| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Bildschirm friert ein + System ist sehr langsam gewordenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.12.2014, 14:04
| #1 |
 |  Windows 7: Bildschirm friert ein + System ist sehr langsam geworden Guten Tag, ich hatte bis dato glücklicherweise ziemlich wenig Probleme mit meinem Computer. Hier zwei Probleme, die dennoch des Öfteren vorkamen: Bildschirm eingefroren: Hin und wieder ist mal das Bild (vor allem beim Öffnen und Ansehen von Seiten wie Facebook, Youtube, etc.) eingefroren, nach einem "brutalen" Neustart des PC's über den Start Knopf am PC selbst, konnte ich allerdings ohne Probleme weiter arbeiten. Ab und zu ist dies auch beim Computerspielen passiert. Absturz mit Bluescreen: Einige Male ist es vorgekommen, dass ich im normalen Desktopbetrieb (keine Programme geöffnet, bzw. nur wenig rechenintensive), oder beim Spielen von Computerspielen einen Bluescreen bekommen habe, worauf hin mein System neu gestartet hat. Spiele bei denen die Probleme z.B. vorkamen sind u.a.: Total War Shogun 2, Battlefield 3/4, Fifa 14/15 Seit 2 Tagen: ...seit 2 Tagen habe ich das Problem (noch mehr nach einem gestrigen Grafikkartenwechsel), dass es noch viel öfter zu o.g. Abstürzen und einfrieren des Bildschirms kommt, zudem ist mein PC in den letzten Tagen auch sehr langsam beim hochfahren geworden (Starten und laden des Systems nach Eingabe des Windows-Kennwortes, nicht der Bootvorgang) sowie bei der normalen Nutzung des Systems im Desktopbetrieb. Hierbei dauert es anfangs ziemlich lange, bis gewisse Sachen laden. Mein System Gehäuse: Big Tower (Server Tower) Netzteil: be quiet! 530W Mainboard:Gigabyte GA-880GA-UD3H Arbeitsspeicher: OCZ Technology 2x2GB DDR3 - AMD Platinum Edition Prozessor: AMD Phenom II x6 1090t (3,4 Ghz) CPU-Fan/Kühler: Revoltec Pipe Tower PRO Festplatte(n): Samsung 1T; Seagate 250GB Monitor: Dell UltraSharp U2414H, 23.8" alte Grafikkarte: Palit GTX 470 Own Design neue Grafikkarte: Sapphire Radeon R9 290 Tri-X OC Eine Idee...hängt es evtl. mit "BlueStacks" (Emulationssoftware für ein Android System) zusammen? Falls ich noch weitere Auskünfte geben soll, bitte Bescheid sagen. ;-) Vielen Dank schon mal vorab und liebe Grüße Malak410 Anhang: Logfiles wie in Anleitung für Hilfesuchende beschrieben. (habe sie ausversehen auch angehängt, tut mir Leid...) Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2014 01
Ran by Michael at 2014-12-11 12:42:43
Running from C:\Users\Michael\Downloads\Trojaner-Board-Set
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
ACP Application (Version: 2.15.10.0003 - Advanced Micro Devices, Inc.) Hidden
Acronis*True*Image*Home (HKLM-x32\...\{37C8899D-FD70-481F-94AA-1F1B08765E22}) (Version: 12.0.9608 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Design Premium (HKLM-x32\...\{02698606-3A21-489D-9D2A-75C9E8D3E5BD}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Production Premium (HKLM-x32\...\{53BC789D-073D-47B6-AA9F-DE05990AF07A}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Premiere Pro CS5 Third Party Royalty Content (HKLM-x32\...\{565DE707-5798-4FC3-8DF6-0F58A348A9B0}) (Version: 5.0.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-837082137-2214864284-3913939692-1000\...\Akamai) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD OverDrive (HKLM-x32\...\{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}) (Version: 3.2.3.0457 - Advanced Micro Devices, Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audials (HKLM-x32\...\{2B652926-DA25-4CE1-BD07-62354D672D03}) (Version: 9.1.23700.0 - RapidSolution Software AG)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.4.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23028 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BenVista PhotoZoom Pro 5.0.8 (HKU\S-1-5-21-837082137-2214864284-3913939692-1000\...\PhotoZoom Pro 5) (Version: 5.0.8 - BenVista Ltd.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
DVD-Cover v.1.5.1.6 (HKLM-x32\...\ST6UNST #1) (Version: - )
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
EA SPORTS™ FIFA 15 Demo (HKLM-x32\...\{108C0C19-6316-4944-A62F-C744488F8639}) (Version: 1.0.0.0 - Electronic Arts)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
FileZilla Client 3.7.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.0.1 - FileZilla Project)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar North / Toronto)
HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.12201.1116 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM276 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JDownloader (HKLM-x32\...\JDownloader) (Version: 0.89 - AppWork UG (haftungsbeschränkt))
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.1.0.124 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.1.0.124 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 34.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly)
NAVIGON Fresh 3.4.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.4.1 - NAVIGON)
Orbit Downloader (HKLM-x32\...\Orbit_is1) (Version: - www.orbitdownloader.com)
Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PixiePack Codec Pack (HKLM-x32\...\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}) (Version: 1.1.1200.0 - None)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Rome - Total War - Gold Edition (HKLM-x32\...\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}) (Version: 1.6 - The Creative Assembly)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-837082137-2214864284-3913939692-1000\...\Spotify) (Version: 0.8.4.93.gd9f49c35 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPER © v2013.build.59+Recorder (2013/12/18) Version v2013.buil (HKLM-x32\...\{8E2A18E2-96AF-4DF9-8459-5C06B75139A4}_is1) (Version: v2013.build.59+Recorder - eRightSoft)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version: - The Creative Assembly)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
Unlocker 1.9.0-x64 (HKLM\...\Unlocker) (Version: 1.9.0-x64 - Cedrick Collomb)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VLC media player 1.1.3 (HKLM-x32\...\VLC media player) (Version: 1.1.3 - VideoLAN)
Wartung Samsung CLX-6220 Series (HKLM-x32\...\Samsung CLX-6220 Series) (Version: - Samsung Electronics Co.,Ltd)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-837082137-2214864284-3913939692-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-837082137-2214864284-3913939692-1000_Classes\CLSID\{48736CF6-6F87-CE1B-5C01-30A35496F4B2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-837082137-2214864284-3913939692-1000_Classes\CLSID\{9D2CD8E0-C644-34F3-2B4E-96CC2C178529}\InprocServer32 -> No File Path
==================== Restore Points =========================
10-12-2014 13:57:38 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
10-12-2014 13:58:08 Windows Update
10-12-2014 21:18:58 Windows Update
11-12-2014 11:20:10 Entfernt LG United Mobile Driver
11-12-2014 11:23:23 Removed LG USB WML Modem Driver
11-12-2014 11:25:08 Entfernt LG PC Suite III
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2010-09-12 10:52 - 00001018 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0A325C57-73FE-4F54-AF78-DBB33863178F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-837082137-2214864284-3913939692-1000UA => C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-08] (Facebook Inc.)
Task: {571A20D0-D254-42D1-BAF1-39409D90C80F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8B1D5994-7B78-463D-87F4-80B6B7085BE6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-837082137-2214864284-3913939692-1000Core => C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-08] (Facebook Inc.)
Task: {9345736A-2B9A-46BE-9975-35C1AB73986D} - System32\Tasks\AdobeAAMUpdater-1.0-Michael-PC-Michael => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {CF13DB55-2699-48E8-BE1F-977DB22E7C8B} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {E65CC57B-F889-4253-B895-9B1A97899217} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-28] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-837082137-2214864284-3913939692-1000Core.job => C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-837082137-2214864284-3913939692-1000UA.job => C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-04-04 19:51 - 2009-05-29 17:35 - 00027648 _____ () C:\Windows\System32\ssy2cl6.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-12-06 15:37 - 2014-12-06 15:37 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-12-03 14:27 - 2014-12-03 14:27 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-05-10 19:56 - 2013-05-10 19:56 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Michael\AppData\Local\Temp:YKcqv0nkAvaocWkCpXb
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AODService => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TeamViewer5 => 2
MSCONFIG\Services: TeamViewer7 => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: WOTUpdater => 2
MSCONFIG\startupfolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: B2C_AGENT => C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: ICQ => "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Michael\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Michael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-837082137-2214864284-3913939692-500 - Administrator - Disabled)
Gast (S-1-5-21-837082137-2214864284-3913939692-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-837082137-2214864284-3913939692-1002 - Limited - Enabled)
Michael (S-1-5-21-837082137-2214864284-3913939692-1000 - Administrator - Enabled) => C:\Users\Michael
==================== Faulty Device Manager Devices =============
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/11/2014 00:38:14 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (12/11/2014 00:19:07 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (12/11/2014 00:19:07 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4400} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (12/11/2014 00:19:07 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (12/11/2014 00:19:07 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (12/11/2014 00:19:07 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (12/11/2014 00:19:07 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (12/11/2014 00:19:06 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (12/11/2014 00:19:06 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexserver kann keine Beschreibung dieses Inhaltsindexes in seiner Datenbank finden. Die Suche wird automatisch versuchen die Beschreibung dieses Inhaltsindexes neu zu erstellen. Wenn das Problem weiterhin besteht, beenden Sie den Suchdienst, starten Sie ihn erneut, und wenn nötig erstellen Sie den Inhaltsindex zu erneut. (HRESULT : 0x80041181) (0x80041181)
Error: (12/11/2014 00:18:44 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
System errors:
=============
Error: (12/11/2014 00:38:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (12/11/2014 00:36:51 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde nicht richtig gestartet.
Error: (12/11/2014 00:34:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (12/11/2014 00:34:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/11/2014 00:34:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/11/2014 00:19:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/11/2014 00:19:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (12/11/2014 00:19:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/11/2014 00:19:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (12/11/2014 00:19:08 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Microsoft Office Sessions:
=========================
Error: (12/11/2014 00:38:14 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (12/11/2014 00:19:07 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
Error: (12/11/2014 00:19:07 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
4400
Error: (12/11/2014 00:19:07 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (12/11/2014 00:19:07 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (12/11/2014 00:19:07 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (12/11/2014 00:19:07 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
Error: (12/11/2014 00:19:06 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
Error: (12/11/2014 00:19:06 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexserver kann keine Beschreibung dieses Inhaltsindexes in seiner Datenbank finden. Die Suche wird automatisch versuchen die Beschreibung dieses Inhaltsindexes neu zu erstellen. Wenn das Problem weiterhin besteht, beenden Sie den Suchdienst, starten Sie ihn erneut, und wenn nötig erstellen Sie den Inhaltsindex zu erneut. (HRESULT : 0x80041181) (0x80041181)
Error: (12/11/2014 00:18:44 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X6 1090T Processor
Percentage of memory in use: 54%
Total physical RAM: 4093.55 MB
Available physical RAM: 1861.87 MB
Total Pagefile: 8185.29 MB
Available Pagefile: 5786.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Lokal1T) (Fixed) (Total:931.41 GB) (Free:495.54 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (ACERDATA ) (Fixed) (Total:232.88 GB) (Free:91.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2A9BBDA4)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B428F0C1)
Partition 1: (Active) - (Size=103 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST.txt. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 01
Ran by Michael (administrator) on MICHAEL-PC on 11-12-2014 12:39:36
Running from C:\Users\Michael\Downloads\Trojaner-Board-Set
Loaded Profile: Michael (Available profiles: Michael)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-837082137-2214864284-3913939692-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-837082137-2214864284-3913939692-1000\...\MountPoints2: {da41519b-9bad-11e3-a24b-1c6f652179ba} - G:\LaunchU3.exe -a
HKU\S-1-5-21-837082137-2214864284-3913939692-1000\...\MountPoints2: {e9d312bb-ae35-11df-8224-1c6f652179ba} - I:\Setup.exe
AppInit_DLLs: => File Not Found
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-837082137-2214864284-3913939692-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKU\S-1-5-21-837082137-2214864284-3913939692-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-837082137-2214864284-3913939692-1000 -> DefaultScope {61A5336B-ADA1-411D-BFD5-672663783E12} URL = hxxp://www.google.at/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-837082137-2214864284-3913939692-1000 -> {61A5336B-ADA1-411D-BFD5-672663783E12} URL = hxxp://www.google.at/search?q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: WOT -> {9E571C81-21E7-496B-9E6B-127E60263022} -> C:\Users\Michael\AppData\LocalLow\WOT\IE\WOT.dll (WOT Services Oy)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll No File
Toolbar: HKU\S-1-5-21-837082137-2214864284-3913939692-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{FE9E06C7-5663-4295-81DA-BB1909B1EC43}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\vc957tf5.default-1387841544954
FF DefaultSearchEngine: Amazon.de
FF SelectedSearchEngine: Amazon.de
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-837082137-2214864284-3913939692-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Michael\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-837082137-2214864284-3913939692-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\vc957tf5.default-1387841544954\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\vc957tf5.default-1387841544954\searchplugins\google-maps.xml
FF Extension: WOT - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\vc957tf5.default-1387841544954\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-24]
FF Extension: DownloadHelper - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\vc957tf5.default-1387841544954\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
FF Extension: Grooveshark Unblocker - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\vc957tf5.default-1387841544954\Extensions\grooveshark-unblocker@4ley.addons.mozilla.org.xpi [2014-01-22]
FF Extension: Grooveshark Unlocker - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\vc957tf5.default-1387841544954\Extensions\groovesharkUnlocker@overlord1337.xpi [2013-12-24]
FF Extension: Flagfox - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\vc957tf5.default-1387841544954\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: BugMeNot Plugin - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\vc957tf5.default-1387841544954\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2013-12-24]
FF Extension: Web Developer - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\vc957tf5.default-1387841544954\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-12-24]
FF Extension: Adblock Plus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\vc957tf5.default-1387841544954\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-03]
FF HKLM-x32\...\Firefox\Extensions: [searchpredict@speedbit.com] - C:\Program Files (x86)\SearchPredict\PRFireFox
FF HKLM-x32\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox
FF HKU\S-1-5-21-837082137-2214864284-3913939692-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\vc957tf5.default-1387841544954\extensions\cliqz@cliqz.com
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [nphjeokkkbngjpiofnfpnafjeofjomfb] - C:\Users\Michael\AppData\LocalLow\WOT\CHROME\WOT.crx [2012-01-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [116224 2014-11-20] (Advanced Micro Devices) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
S4 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136616 2010-07-01] ()
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-25] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-12-06] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-12-05] ()
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 WOTUpdater; C:\Users\Michael\AppData\LocalLow\WOT\IE\WOTUpdater.exe [18432 2012-01-12] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-21] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-08-23] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-08-23] ()
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-05-24] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-05-24] (RapidSolution Software AG)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2010-08-20] (Acronis)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2010-08-22] (Duplex Secure Ltd.)
S2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-05-28] (Samsung Electronics)
R0 tdrpman140; C:\Windows\System32\DRIVERS\tdrpm140.sys [1580576 2010-08-20] (Acronis)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-11 12:39 - 2014-12-11 12:39 - 00000000 ____D () C:\FRST
2014-12-11 12:37 - 2014-12-11 12:41 - 00000000 ____D () C:\Users\Michael\Downloads\Trojaner-Board-Set
2014-12-11 12:31 - 2014-12-11 12:31 - 00000586 _____ () C:\Users\Michael\Downloads\defogger_disable.log
2014-12-11 12:31 - 2014-12-11 12:31 - 00000020 _____ () C:\Users\Michael\defogger_reenable
2014-12-11 12:27 - 2014-12-11 12:27 - 00050477 _____ () C:\Users\Michael\Downloads\Defogger.exe
2014-12-11 12:07 - 2014-12-11 12:33 - 00000168 _____ () C:\Windows\setupact.log
2014-12-11 12:07 - 2014-12-11 12:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-11 12:06 - 2014-12-11 12:33 - 00002448 _____ () C:\Windows\PFRO.log
2014-12-10 17:45 - 2014-12-10 22:03 - 00000000 ____D () C:\Users\Michael\Downloads\hwmonitor_1.26
2014-12-10 17:23 - 2014-12-10 17:23 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-12-10 17:23 - 2014-12-10 17:23 - 00000000 ____D () C:\Program Files\ATI
2014-12-10 17:23 - 2014-12-10 17:23 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-12-10 17:23 - 2012-03-30 15:49 - 00056448 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2014-12-10 17:21 - 2014-12-10 17:21 - 00000010 _____ () C:\csb.log
2014-12-10 17:21 - 2009-05-05 15:00 - 00016440 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\Drivers\AtiPcie.sys
2014-12-10 17:20 - 2014-12-10 17:22 - 00000000 ____D () C:\Users\Michael\Downloads\chipset-win7
2014-12-10 17:19 - 2014-01-17 03:04 - 00000000 ____D () C:\Users\Michael\Downloads\AHCI_w7
2014-12-10 17:18 - 2014-12-10 17:20 - 244216881 _____ () C:\Users\Michael\Downloads\motherboard_driver_amd_chipset_win7.exe
2014-12-10 17:18 - 2014-12-10 17:18 - 00425031 _____ (Igor Pavlov) C:\Users\Michael\Downloads\motherboard_driver_amd_sataraid_raid_8-series_win7.exe
2014-12-10 17:18 - 2014-12-10 17:18 - 00360853 _____ (Igor Pavlov) C:\Users\Michael\Downloads\motherboard_driver_amd_sataraid_achi_8-series_win7.exe
2014-12-10 17:12 - 2014-12-10 17:12 - 01353682 _____ () C:\Users\Michael\Downloads\hwmonitor_1.26.zip
2014-12-10 17:09 - 2014-12-10 17:09 - 00015201 _____ () C:\Users\Michael\Downloads\MemTest.zip
2014-12-10 15:25 - 2014-12-10 15:25 - 00000000 ____D () C:\Users\Michael\AppData\Local\AMD
2014-12-10 15:24 - 2014-12-10 15:24 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\ATI
2014-12-10 15:24 - 2014-12-10 15:24 - 00000000 ____D () C:\Users\Michael\AppData\Local\ATI
2014-12-10 15:24 - 2014-12-10 15:24 - 00000000 ____D () C:\ProgramData\ATI
2014-12-10 15:21 - 2014-12-11 12:32 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-12-10 15:21 - 2014-12-10 15:21 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-12-10 15:08 - 2014-12-10 15:22 - 00000000 ____D () C:\ProgramData\AMD
2014-12-10 15:08 - 2014-12-10 15:08 - 00064312 _____ () C:\Windows\SysWOW64\CCCInstall_201412101508203433.log
2014-12-10 15:08 - 2014-12-10 15:08 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-12-10 15:07 - 2014-12-10 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-10 15:06 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 15:06 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 14:59 - 2014-12-10 14:59 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-12-10 14:57 - 2014-12-10 15:08 - 00000000 ____D () C:\Program Files\AMD
2014-12-10 12:43 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 12:43 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 12:43 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 12:43 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 12:43 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 12:43 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 12:43 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 12:43 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 12:43 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 12:43 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 12:43 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 12:43 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 12:43 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 12:43 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 12:43 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 12:43 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 12:43 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 12:43 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 12:43 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 12:43 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 12:43 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 12:43 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 12:43 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 12:43 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 12:43 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 12:43 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 12:43 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 12:43 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 12:43 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 12:43 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 12:43 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 12:43 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 12:43 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 12:43 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-10 12:43 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 12:43 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 12:43 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 12:43 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 12:43 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 12:43 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 12:43 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 12:43 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 12:43 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 12:43 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 12:43 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 12:43 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 12:43 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 12:43 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 12:43 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 12:43 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 12:43 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 12:43 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 12:43 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 12:43 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 12:43 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 12:43 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 12:43 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 12:43 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 12:43 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 12:43 - 2014-10-30 03:04 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 12:43 - 2014-10-30 02:46 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 12:42 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 12:42 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 12:42 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 12:42 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 12:42 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 12:42 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 12:42 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 12:42 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 12:42 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 12:42 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 12:42 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 12:42 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 12:35 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 12:35 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 14:23 - 2014-12-09 14:27 - 302470552 _____ (AMD Inc.) C:\Users\Michael\Downloads\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
2014-12-06 15:37 - 2014-12-06 15:37 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-12-05 18:15 - 2014-12-05 18:15 - 00001201 _____ () C:\Users\Public\Desktop\Battlefield 4.lnk
2014-12-05 18:15 - 2014-12-05 18:15 - 00001177 _____ () C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2014-12-05 18:15 - 2014-12-05 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
2014-12-03 14:26 - 2014-12-03 14:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-29 23:27 - 2014-11-29 23:27 - 01854841 _____ () C:\Users\Michael\Downloads\iCE30_REV2_PATCH_1.rar
2014-11-29 23:22 - 2014-11-29 23:22 - 00000000 ____D () C:\Users\Michael\Documents\Rockstar Games
2014-11-29 23:14 - 2014-11-29 23:14 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2014-11-29 22:55 - 2014-11-29 22:55 - 00000000 ____D () C:\Users\Michael\AppData\Local\Rockstar Games
2014-11-29 22:55 - 2014-11-29 22:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-11-29 22:54 - 2014-11-29 22:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-11-29 22:54 - 2014-11-29 22:54 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-11-29 21:21 - 2014-11-29 21:21 - 00000221 _____ () C:\Users\Michael\Desktop\Grand Theft Auto Episodes from Liberty City.url
2014-11-21 03:44 - 2014-11-21 03:44 - 11076784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 09401480 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 01348928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 01127496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 00118096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-11-21 03:43 - 2014-11-21 03:43 - 08379720 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-11-21 03:43 - 2014-11-21 03:43 - 08369408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-11-21 03:43 - 2014-11-21 03:43 - 07558816 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2014-11-21 03:43 - 2014-11-21 03:43 - 07077776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-11-21 03:41 - 2014-11-21 03:41 - 00294600 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-11-21 03:40 - 2014-11-21 03:40 - 18959360 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-11-21 03:33 - 2014-11-21 03:33 - 47899136 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-11-21 03:33 - 2014-11-21 03:33 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe
2014-11-21 03:33 - 2014-11-21 03:33 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe
2014-11-21 03:33 - 2014-11-21 03:33 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe
2014-11-21 03:33 - 2014-11-21 03:33 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe
2014-11-21 03:33 - 2014-11-21 03:33 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-11-21 03:33 - 2014-11-21 03:33 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-11-21 03:33 - 2014-11-21 03:33 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-11-21 03:33 - 2014-11-21 03:33 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-11-21 03:32 - 2014-11-21 03:32 - 40987136 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-11-21 03:31 - 2014-11-21 03:31 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-11-21 03:31 - 2014-11-21 03:31 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-11-21 03:29 - 2014-11-21 03:29 - 07915520 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhsasc64.dll
2014-11-21 03:29 - 2014-11-21 03:29 - 06375936 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdhsasc.dll
2014-11-21 03:24 - 2014-11-21 03:24 - 28354560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-11-21 03:19 - 2014-11-21 03:19 - 23621632 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-11-21 03:19 - 2014-11-21 03:19 - 00049664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-11-21 03:19 - 2014-11-21 03:19 - 00038912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-11-21 03:18 - 2014-11-21 03:18 - 05837312 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-11-21 03:18 - 2014-11-21 03:18 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-11-21 03:18 - 2014-11-21 03:18 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-11-21 03:17 - 2014-11-21 03:17 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2014-11-21 03:17 - 2014-11-21 03:17 - 00631912 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-11-21 03:17 - 2014-11-21 03:17 - 00631912 _____ () C:\Windows\system32\atiapfxx.blb
2014-11-21 03:17 - 2014-11-21 03:17 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-11-21 03:17 - 2014-11-21 03:17 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-11-21 03:17 - 2014-11-21 03:17 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-11-21 03:16 - 2014-11-21 03:16 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-11-21 03:16 - 2014-11-21 03:16 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-11-21 03:16 - 2014-11-21 03:16 - 00204952 _____ () C:\Windows\SysWOW64\ativvsvl.dat
2014-11-21 03:16 - 2014-11-21 03:16 - 00204952 _____ () C:\Windows\system32\ativvsvl.dat
2014-11-21 03:16 - 2014-11-21 03:16 - 00157144 _____ () C:\Windows\SysWOW64\ativvsva.dat
2014-11-21 03:16 - 2014-11-21 03:16 - 00157144 _____ () C:\Windows\system32\ativvsva.dat
2014-11-21 03:16 - 2014-11-21 03:16 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-11-21 03:16 - 2014-11-21 03:16 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-11-21 03:15 - 2014-11-21 03:15 - 04590592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-11-21 03:13 - 2014-11-21 03:13 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-11-21 03:13 - 2014-11-21 03:13 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-11-21 03:13 - 2014-11-21 03:13 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-11-21 03:12 - 2014-11-21 03:12 - 00774656 _____ (AMD) C:\Windows\system32\atieclxx.exe
2014-11-21 03:12 - 2014-11-21 03:12 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-11-21 03:12 - 2014-11-21 03:12 - 00244736 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2014-11-21 03:12 - 2014-11-21 03:12 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-11-21 03:12 - 2014-11-21 03:12 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-11-21 03:10 - 2014-11-21 03:10 - 00843776 _____ (AMD) C:\Windows\system32\coinst_14.50.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 01214976 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 00903168 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-11-21 03:08 - 2014-11-21 03:08 - 00589312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-11-21 03:08 - 2014-11-21 03:08 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-11-21 03:08 - 2014-11-21 03:08 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-11-21 03:08 - 2014-11-21 03:08 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-11-20 21:36 - 2014-11-20 21:36 - 00051200 _____ () C:\Windows\system32\kdbsdk64.dll
2014-11-20 21:35 - 2014-11-20 21:35 - 00038912 _____ () C:\Windows\SysWOW64\kdbsdk32.dll
2014-11-20 21:21 - 2014-11-20 21:21 - 02412544 _____ () C:\Windows\system32\amdacpusl.pdb
2014-11-20 21:18 - 2014-11-20 21:18 - 00362496 _____ (Advanced Micro Devices) C:\Windows\system32\amdacpusl.dll
2014-11-20 21:18 - 2014-11-20 21:18 - 00306176 _____ () C:\Windows\system32\amdacpusl.pdb.pub
2014-11-20 21:18 - 2014-11-20 21:18 - 00247296 _____ (Advanced Micro Devices) C:\Windows\SysWOW64\amdacpusl.dll
2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
2014-11-18 19:35 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 19:35 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 19:35 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 19:35 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-16 21:07 - 2014-11-16 21:07 - 00001814 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-11-16 21:06 - 2014-11-16 21:06 - 00000000 ____D () C:\Users\Michael\Desktop\BlueStacks App Player
2014-11-16 21:06 - 2014-11-16 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-11-16 21:06 - 2014-11-16 21:06 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-11-16 21:06 - 2014-11-16 21:06 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-11-16 21:05 - 2014-11-16 21:12 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-11-16 21:05 - 2014-11-16 21:05 - 00000000 ____D () C:\BlueStacks App Player
2014-11-16 21:04 - 2014-11-16 21:04 - 00000000 ____D () C:\Users\Michael\AppData\Local\Bluestacks
2014-11-12 17:31 - 2014-11-12 17:31 - 00000000 __SHD () C:\Users\Michael\AppData\Local\EmieBrowserModeList
2014-11-11 20:08 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 20:08 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 20:08 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 20:08 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 20:08 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 20:08 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 20:08 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 20:08 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 20:08 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 20:07 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 20:07 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 20:07 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 20:07 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 20:07 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 20:07 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 20:07 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 20:07 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 20:07 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 20:07 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 20:07 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 20:07 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 20:07 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 20:07 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 20:07 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 20:07 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 20:07 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 20:07 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 20:07 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 20:07 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 20:07 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 20:07 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 20:07 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 20:07 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 20:07 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 20:07 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 20:06 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 20:06 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 20:06 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 20:06 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 20:06 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 20:06 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 20:06 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-11 12:41 - 2010-08-20 22:12 - 02030407 _____ () C:\Windows\WindowsUpdate.log
2014-12-11 12:33 - 2012-05-06 14:22 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-12-11 12:33 - 2010-08-20 23:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-11 12:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-11 12:31 - 2010-08-20 21:22 - 00000000 ____D () C:\Users\Michael
2014-12-11 12:28 - 2014-07-02 11:36 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe
2014-12-11 12:28 - 2013-12-08 21:23 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-837082137-2214864284-3913939692-1000UA.job
2014-12-11 12:26 - 2009-07-14 05:45 - 00017264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-11 12:26 - 2009-07-14 05:45 - 00017264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-11 12:18 - 2013-03-07 08:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-11 12:15 - 2014-05-13 21:05 - 00090624 ___SH () C:\Users\Michael\Desktop\Thumbs.db
2014-12-11 12:13 - 2013-12-21 00:43 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-12-11 12:11 - 2011-12-25 23:30 - 00000000 ____D () C:\ProgramData\Origin
2014-12-11 12:08 - 2011-12-25 23:30 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-10 22:20 - 2010-08-20 22:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 22:11 - 2010-08-20 23:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-10 21:50 - 2010-08-21 12:05 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-12-10 21:48 - 2013-12-08 21:23 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-837082137-2214864284-3913939692-1000Core.job
2014-12-10 17:45 - 2010-08-21 12:05 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-12-10 17:30 - 2012-05-06 12:58 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\DVDVideoSoft
2014-12-10 16:24 - 2014-05-12 14:43 - 00000000 ____D () C:\Users\Michael\Documents\Battlefield 4
2014-12-10 15:50 - 2014-08-16 12:44 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-10 15:50 - 2013-05-18 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-10 15:44 - 2014-05-12 14:42 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-10 15:31 - 2011-12-26 14:41 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-12-10 15:21 - 2010-08-21 00:56 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-10 15:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 15:17 - 2013-08-14 10:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 15:10 - 2011-12-25 21:45 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 15:08 - 2010-08-21 11:16 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-12-10 12:18 - 2012-04-04 19:50 - 00000000 ____D () C:\Temp
2014-12-09 22:47 - 2013-12-22 16:27 - 00000000 ____D () C:\Users\Michael\Desktop\Weihnachten
2014-12-09 20:04 - 2010-08-21 00:07 - 00000000 ____D () C:\Users\Michael\Documents\Outlook-Dateien
2014-12-09 14:30 - 2010-09-04 13:10 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\FileZilla
2014-12-06 12:54 - 2010-08-21 12:06 - 00000000 ____D () C:\Users\Michael\AppData\Local\PunkBuster
2014-12-05 18:15 - 2010-08-21 12:05 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-12-05 18:15 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-05 16:50 - 2014-06-27 12:05 - 00001181 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-12-05 16:50 - 2014-06-27 12:05 - 00001169 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-12-05 13:56 - 2011-12-25 23:30 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-04 13:57 - 2012-05-02 21:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-29 23:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-29 21:21 - 2012-09-15 15:13 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-28 12:58 - 2013-03-07 08:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-28 12:58 - 2012-04-02 20:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-28 12:58 - 2011-12-25 21:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-27 18:16 - 2014-04-07 14:09 - 00037376 _____ () C:\Users\Michael\Desktop\Haushaltsbuch 2014.xls
2014-11-25 21:58 - 2010-08-22 17:13 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
2014-11-25 17:08 - 2013-09-15 16:22 - 00000000 ____D () C:\Users\Michael\Desktop\Sparkasse
2014-11-25 17:04 - 2009-07-14 18:58 - 03069778 _____ () C:\Windows\system32\perfh007.dat
2014-11-25 17:04 - 2009-07-14 18:58 - 00886006 _____ () C:\Windows\system32\perfc007.dat
2014-11-25 17:04 - 2009-07-14 06:13 - 00006264 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-22 16:38 - 2011-12-25 22:47 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2014-11-21 17:23 - 2014-04-29 15:06 - 00000000 ____D () C:\Users\Michael\Desktop\Gottesdienste
2014-11-18 21:26 - 2012-05-31 15:39 - 00000000 ____D () C:\Windows\Minidump
2014-11-16 21:07 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-16 15:45 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-15 15:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 16:34 - 2010-08-20 21:33 - 00110080 _____ () C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 16:32 - 2009-07-14 05:45 - 05030224 _____ () C:\Windows\system32\FNTCACHE.DAT
Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-05 19:33
==================== End Of Log ============================
--- --- --- Gmer.txt Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-11 13:31:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-9 SAMSUNG_HD103SJ rev.1AJ100E4 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Michael\AppData\Local\Temp\kxdiifow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003804000 45 bytes [00, 10, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff8000380402f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d21401 2 bytes JMP 7739b21b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[1816] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d21419 2 bytes JMP 7739b346 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d21431 2 bytes JMP 77418ea9 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d2144a 2 bytes CALL 773748ad C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[1816] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d214dd 2 bytes JMP 774187a2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d214f5 2 bytes JMP 77418978 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[1816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d2150d 2 bytes JMP 77418698 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d21525 2 bytes JMP 77418a62 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d2153d 2 bytes JMP 7738fca8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[1816] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d21555 2 bytes JMP 773968ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d2156d 2 bytes JMP 77418f61 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d21585 2 bytes JMP 77418ac2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[1816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d2159d 2 bytes JMP 7741865c C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d215b5 2 bytes JMP 7738fd41 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d215cd 2 bytes JMP 7739b2dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d216b2 2 bytes JMP 77418e24 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d216bd 2 bytes JMP 774185f1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Windows\system32\PnkBstrA.exe[2636] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d21401 2 bytes JMP 7739b21b C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2636] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d21419 2 bytes JMP 7739b346 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d21431 2 bytes JMP 77418ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d2144a 2 bytes CALL 773748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Windows\system32\PnkBstrA.exe[2636] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d214dd 2 bytes JMP 774187a2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2636] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d214f5 2 bytes JMP 77418978 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2636] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d2150d 2 bytes JMP 77418698 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2636] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d21525 2 bytes JMP 77418a62 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2636] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d2153d 2 bytes JMP 7738fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2636] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d21555 2 bytes JMP 773968ef C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2636] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d2156d 2 bytes JMP 77418f61 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2636] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d21585 2 bytes JMP 77418ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2636] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d2159d 2 bytes JMP 7741865c C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2636] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d215b5 2 bytes JMP 7738fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2636] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d215cd 2 bytes JMP 7739b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2636] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d216b2 2 bytes JMP 77418e24 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2636] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d216bd 2 bytes JMP 774185f1 C:\Windows\syswow64\kernel32.dll
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x93 0xBB 0x6A 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xFF 0x84 0x91 0x92 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x2A 0xBC 0x79 0x8A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x93 0xBB 0x6A 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xFF 0x84 0x91 0x92 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x2A 0xBC 0x79 0x8A ...
---- EOF - GMER 2.1 ----
Geändert von Malak410 (11.12.2014 um 14:13 Uhr) |
|
11.12.2014, 14:24
| #2 |
| /// the machine /// TB-Ausbilder    |  Windows 7: Bildschirm friert ein + System ist sehr langsam geworden hi,
__________________Lade Dir bitte Bluescreenview und installiere es: BlueScreenView - Download - Filepony Öffnen und den aktuellsten Dump analysieren lassen (macht das Tool automatisch). Output hier posten.
__________________ |
|
11.12.2014, 21:35
| #3 |
| | Windows 7: Bildschirm friert ein + System ist sehr langsam geworden Muss ich das Programm im Hintergrund laufen lassen und beim nächsten BlueScreen wird automatisch ein log erstellt?
__________________BlueScreen-View zeigt mir nämlich keine Fehler an...ich habe auch alle Windows Fehlerprotokolle gestern dummerweise löschen lassen. :/ *Update* Mittlerweile ist der PC wieder 2 mal eingefroren, einen Bluescreen gab es dabei jedoch nicht. Des Weiteren zeigt mir BlueScreenView leider auch keine Fehlerprotokolle an... Was nun? Geändert von Malak410 (11.12.2014 um 14:46 Uhr) |
|
12.12.2014, 17:41
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Bildschirm friert ein + System ist sehr langsam geworden Die Dumps werden auch nur bei nem Bluescreen angelegt. ProcessExplorer als Ersatz für den Windows Taskmanager installieren Lade Dir den Process Explorer als Ersatz für den Taskmanager herunter und installiere ihn, hier findest Du eine Anleitung. Das ist ein wesentlich leistungsfähigerer Ersatz für den Windows-Taskmanager. Im Menü unter "Options" kannst Du den ProcessExplorer dauerhaft als Ersatz für den Taskmanager einrichten (Replace Taskmanager). Das ist sehr empfehlenswert, weil der ProcessExplorer erheblich mehr Funktionen als der Taskmanager hat. Wenn Du diese Einstellung gemacht hast, öffnet sich mit der Tastenkombination STRG + ALT + Entf. nicht mehr der Taskmanager, sondern der ProcessExplorer. Das kann jederzeit durch Abhaken dieser Einstellung wieder rückgängig gemacht werden. Was wir jetzt konkret brauchen: In jeder Zeile steht ein Prozess, ein paar der Zeilen sind keine richtigen Prozesse, sondern nur Pseudoprozesse für die Tätigkeit des Windos-Kernels. Im Menü View => Select Columns wird ein Dialog geöffnet, in dem Du auswählen kannst, welche Spalten mit Informationen zu den Prozessen angezeigt werden sollen. In dem gehe in das Register "Process Performance" und stelle sicher, dass dort "CPU Usage" angehakt ist, "CPU History" wäre ebenfalls sinnvoll. Unter "CPU Usage" wird der aktuelle Wert der Prozessorauslastung für jeden Prozess angezeigt (im Tabellentitel steht nur kurz "CPU"), "CPU History" blendet für jeden Prozess ein Diagramm ein, das eine Kurve mit der Prozessorauslastung für die letzte Zeit anzeigt. Damit sollte es Dir möglich sein, zu identifizieren, welcher Prozess Deine CPU in Trab hält. Mache einen Doppelklick auf den Prozess. Du kannst von dem ganzen auch einen Screenshot machen und ihn als Anhang mit Deiner Antwort hochladen (auf "Erweitert" unter dem Textfeld klicken und über "Anhänge verwalten" auf Deinem Rechner suchen lassen und über "Hochladen" anhängen). Process Explorer am Besten offen lassen die ganze Zeit.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.12.2014, 16:50
| #5 |
| | Windows 7: Bildschirm friert ein + System ist sehr langsam geworden siehe Anlagen: |
|
14.12.2014, 11:32
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: Bildschirm friert ein + System ist sehr langsam geworden Die Screenshots sind von dem Moment wo er einfriert?
__________________ --> Windows 7: Bildschirm friert ein + System ist sehr langsam geworden |
|
14.12.2014, 21:26
| #7 |
| | Windows 7: Bildschirm friert ein + System ist sehr langsam geworden Nein, die sind davon wenn er läuft. Sobald er einfriert funktioniert nichts mehr (reagiert nicht auf Tastenkombis, Maus, etc.), da kann man nur noch den PC resetten und einen Neustart durchführen. Info: Habe jetzt übrigens den RAM in der Zwischenzeit auf 12GB aufgerüstet. Kann es sein das es an Firefox liegt? Ich hatte jetzt noch ein paar Mal Abstürze und das immer nur, wenn ich Firefox geöffnet hatte. |
|
15.12.2014, 19:25
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: Bildschirm friert ein + System ist sehr langsam geworden Las den Process Explorer offen und checke was die CPU macht wenn er einfriert. Firefox mal die Hardwarebeschleunigung abschalten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.12.2014, 14:17
| #9 |
| | Windows 7: Bildschirm friert ein + System ist sehr langsam geworden Die Hardwarebeschleunigung hatte ich schon aus. Habe jetzt testweise Chrome heruntergeladen und installiert - System läuft die letzten Stunden problemlos. Wird dann wohl wirklich an Firefox liegen, oder? Aber was könnte es denn sein? Ein Addon, etc.? Achso und mein PC startet ziemlich langsam, obwohl ich unter "msconfig" schon alle nicht nötigen Programme aus dem Systemstart herausgenommen habe. |
|
16.12.2014, 21:43
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: Bildschirm friert ein + System ist sehr langsam geworden Poste mal ein aktuelles FRST log. Ich schau mal  .Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Linear-Darstellung
