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\vlc
2013-08-10 19:25 - 2013-02-03 01:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-10 18:31 - 2013-02-03 00:10 - 01442167 _____ C:\Windows\WindowsUpdate.log
2013-08-10 11:17 - 2013-02-26 20:35 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-10 11:11 - 2013-08-10 11:10 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\NFS Most Wanted
2013-08-10 11:10 - 2013-08-10 11:10 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\NFS Most Wanted Backups
2013-08-10 11:00 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-10 11:00 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-10 10:59 - 2011-04-12 09:43 - 00667094 _____ C:\Windows\system32\perfh007.dat
2013-08-10 10:59 - 2011-04-12 09:43 - 00137100 _____ C:\Windows\system32\perfc007.dat
2013-08-10 10:59 - 2009-07-14 07:13 - 01537792 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-10 04:32 - 2013-07-17 22:33 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\CrashDumps
2013-08-10 02:00 - 2013-02-03 00:26 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\Adobe
2013-08-10 00:07 - 2013-08-10 00:07 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\Criterion Games
2013-08-09 23:49 - 2013-08-09 23:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2013-08-09 23:49 - 2013-08-09 23:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2013-08-09 23:41 - 2013-08-09 23:41 - 00000543 _____ C:\Windows\NGO.cer
2013-08-09 23:41 - 2013-08-09 23:37 - 00116224 _____ (MotioninJoy) C:\Windows\system32\Drivers\MijXfilt.sys
2013-08-09 23:41 - 2013-08-09 23:37 - 00070016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys
2013-08-09 23:37 - 2013-08-09 23:37 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\MotioninJoy
2013-08-09 23:37 - 2013-08-09 23:37 - 00000000 ____D C:\Program Files\MotioninJoy
2013-08-09 23:07 - 2013-02-03 01:58 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\My Games
2013-08-09 20:31 - 2013-07-15 12:49 - 00004966 _____ C:\Windows\PFRO.log
2013-08-09 20:31 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-09 20:31 - 2009-07-14 06:45 - 04960400 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-02 17:14 - 2013-02-28 01:57 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Mp3tag
2013-08-02 15:21 - 2013-08-02 15:21 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2013-08-02 15:18 - 2013-07-17 23:05 - 00098020 _____ C:\Windows\DirectX.log
2013-08-02 13:23 - 2013-08-02 13:23 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\Singularity
2013-08-02 13:20 - 2013-02-03 00:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-02 12:37 - 2013-02-03 00:20 - 00085976 _____ C:\Users\PAARBR~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-02 12:33 - 2013-08-02 12:33 - 00000000 ____D C:\ProgramData\Age of Empires 3
2013-08-02 12:32 - 2013-08-02 12:32 - 00000000 ____D C:\Windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
2013-08-02 01:29 - 2013-08-02 01:29 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\NeocoreGames
2013-08-01 19:32 - 2013-08-01 19:32 - 00000000 ____D C:\ProgramData\ROCCAT
2013-08-01 19:32 - 2013-02-03 00:10 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\VirtualStore
2013-08-01 19:21 - 2013-08-01 19:21 - 00000000 ____D C:\Program Files (x86)\ROCCAT
2013-07-31 21:10 - 2013-07-31 21:10 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\Shiner
2013-07-31 19:24 - 2013-05-05 09:25 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\VMware
2013-07-31 19:17 - 2013-05-05 09:25 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\VMware
2013-07-31 16:22 - 2013-02-28 23:55 - 01557748 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-31 16:15 - 2013-07-31 16:15 - 00000000 ____D C:\Program Files\Common Files\VMware
2013-07-30 18:07 - 2013-05-12 17:41 - 00000000 ____D C:\Program Files\CCleaner
2013-07-30 13:37 - 2013-02-03 00:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-30 10:14 - 2013-07-15 22:19 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-07-30 10:14 - 2013-07-15 22:19 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-07-28 14:59 - 2013-07-28 14:59 - 00000000 ____D C:\Program Files\Axantum
2013-07-25 13:24 - 2013-02-04 00:40 - 00000132 _____ C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-07-24 18:06 - 2013-07-24 17:53 - 00000132 _____ C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
2013-07-24 17:55 - 2013-02-03 00:26 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Adobe
2013-07-24 17:14 - 2013-07-24 10:00 - 00013066 _____ C:\Windows\avmfwlanci.log
2013-07-24 16:47 - 2013-07-24 16:47 - 00000025 _____ C:\Windows\system32\Drivers\etc\hosts.old
2013-07-24 11:18 - 2013-02-03 00:26 - 00000000 ____D C:\ProgramData\Adobe
2013-07-24 03:52 - 2013-07-24 03:52 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\CrashRpt
2013-07-23 23:38 - 2013-07-23 23:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ssadadb_01005.Wdf
2013-07-23 08:50 - 2013-07-23 08:50 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-07-23 06:03 - 2013-07-23 06:03 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\EA Games
2013-07-22 21:08 - 2013-07-20 18:23 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\Sniper Elite Nazi Zombie Army
2013-07-22 21:08 - 2013-02-06 17:44 - 00000000 __RHD C:\MSOCache
2013-07-22 21:08 - 2013-02-03 01:06 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Winamp
2013-07-22 21:08 - 2013-02-03 00:16 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Mozilla
2013-07-22 21:08 - 2013-02-03 00:16 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\Mozilla
2013-07-22 21:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-22 21:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-19 01:17 - 2013-03-02 14:24 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Tunngle
2013-07-19 01:17 - 2013-03-02 14:24 - 00000000 ____D C:\ProgramData\Tunngle
2013-07-19 01:06 - 2013-07-19 01:06 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\EMU
2013-07-17 23:40 - 2013-07-17 23:40 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\Activision
2013-07-17 23:40 - 2013-03-08 16:23 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\SKIDROW
2013-07-17 06:34 - 2013-07-17 06:34 - 00287434 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-07-17 06:34 - 2013-07-17 06:34 - 00283358 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-07-17 06:34 - 2013-07-17 06:34 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-07-17 06:34 - 2013-07-17 06:33 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 06:22 - 2013-07-17 06:12 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\gnupg
2013-07-17 06:12 - 2013-07-17 06:12 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GNU Privacy Guard
2013-07-17 06:12 - 2013-07-17 06:12 - 00000000 ____D C:\Program Files (x86)\GNU
2013-07-16 08:32 - 2013-04-16 17:43 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\dvdcss
2013-07-16 01:53 - 2013-07-15 22:22 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Nero
2013-07-16 01:05 - 2013-07-16 01:05 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\NeroBurnServer
2013-07-16 00:57 - 2013-07-16 00:57 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\NeroVideo
2013-07-16 00:57 - 2013-07-16 00:57 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\Nero
2013-07-16 00:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Cursors
2013-07-16 00:53 - 2013-07-15 22:18 - 00000000 ____D C:\ProgramData\Nero
2013-07-15 22:23 - 2013-07-15 22:23 - 00000000 ____D C:\Windows\system32\appmgmt
2013-07-15 22:22 - 2013-07-15 22:22 - 00000000 ____D C:\ProgramData\LightScribe
2013-07-15 22:19 - 2013-07-15 22:19 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\AVG Secure Search
2013-07-15 22:19 - 2013-07-15 22:19 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-07-15 13:05 - 2013-07-15 13:05 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Avira
2013-07-15 13:01 - 2013-07-15 13:01 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-07-15 13:01 - 2013-07-15 13:01 - 00000000 ____D C:\ProgramData\APN
2013-07-15 13:01 - 2013-07-15 13:01 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-07-15 13:00 - 2013-07-15 13:00 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-07-15 13:00 - 2013-07-15 13:00 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-07-15 13:00 - 2013-07-15 13:00 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-15 13:00 - 2013-07-15 13:00 - 00000000 ____D C:\ProgramData\Avira
2013-07-15 13:00 - 2013-07-15 13:00 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-14 16:09 - 2013-07-14 15:42 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-14 15:42 - 2013-07-14 15:42 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\NPE
2013-07-14 15:42 - 2013-07-14 15:42 - 00000000 ____D C:\ProgramData\Norton
2013-07-14 15:42 - 2013-07-14 15:42 - 00000000 ____D C:\Program Files (x86)\stinger
2013-07-14 15:38 - 2013-07-14 15:38 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\CrystalDiskMark
2013-07-14 05:11 - 2013-02-03 00:11 - 00000000 ___RD C:\Users\XXXXXXXXXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-14 05:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system
2013-07-13 22:09 - 2013-03-08 16:23 - 00003951 _____ C:\Users\XXXXXXXXXXXXX\Documents\TombRaider.log
2013-07-13 22:05 - 2013-07-13 22:05 - 00000000 ____D C:\ProgramData\Origin
2013-07-13 15:55 - 2013-07-13 15:55 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\SavedGames
2013-07-13 14:43 - 2013-07-13 14:43 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-07-13 14:43 - 2013-02-03 00:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-13 14:41 - 2013-07-13 14:41 - 00000000 _____ C:\Windows\setuperr.log
2013-07-13 13:50 - 2013-02-03 00:02 - 00000000 ____D C:\Windows\Panther
2013-07-13 13:48 - 2013-02-03 01:30 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-13 13:48 - 2013-02-03 01:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-13 13:48 - 2013-02-03 01:30 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-13 13:46 - 2013-02-09 15:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-13 13:46 - 2013-02-09 15:57 - 00000000 ____D C:\ProgramData\Skype
2013-07-13 05:39 - 2011-04-12 09:54 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 05:39 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 05:39 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 01:34 - 2013-07-13 01:32 - 00000000 ____D C:\Users\XXXXXXXXXXXXX\Documents\DayZ
2013-07-13 01:32 - 2013-07-13 01:32 - 00000000 ____D C:\Users\PAARBR~1\AppData\Local\DayZ
2013-07-13 01:02 - 2013-07-13 01:02 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-02 02:50
==================== End Of Log ============================
neueste Treiber, Updates, etc. installiert. Vielen Dank schonmal!  |
| Themen zu Wird immer langsamer, knickt ein |
| 4d36e972-e325-11ce-bfc1-08002be10318, antivirus, browser, combofix, computer, desktop, entfernen, excel, failed, farbar, farbar recovery scan tool, festplatte, firefox, flash player, helper, home, homepage, installation, launch, league of legends, memory.dmp, minidump, msiinstaller, newtab, nicht möglich, ntdll.dll, programm, refresh, registry, scan, secure search, security, server, software, starten, svchost.exe, system, tracker, unerwarteter fehler, vtoolbarupdater, windows xp |
Baum-Darstellung