|
Plagegeister aller Art und deren Bekämpfung: Svchost.exe verbraucht viel ArbeitsspeicherWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.12.2014, 20:46 | #1 |
| Svchost.exe verbraucht viel Arbeitsspeicher Nabend, hier melde ich mich mal von meinem eigenen Rechner aus und wollte diesen mal aufpeppeln, weil der relativ langsam geworden ist. Internetbrowser brauchen oft lange zum starten, mal harkt der ganze PC und die Svchost.exe verbraucht extrem viel Speicher. Nach dem Start Ca. 500.000 k und jetzt ist es bei ca. 250.000 k. Edit:: Das Gleiche würde ich auch gerne bei meinem Laptop machen, da der auch schon etwas langsamer geworden ist. Wäre super, wenn einer helfen könnte. :-) |
11.12.2014, 22:21 | #2 |
/// the machine /// TB-Ausbilder | Svchost.exe verbraucht viel Arbeitsspeicher hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
12.12.2014, 01:45 | #3 |
| Svchost.exe verbraucht viel Arbeitsspeicher FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 03 Ran by Julez (administrator) on JULEZ-PC on 12-12-2014 01:38:12 Running from C:\Users\Julez\Desktop Loaded Profiles: Julez & (Available profiles: Julez) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Opera Software) C:\Program Files (x86)\Opera Next\27.0.1689.29\opera.exe () C:\Program Files (x86)\Opera Next\27.0.1689.29\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera Next\27.0.1689.29\opera.exe (Opera Software) C:\Program Files (x86)\Opera Next\27.0.1689.29\opera.exe (Opera Software) C:\Program Files (x86)\Opera Next\27.0.1689.29\opera.exe (Opera Software) C:\Program Files (x86)\Opera Next\27.0.1689.29\opera.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-21-3380334380-2533475043-608586334-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd) HKU\S-1-5-21-3380334380-2533475043-608586334-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3380334380-2533475043-608586334-1000\...\MountPoints2: {0eeb8d8d-2ec5-11e3-a1fa-6c626d877c05} - F:\AutoRun.exe HKU\S-1-5-21-3380334380-2533475043-608586334-1000\...\MountPoints2: {0eeb8d9c-2ec5-11e3-a1fa-6c626d877c05} - F:\AutoRun.exe HKU\S-1-5-21-3380334380-2533475043-608586334-1000\...\MountPoints2: {1b864dd0-8b4f-11e2-8e08-806e6f6e6963} - E:\Setup.exe HKU\S-1-5-21-3380334380-2533475043-608586334-1000\...\MountPoints2: {f7aa72c0-0159-11e1-8b2c-6c626d877c05} - G:\setup.exe HKU\S-1-5-21-3380334380-2533475043-608586334-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd) HKU\S-1-5-21-3380334380-2533475043-608586334-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3380334380-2533475043-608586334-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0eeb8d8d-2ec5-11e3-a1fa-6c626d877c05} - F:\AutoRun.exe HKU\S-1-5-21-3380334380-2533475043-608586334-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0eeb8d9c-2ec5-11e3-a1fa-6c626d877c05} - F:\AutoRun.exe HKU\S-1-5-21-3380334380-2533475043-608586334-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1b864dd0-8b4f-11e2-8e08-806e6f6e6963} - E:\Setup.exe HKU\S-1-5-21-3380334380-2533475043-608586334-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f7aa72c0-0159-11e1-8b2c-6c626d877c05} - G:\setup.exe BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3380334380-2533475043-608586334-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search-us.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com HKU\S-1-5-21-3380334380-2533475043-608586334-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNB&bmod=MDNB HKU\S-1-5-21-3380334380-2533475043-608586334-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKU\S-1-5-21-3380334380-2533475043-608586334-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search-us.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com HKU\S-1-5-21-3380334380-2533475043-608586334-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNB&bmod=MDNB HKU\S-1-5-21-3380334380-2533475043-608586334-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ SearchScopes: HKLM -> DefaultScope value is missing. SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3380334380-2533475043-608586334-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKU\S-1-5-21-3380334380-2533475043-608586334-1000 -> {4E4FBD93-5C26-47F8-B8BA-F639044205C2} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552 SearchScopes: HKU\S-1-5-21-3380334380-2533475043-608586334-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKU\S-1-5-21-3380334380-2533475043-608586334-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4E4FBD93-5C26-47F8-B8BA-F639044205C2} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552 BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{F4C0380B-4A08-4FBF-B2A9-D73B2A1A7EA8}: [NameServer] 213.191.74.19 62.109.123.197 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKU\S-1-5-21-3380334380-2533475043-608586334-1000: @protectdisc.com/NPPDLicenseHelper -> C:\Users\Julez\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF Plugin HKU\S-1-5-21-3380334380-2533475043-608586334-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKU\S-1-5-21-3380334380-2533475043-608586334-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @protectdisc.com/NPPDLicenseHelper -> C:\Users\Julez\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF Plugin HKU\S-1-5-21-3380334380-2533475043-608586334-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-02-24] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-05-04] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-12-12] Chrome: ======= CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-23] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-23] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation) S3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-11-08] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2013-11-08] () R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed] S4 Start BT in service; C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [47984 2007-03-14] () S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21160 2013-08-29] (Advanced Micro Devices, Inc.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31360 2013-08-29] (Advanced Micro Devices, Inc.) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation) S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [37648 2007-03-05] (IVT Corporation.) S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [37648 2007-03-05] (IVT Corporation.) S3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [37648 2007-03-05] (IVT Corporation.) S3 BlueletSCOAudio; C:\Windows\SysWOW64\DRIVERS\BlueletSCOAudio.sys [37648 2007-03-05] (IVT Corporation.) R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.) R3 BT; C:\Windows\SysWOW64\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.) S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47888 2007-03-05] (IVT Corporation.) S3 Btcsrusb; C:\Windows\SysWOW64\Drivers\btcusb.sys [47888 2007-03-05] (IVT Corporation.) R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.) R0 BTHidEnum; C:\Windows\SysWOW64\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.) R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.) R0 BTHidMgr; C:\Windows\SysWOW64\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-10-28] (DT Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20141211.001\IDSvia64.sys [637656 2014-11-18] (Symantec Corporation) S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 MouFilter_Mou_FlexDef4; C:\Windows\System32\DRIVERS\MouFilter_FlexDef4.sys [15360 2010-10-20] (Siliten) S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed] S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () [File not signed] R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141210.021\ENG64.SYS [129752 2014-08-21] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141210.021\EX64.SYS [2137304 2014-08-21] (Symantec Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-29] (Synaptics Incorporated) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-04] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-01] (Anchorfree Inc.) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software) R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.) R3 VComm; C:\Windows\SysWOW64\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.) R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.) R3 VcommMgr; C:\Windows\SysWOW64\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.) S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 lmimirr; system32\DRIVERS\lmimirr.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-12 01:38 - 2014-12-12 01:39 - 00020722 _____ () C:\Users\Julez\Desktop\FRST.txt 2014-12-12 01:38 - 2014-12-12 01:38 - 00000000 ____D () C:\FRST 2014-12-12 01:37 - 2014-12-12 01:37 - 02119680 _____ (Farbar) C:\Users\Julez\Desktop\frst64.exe 2014-12-12 00:46 - 2014-12-12 00:46 - 00000570 _____ () C:\Windows\PFRO.log 2014-12-11 22:50 - 2014-12-12 00:47 - 00000168 _____ () C:\Windows\setupact.log 2014-12-11 22:50 - 2014-12-11 22:50 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-11 22:39 - 2014-12-11 22:39 - 00000000 ____D () C:\Users\Julez\Documents\WB Games 2014-12-11 22:39 - 2014-12-11 22:39 - 00000000 ____D () C:\Users\Julez\AppData\Roaming\Steam 2014-12-11 22:31 - 2014-12-12 01:23 - 00000144 _____ () C:\Users\Julez\Desktop\Neues Textdokument.txt 2014-12-11 22:21 - 2014-12-11 22:21 - 00001278 _____ () C:\Users\Julez\Desktop\Middle Earth Shadow of Mordor.lnk 2014-12-11 22:21 - 2014-12-11 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Middle Earth Shadow of Mordor 2014-12-11 21:49 - 2014-12-11 22:21 - 00000000 ____D () C:\Program Files (x86)\Middle Earth Shadow of Mordor 2014-12-11 21:42 - 2014-12-11 21:42 - 00001728 _____ () C:\Users\Public\Desktop\Defraggler.lnk 2014-12-11 21:42 - 2014-12-11 21:42 - 00000000 ____D () C:\Program Files\Defraggler 2014-12-11 21:41 - 2014-12-11 21:41 - 04362512 _____ (Piriform Ltd) C:\Users\Julez\Desktop\dfsetup218.exe 2014-12-11 21:21 - 2014-12-11 21:21 - 00001378 _____ () C:\Users\Julez\Desktop\CCleaner64.exe - Verknüpfung.lnk 2014-12-11 21:14 - 2014-12-11 21:14 - 00000000 ____D () C:\Users\Julez\Documents\Tunngle 2014-12-11 21:10 - 2014-12-11 21:10 - 00000000 ____D () C:\Users\Julez\.appwork 2014-12-11 16:40 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-11 16:40 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-11 16:40 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-12-11 16:40 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-12-11 16:40 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-12-11 16:40 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-12-11 16:40 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-12-11 16:40 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-12-11 16:40 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-12-11 16:40 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-12-05 20:18 - 2014-12-07 18:31 - 00000000 ____D () C:\Users\Julez\Desktop\HDR - Mordors Schatten 2014-12-04 21:44 - 2014-12-07 17:27 - 00000000 ____D () C:\Users\Julez\Desktop\COD AW 2014-11-29 17:30 - 2014-11-29 17:30 - 00003484 _____ () C:\Users\Julez\Documents\cc_20141129_173038.reg 2014-11-27 20:32 - 2014-12-12 00:51 - 00667030 _____ () C:\Windows\WindowsUpdate.log 2014-11-24 15:20 - 2014-12-11 22:49 - 00110496 _____ () C:\Users\Julez\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL 2014-11-18 21:01 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-18 21:01 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-18 21:01 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-18 21:01 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-15 13:09 - 2014-11-15 13:09 - 00001928 _____ () C:\Users\Julez\Desktop\Launcher.exe - Verknüpfung.lnk 2014-11-13 21:08 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-13 21:08 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-13 21:08 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-13 21:08 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-13 21:08 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-13 21:08 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-13 21:08 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-13 21:08 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-13 21:08 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-13 21:08 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-13 21:08 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-13 21:08 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-13 21:08 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-13 21:08 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-13 21:08 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-13 21:08 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-13 21:08 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-13 21:08 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-13 21:08 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-13 21:08 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-13 21:08 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-13 21:08 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-13 21:08 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-13 21:08 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-13 21:08 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-13 21:08 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-13 21:08 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-13 21:08 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-13 21:08 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-13 21:08 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-13 21:08 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-13 21:08 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-13 21:08 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-13 21:08 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-13 21:08 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-13 21:08 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-13 21:08 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-13 21:08 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-13 21:08 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-13 21:08 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-13 21:08 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-13 21:08 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-13 21:08 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-13 21:07 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-13 21:07 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-13 21:07 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-13 21:07 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-13 21:07 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-13 21:07 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-13 21:07 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-13 21:07 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-13 21:07 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-13 21:07 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-13 21:07 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-13 21:07 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-13 21:07 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-13 21:07 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-13 21:07 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-13 21:07 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-13 21:07 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-13 21:07 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-13 21:07 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-13 21:07 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-13 21:07 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-13 21:07 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-13 21:05 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-13 21:05 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-13 21:05 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-13 21:05 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-13 21:05 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-13 21:05 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-13 21:05 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-13 21:05 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-13 21:05 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-13 21:05 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-13 21:05 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-13 21:05 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-13 21:05 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-13 21:05 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-13 21:05 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-13 21:05 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-13 21:05 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-13 21:05 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-13 21:05 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-13 21:05 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-13 21:04 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-13 21:04 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-13 21:04 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-13 21:04 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-13 21:04 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-13 21:04 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-13 21:04 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-13 21:04 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-13 21:04 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-13 21:04 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-13 21:04 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-13 21:04 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-13 21:04 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-12 23:16 - 2014-11-12 23:23 - 00000000 ____D () C:\Program Files (x86)\ Borderlands The Pre-Sequel 2014-11-12 23:01 - 2014-11-12 23:05 - 00000000 ____D () C:\Users\Julez\Desktop\Borderlands 3 2014-11-12 22:11 - 2014-11-12 22:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2014-11-12 22:11 - 2014-11-12 22:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf 2014-11-12 22:07 - 2014-11-12 22:09 - 00000000 ____D () C:\ProgramData\Bluetooth 2014-11-12 22:07 - 2014-11-12 22:07 - 00000000 ____D () C:\Users\Julez\Documents\Bluetooth 2014-11-12 22:02 - 2014-11-12 22:02 - 00000927 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk 2014-11-12 22:02 - 2014-11-12 22:02 - 00000000 ____D () C:\Users\Julez\AppData\Roaming\MotioninJoy 2014-11-12 22:02 - 2014-11-12 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy 2014-11-12 22:02 - 2014-11-12 22:02 - 00000000 ____D () C:\Program Files\MotioninJoy 2014-11-12 22:02 - 2012-05-12 12:31 - 00121416 _____ (MotioninJoy) C:\Windows\system32\Drivers\MijXfilt.sys 2014-11-12 22:02 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll 2014-11-12 22:02 - 2011-12-07 19:42 - 00074960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys 2014-11-12 21:53 - 2014-11-12 21:53 - 00000000 ____D () C:\Users\Julez\Desktop\MotioninJoy_071001_signed 2014-11-12 21:33 - 2014-11-12 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVT BlueSoleil 2014-11-12 21:31 - 2014-11-12 21:31 - 00000000 ____D () C:\Program Files (x86)\IVT Corporation 2014-11-12 21:31 - 2007-03-05 20:49 - 00047888 _____ (IVT Corporation.) C:\Windows\system32\Drivers\btcusb.sys 2014-11-12 21:31 - 2007-03-05 20:49 - 00016656 _____ (IVT Corporation.) C:\Windows\system32\btinstall.dll 2014-11-12 21:31 - 2007-03-05 20:48 - 00037648 _____ (IVT Corporation.) C:\Windows\system32\Drivers\BlueletSCOAudio.sys 2014-11-12 21:31 - 2007-03-05 20:47 - 00025360 _____ (IVT Corporation.) C:\Windows\system32\Drivers\BtNetDrv.sys 2014-11-12 21:31 - 2007-03-05 20:44 - 00023184 _____ (IVT Corporation.) C:\Windows\system32\Drivers\VHIDMini.sys 2014-11-12 21:31 - 2007-03-05 20:42 - 00049680 _____ (IVT Corporation.) C:\Windows\system32\Drivers\BTHidMgr.sys 2014-11-12 21:31 - 2007-03-05 20:41 - 00024976 _____ (IVT Corporation.) C:\Windows\system32\Drivers\VBTEnum.sys 2014-11-12 21:31 - 2007-03-05 20:39 - 00063248 _____ (IVT Corporation.) C:\Windows\system32\Drivers\VcommMgr.sys 2014-11-12 21:31 - 2007-03-05 20:38 - 00047120 _____ (IVT Corporation.) C:\Windows\system32\Drivers\VComm.sys 2014-11-12 21:31 - 2007-03-05 20:35 - 00037648 _____ (IVT Corporation.) C:\Windows\system32\Drivers\blueletaudio.sys 2014-11-12 21:31 - 2006-10-09 15:29 - 00032832 _____ () C:\Windows\system32\Drivers\BTNetFilter.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-12 01:36 - 2011-10-27 14:59 - 00000024 _____ () C:\Users\Julez\random.dat 2014-12-12 01:15 - 2014-01-06 00:27 - 00000024 _____ () C:\Users\Julez\jagexappletviewer.preferences 2014-12-12 01:14 - 2014-01-06 00:27 - 00000044 _____ () C:\Users\Julez\jagex_cl_runescape_LIVE.dat 2014-12-12 01:11 - 2014-06-02 13:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-12 00:53 - 2009-07-14 05:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-12 00:53 - 2009-07-14 05:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-12 00:48 - 2012-11-03 20:54 - 00003486 _____ () C:\Windows\System32\Tasks\AutoKMS 2014-12-12 00:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-12 00:47 - 2009-07-14 05:45 - 00413448 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-11 21:50 - 2011-10-27 18:05 - 00000000 ____D () C:\Users\Julez\AppData\Roaming\Skype 2014-12-11 21:47 - 2011-10-28 19:32 - 00000000 ____D () C:\Users\Julez\AppData\Roaming\DAEMON Tools Lite 2014-12-11 21:29 - 2014-06-01 16:42 - 00003852 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1401637322 2014-12-11 21:29 - 2014-06-01 16:42 - 00000000 ____D () C:\Program Files (x86)\Opera Next 2014-12-11 21:27 - 2012-10-09 20:14 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-12-11 21:26 - 2012-04-08 18:14 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-12-11 21:26 - 2012-03-22 20:39 - 00000000 ____D () C:\Users\Julez\AppData\Local\CrashDumps 2014-12-11 21:26 - 2012-02-09 21:23 - 00000000 ____D () C:\Users\Julez\AppData\Roaming\TeamViewer 2014-12-11 21:20 - 2012-01-04 02:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-12-11 21:20 - 2012-01-04 02:11 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-11 21:11 - 2013-11-17 21:54 - 00000000 ____D () C:\Users\Julez\AppData\Local\ 2014-12-11 21:10 - 2011-10-27 13:24 - 00000000 ____D () C:\Users\Julez 2014-12-11 21:08 - 2013-11-23 22:28 - 00000000 ____D () C:\Program Files (x86)\Call of Duty Modern Warfare 3 2014-12-11 20:56 - 2013-09-13 13:50 - 00000000 ____D () C:\Users\Julez\Desktop\Music September 13 2014-12-11 20:54 - 2012-01-14 16:54 - 00000000 ____D () C:\Users\Julez\Documents\My Games 2014-12-11 16:47 - 2011-11-13 17:57 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-11 16:34 - 2014-06-02 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-11 16:34 - 2014-06-02 13:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-11 16:34 - 2013-08-12 17:11 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-11 16:23 - 2012-07-08 13:47 - 00004096 _____ () C:\Users\Public\Documents\00002C14.LCS 2014-11-29 17:30 - 2012-02-05 18:13 - 00000000 ____D () C:\Users\Julez\AppData\Roaming\TS3Client 2014-11-27 20:30 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-24 14:40 - 2012-09-17 12:03 - 00000000 ____D () C:\Windows\Minidump 2014-11-21 06:14 - 2014-06-02 13:27 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-21 06:14 - 2014-06-02 13:27 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-21 06:14 - 2013-08-12 17:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-15 01:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-12 23:55 - 2013-11-22 19:21 - 00000000 ____D () C:\ProgramData\Steam 2014-11-12 23:04 - 2010-11-12 10:16 - 00711406 _____ () C:\Windows\system32\perfh007.dat 2014-11-12 23:04 - 2010-11-12 10:16 - 00155082 _____ () C:\Windows\system32\perfc007.dat 2014-11-12 23:04 - 2009-07-14 06:13 - 01654538 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-12 21:25 - 2013-10-01 20:53 - 00000000 ____D () C:\ProgramData\Norton Files to move or delete: ==================== C:\Users\Julez\exe.reg C:\Users\Julez\jagex_cl_runescape_LIVE.dat C:\Users\Julez\msvcp100.dll C:\Users\Julez\random.dat Some content of TEMP: ==================== C:\Users\Julez\AppData\Local\Temp\proxy_vole1728036472555462269.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-29 23:31 ==================== End Of Log ============================ --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2014 03 Ran by Julez at 2014-12-12 01:39:41 Running from C:\Users\Julez\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated) Adobe Reader 9.4.0 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.4.0 - Adobe Systems Incorporated) AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: - Gameforge) AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Battlefield 4 German Edition 1.0.1 (HKLM-x32\...\Battlefield 4 German Edition 1.0.1) (Version: - ) Battlefield 4 Update 1 (HKLM-x32\...\QmF0dGxlZmllbGQ0_is1) (Version: 1 - ) Bluesoleil3.2.1.2 Release 070314 (HKLM-x32\...\{AF98AF15-161E-42EC-9008-1CCF9BB83961}) (Version: 3.2.1.2 Release 070314 - IVT Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Borderlands 2 update 1.5 incl DLC (c) 2K Games version 1 (HKLM-x32\...\Qm9yZGVybGFuZHMgMiB1cGRhdGUgMS41IGluY2wgRExD_is1) (Version: 1 - ) Borderlands: The Pre-Sequel (HKLM-x32\...\Qm9yZGVybGFuZHNUaGVQcmVTZXF1ZWw=_is1) (Version: 1 - ) Call of Duty Ghosts (HKLM-x32\...\Q2FsbG9mRHV0eUdob3N0cw==_is1) (Version: 1 - ) CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation) Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve) Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd) DATA BECKER Rechnungsdruckerei 2012 (HKLM-x32\...\Rechnungsdruckerei 2012_is1) (Version: - DATA BECKER GmbH & Co. KG) Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform) DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Gameforge Live 2.0.1 "Baby Genius" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.1 - Gameforge) GameRanger (HKU\S-1-5-21-3380334380-2533475043-608586334-1000\...\GameRanger) (Version: - GameRanger Technologies) GameRanger (HKU\S-1-5-21-3380334380-2533475043-608586334-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GameRanger) (Version: - GameRanger Technologies) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation) iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.) Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.300 - Oracle) Java(TM) SE Development Kit 6 Update 25 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160250}) (Version: 1.6.0.250 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60830 (HKLM-x32\...\{c7ed0d4c-89c5-47fc-9e89-1088affe63f3}) (Version: 11.0.60830.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60830 (HKLM-x32\...\{9dba0447-b749-41ea-90bc-2aa19a9eb580}) (Version: 11.0.60830.0 - Microsoft Corporation) Middle Earth Shadow of Mordor (HKLM-x32\...\Middle Earth Shadow of Mordor_is1) (Version: - ) MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation) NVIDIA PhysX (HKLM-x32\...\{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}) (Version: 9.13.0725 - NVIDIA Corporation) Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA) Opera beta 27.0.1689.29 (HKLM-x32\...\Opera 27.0.1689.29) (Version: 27.0.1689.29 - Opera Software ASA) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.1 - Pando Networks Inc.) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-3380334380-2533475043-608586334-1000\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc) Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-3380334380-2533475043-608586334-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.47.714.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.) RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) System Requirements Lab for Intel (HKLM-x32\...\{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}) (Version: 4.5.11.0 - Husdawg, LLC) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.11.1 - TeamSpeak Systems GmbH) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.3020.2 - TuneUp Software) TuneUp Utilities 2013 (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.2030.5 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 13-11-2014 22:27:32 Windows Update 18-11-2014 22:20:53 Windows Update 29-11-2014 22:38:39 Geplanter Prüfpunkt 11-12-2014 15:37:27 Windows Update 11-12-2014 20:04:34 Removed BattleForge™ ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2013-08-30 15:42 - 00447822 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0DBD8CA1-B485-4F0A-AA71-6999F252ACFE} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09] (Sun Microsystems, Inc.) Task: {1D84A533-5972-43AD-9B74-307A23C35B63} - System32\Tasks\{0189890F-FEEB-4533-8656-B083A6BEC27C} => pcalua.exe -a "C:\Program Files (x86)\DriverTuner\download\1226ee9ef93db58cb3358747be6731e7\AMD_Catalyst_13.2_Beta\Bin\ATISetup.exe" -d "C:\Program Files (x86)\DriverTuner\download\1226ee9ef93db58cb3358747be6731e7\AMD_Catalyst_13.2_Beta\Bin" Task: {32803116-6DAD-48E5-835A-21A08FD1E837} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {3CEF78A8-77AD-4A1E-AAED-7031F08261D7} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21] (Adobe Systems Incorporated) Task: {42B05351-A14B-4418-9313-C6599375EB6B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation) Task: {4CBBB132-1529-44E6-92E0-AC77579F99E6} - System32\Tasks\{3B2B5574-8CCC-4FEE-ADA6-84B39F5E8B07} => pcalua.exe -a C:\Users\Julez\Desktop\GameRangerSetup.exe -d C:\Users\Julez\Desktop Task: {583867C2-B814-4886-B0D5-4B4C4490112D} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe Task: {785B8905-0C44-485D-BF65-6EC01C3F138B} - System32\Tasks\Opera scheduled Autoupdate 1401637322 => C:\Program Files (x86)\Opera Next\launcher.exe [2014-12-10] (Opera Software) Task: {7981849E-FB0D-40A7-9E05-8C962097BF2F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {87408FFC-93D6-451E-B178-796C655A571D} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-11-03] () Task: {8FBD9C9C-18EE-4306-9D54-8F6C03E83230} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-01-28] (TuneUp Software) Task: {CDCB66D9-5E25-47F5-BC65-7F51CE718B2F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {F949DEDE-8A11-41BC-87DA-7868EEAB792D} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMOJJMLMKJOMGMGMJJCNLMKJJMOJCNLMHMNJPMCNOJMMMMGMCNJJOMOJLMJJHMJJHMNMOJLJLMJNJICMIMCNHMCNLMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMOMNMNMJNHICMEKMICNJJCKJNBJCMJLNIOJBJFIGJMIJNKJCMJNNICMJNDJCMLJKJ" Task: {FE965C16-8DCD-42A1-B92F-75539C36D458} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd) Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe ==================== Loaded Modules (whitelisted) ============= 2013-02-24 22:11 - 2012-06-17 22:18 - 01202688 _____ () C:\Windows\system32\ac3filter64.acm 2011-10-28 19:28 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll 2013-11-08 20:40 - 2013-11-08 20:40 - 00107832 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-12-11 21:29 - 2014-12-10 09:31 - 00552056 _____ () C:\Program Files (x86)\Opera Next\27.0.1689.29\opera_crashreporter.exe 2013-10-08 18:47 - 2009-12-09 20:20 - 00126976 _____ () C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll 2014-10-26 18:57 - 2014-10-26 18:57 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\712c383e9837b8c37b3107f22be9455c\PSIClient.ni.dll 2014-12-11 21:29 - 2014-12-10 09:31 - 01408632 _____ () C:\Program Files (x86)\Opera Next\27.0.1689.29\libglesv2.dll 2014-12-11 21:29 - 2014-12-10 09:31 - 00219256 _____ () C:\Program Files (x86)\Opera Next\27.0.1689.29\libegl.dll 2014-12-11 21:29 - 2014-12-10 09:31 - 09508984 _____ () C:\Program Files (x86)\Opera Next\27.0.1689.29\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Bonjour Service => 3 MSCONFIG\Services: bthserv => 3 MSCONFIG\Services: DBService => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: SkypeUpdate => 3 MSCONFIG\Services: Start BT in service => 3 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: TuneUp.UtilitiesSvc => 3 MSCONFIG\Services: TunngleService => 3 MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup MSCONFIG\startupreg: KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: Launch SilverCrest STMS 2219 A1-K => C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\KbClient_FD2.exe MSCONFIG\startupreg: Launch SilverCrest STMS 2219 A1-M => C:\Program Files (x86)\SilverCrest STMS 2219 A1 Driver\MouClient_FD2.exe MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: RD2012Tray => "C:\Program Files (x86)\DATA BECKER\Rechnungsdruckerei 2012\dbrd2012tray.exe" MSCONFIG\startupreg: RoboForm => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent ========================= Accounts: ========================== Administrator (S-1-5-21-3380334380-2533475043-608586334-500 - Administrator - Disabled) ASPNET (S-1-5-21-3380334380-2533475043-608586334-1003 - Limited - Enabled) Gast (S-1-5-21-3380334380-2533475043-608586334-501 - Limited - Disabled) Julez (S-1-5-21-3380334380-2533475043-608586334-1000 - Administrator - Enabled) => C:\Users\Julez ==================== Faulty Device Manager Devices ============= Name: H:\ Description: Card Reader Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Multiple Service: WUDFRd Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: Realtek PCIe GBE Family Controller Description: Realtek PCIe GBE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8167 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (12/11/2014 04:44:07 PM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut. Kontext: Anwendung, SystemIndex Katalog Error: (11/29/2014 06:11:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: JagexLauncher.exe, Version: 0.0.0.0, Zeitstempel: 0x4ebd2441 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x73aacb49 ID des fehlerhaften Prozesses: 0xb30 Startzeit der fehlerhaften Anwendung: 0xJagexLauncher.exe0 Pfad der fehlerhaften Anwendung: JagexLauncher.exe1 Pfad des fehlerhaften Moduls: JagexLauncher.exe2 Berichtskennung: JagexLauncher.exe3 Error: (11/18/2014 11:14:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 9.4.0.195, Zeitstempel: 0x4c9b3e3c Name des fehlerhaften Moduls: AcroRd32.dll, Version: 9.4.0.195, Zeitstempel: 0x4c9b259e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00116773 ID des fehlerhaften Prozesses: 0x1290 Startzeit der fehlerhaften Anwendung: 0xAcroRd32.exe0 Pfad der fehlerhaften Anwendung: AcroRd32.exe1 Pfad des fehlerhaften Moduls: AcroRd32.exe2 Berichtskennung: AcroRd32.exe3 Error: (11/14/2014 09:46:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: BorderlandsPreSequel.exe, Version: 1.0.23714.23714, Zeitstempel: 0x543879bb Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86 Ausnahmecode: 0x00000001 Fehleroffset: 0x0000c42d ID des fehlerhaften Prozesses: 0x131c Startzeit der fehlerhaften Anwendung: 0xBorderlandsPreSequel.exe0 Pfad der fehlerhaften Anwendung: BorderlandsPreSequel.exe1 Pfad des fehlerhaften Moduls: BorderlandsPreSequel.exe2 Berichtskennung: BorderlandsPreSequel.exe3 Error: (11/13/2014 09:30:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: BorderlandsPreSequel.exe, Version: 1.0.23714.23714, Zeitstempel: 0x543879bb Name des fehlerhaften Moduls: XAudio2_7.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4c0641e5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x662ea5e0 ID des fehlerhaften Prozesses: 0xf70 Startzeit der fehlerhaften Anwendung: 0xBorderlandsPreSequel.exe0 Pfad der fehlerhaften Anwendung: BorderlandsPreSequel.exe1 Pfad des fehlerhaften Moduls: BorderlandsPreSequel.exe2 Berichtskennung: BorderlandsPreSequel.exe3 Error: (11/13/2014 09:25:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: BorderlandsPreSequel.exe, Version: 1.0.23714.23714, Zeitstempel: 0x543879bb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000222d2 ID des fehlerhaften Prozesses: 0x3d0 Startzeit der fehlerhaften Anwendung: 0xBorderlandsPreSequel.exe0 Pfad der fehlerhaften Anwendung: BorderlandsPreSequel.exe1 Pfad des fehlerhaften Moduls: BorderlandsPreSequel.exe2 Berichtskennung: BorderlandsPreSequel.exe3 Error: (11/13/2014 09:25:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: BorderlandsPreSequel.exe, Version: 1.0.23714.23714, Zeitstempel: 0x543879bb Name des fehlerhaften Moduls: BorderlandsPreSequel.exe, Version: 1.0.23714.23714, Zeitstempel: 0x543879bb Ausnahmecode: 0xc0000005 Fehleroffset: 0x0070892d ID des fehlerhaften Prozesses: 0x3d0 Startzeit der fehlerhaften Anwendung: 0xBorderlandsPreSequel.exe0 Pfad der fehlerhaften Anwendung: BorderlandsPreSequel.exe1 Pfad des fehlerhaften Moduls: BorderlandsPreSequel.exe2 Berichtskennung: BorderlandsPreSequel.exe3 Error: (11/13/2014 09:22:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: BorderlandsPreSequel.exe, Version: 1.0.23714.23714, Zeitstempel: 0x543879bb Name des fehlerhaften Moduls: BorderlandsPreSequel.exe, Version: 1.0.23714.23714, Zeitstempel: 0x543879bb Ausnahmecode: 0xc0000005 Fehleroffset: 0x0070892d ID des fehlerhaften Prozesses: 0x780 Startzeit der fehlerhaften Anwendung: 0xBorderlandsPreSequel.exe0 Pfad der fehlerhaften Anwendung: BorderlandsPreSequel.exe1 Pfad des fehlerhaften Moduls: BorderlandsPreSequel.exe2 Berichtskennung: BorderlandsPreSequel.exe3 Error: (11/13/2014 09:21:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: BorderlandsPreSequel.exe, Version: 1.0.23714.23714, Zeitstempel: 0x543879bb Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000222d2 ID des fehlerhaften Prozesses: 0x6d4 Startzeit der fehlerhaften Anwendung: 0xBorderlandsPreSequel.exe0 Pfad der fehlerhaften Anwendung: BorderlandsPreSequel.exe1 Pfad des fehlerhaften Moduls: BorderlandsPreSequel.exe2 Berichtskennung: BorderlandsPreSequel.exe3 Error: (11/13/2014 09:20:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: BorderlandsPreSequel.exe, Version: 1.0.23714.23714, Zeitstempel: 0x543879bb Name des fehlerhaften Moduls: BorderlandsPreSequel.exe, Version: 1.0.23714.23714, Zeitstempel: 0x543879bb Ausnahmecode: 0xc0000005 Fehleroffset: 0x0070892d ID des fehlerhaften Prozesses: 0x6d4 Startzeit der fehlerhaften Anwendung: 0xBorderlandsPreSequel.exe0 Pfad der fehlerhaften Anwendung: BorderlandsPreSequel.exe1 Pfad des fehlerhaften Moduls: BorderlandsPreSequel.exe2 Berichtskennung: BorderlandsPreSequel.exe3 System errors: ============= Error: (11/24/2014 02:31:08 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (11/24/2014 02:31:07 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (11/13/2014 09:11:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht. Error: (11/13/2014 08:38:57 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (11/13/2014 08:38:57 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (11/13/2014 02:00:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Update für Microsoft Office 2010 (KB2837602) 32-Bit-Edition Error: (11/13/2014 02:00:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3003743) Error: (11/13/2014 02:00:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Definitionsupdate für Microsoft Office 2010 (KB2899521) 32-Bit-Edition Error: (11/13/2014 02:00:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Update für Microsoft PowerPoint 2010 (KB2878251) 32-Bit-Edition Error: (11/13/2014 02:00:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer 11 für Windows 7 für x64-Systeme (KB3003057) Microsoft Office Sessions: ========================= Error: (12/11/2014 04:44:07 PM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Error: (11/29/2014 06:11:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: JagexLauncher.exe0.0.0.04ebd2441unknown0.0.0.000000000c000000573aacb49b3001d00bf4e8614245C:\Users\Julez\jagexcache\jagexlauncher\bin\JagexLauncher.exeunknownb14fd173-77ea-11e4-919a-001060efc789 Error: (11/18/2014 11:14:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: AcroRd32.exe9.4.0.1954c9b3e3cAcroRd32.dll9.4.0.1954c9b259ec000000500116773129001d0037cda218914C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exeC:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.dll3764b8e1-6f70-11e4-b2b8-001060efc789 Error: (11/14/2014 09:46:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: BorderlandsPreSequel.exe1.0.23714.23714543879bbKERNELBASE.dll6.1.7601.1840953159a86000000010000c42d131c01d0004c1dbe9f74C:\Program Files (x86)\ Borderlands The Pre-Sequel\Binaries\Win32\BorderlandsPreSequel.exeC:\Windows\syswow64\KERNELBASE.dll5e412286-6c3f-11e4-9d96-001060efc789 Error: (11/13/2014 09:30:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: BorderlandsPreSequel.exe1.0.23714.23714543879bbXAudio2_7.dll_unloaded0.0.0.04c0641e5c0000005662ea5e0f7001cfff80717c85e8C:\Program Files (x86)\ Borderlands The Pre-Sequel\Binaries\Win32\BorderlandsPreSequel.exeXAudio2_7.dlldedd2d74-6b73-11e4-ab49-001060efc789 Error: (11/13/2014 09:25:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: BorderlandsPreSequel.exe1.0.23714.23714543879bbntdll.dll6.1.7601.18247521ea8e7c0000005000222d23d001cfff7fa951a535C:\Program Files (x86)\ Borderlands The Pre-Sequel\Binaries\Win32\BorderlandsPreSequel.exeC:\Windows\SysWOW64\ntdll.dll39dba40c-6b73-11e4-ab49-001060efc789 Error: (11/13/2014 09:25:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: BorderlandsPreSequel.exe1.0.23714.23714543879bbBorderlandsPreSequel.exe1.0.23714.23714543879bbc00000050070892d3d001cfff7fa951a535C:\Program Files (x86)\ Borderlands The Pre-Sequel\Binaries\Win32\BorderlandsPreSequel.exeC:\Program Files (x86)\ Borderlands The Pre-Sequel\Binaries\Win32\BorderlandsPreSequel.exe2fd2fb60-6b73-11e4-ab49-001060efc789 Error: (11/13/2014 09:22:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: BorderlandsPreSequel.exe1.0.23714.23714543879bbBorderlandsPreSequel.exe1.0.23714.23714543879bbc00000050070892d78001cfff7f58c3b838C:\Program Files (x86)\ Borderlands The Pre-Sequel\Binaries\Win32\BorderlandsPreSequel.exeC:\Program Files (x86)\ Borderlands The Pre-Sequel\Binaries\Win32\BorderlandsPreSequel.exebcb0774b-6b72-11e4-ab49-001060efc789 Error: (11/13/2014 09:21:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: BorderlandsPreSequel.exe1.0.23714.23714543879bbntdll.dll6.1.7601.18247521ea8e7c0000005000222d26d401cfff7e588b33c2C:\Program Files (x86)\ Borderlands The Pre-Sequel\Binaries\Win32\BorderlandsPreSequel.exeC:\Windows\SysWOW64\ntdll.dll94b44f46-6b72-11e4-ab49-001060efc789 Error: (11/13/2014 09:20:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: BorderlandsPreSequel.exe1.0.23714.23714543879bbBorderlandsPreSequel.exe1.0.23714.23714543879bbc00000050070892d6d401cfff7e588b33c2C:\Program Files (x86)\ Borderlands The Pre-Sequel\Binaries\Win32\BorderlandsPreSequel.exeC:\Program Files (x86)\ Borderlands The Pre-Sequel\Binaries\Win32\BorderlandsPreSequel.exe79830127-6b72-11e4-ab49-001060efc789 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz Percentage of memory in use: 47% Total physical RAM: 4023.11 MB Available physical RAM: 2094.98 MB Total Pagefile: 10021.29 MB Available Pagefile: 7884.65 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:900.41 GB) (Free:487.85 GB) NTFS Drive d: (Recover) (Fixed) (Total:30 GB) (Free:10.74 GB) NTFS Drive e: (EMTEC BLUETOOTH) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS Drive f: (INTENSO) (Fixed) (Total:465.76 GB) (Free:102.13 GB) NTFS Drive g: (Middle Earth) (CDROM) (Total:34.53 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 230B5A24) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=900.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ======================================================== Disk: 1 (Size: 465.8 GB) (Disk ID: 26B1B77C) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Könntest du mir eventuell sagen, wo ich einstellen kann, dass ich Programme normal ausführen kann? Grad eben bei FRST (Ein Adminsymbol ist auf dem Programm) hieß, ich habe keinen Zugriff drauf und musste es dann mit Rechtsklick öffnen .. Und eventuell noch, mit welchem Programm, ich meine Treiber aktualisieren kann? |
12.12.2014, 20:13 | #4 | ||
/// the machine /// TB-Ausbilder | Svchost.exe verbraucht viel ArbeitsspeicherZitat:
Zitat:
ProcessExplorer als Ersatz für den Windows Taskmanager installieren Lade Dir den Process Explorer als Ersatz für den Taskmanager herunter und installiere ihn, hier findest Du eine Anleitung. Das ist ein wesentlich leistungsfähigerer Ersatz für den Windows-Taskmanager. Im Menü unter "Options" kannst Du den ProcessExplorer dauerhaft als Ersatz für den Taskmanager einrichten (Replace Taskmanager). Das ist sehr empfehlenswert, weil der ProcessExplorer erheblich mehr Funktionen als der Taskmanager hat. Wenn Du diese Einstellung gemacht hast, öffnet sich mit der Tastenkombination STRG + ALT + Entf. nicht mehr der Taskmanager, sondern der ProcessExplorer. Das kann jederzeit durch Abhaken dieser Einstellung wieder rückgängig gemacht werden. Was wir jetzt konkret brauchen: In jeder Zeile steht ein Prozess, ein paar der Zeilen sind keine richtigen Prozesse, sondern nur Pseudoprozesse für die Tätigkeit des Windos-Kernels. Im Menü View => Select Columns wird ein Dialog geöffnet, in dem Du auswählen kannst, welche Spalten mit Informationen zu den Prozessen angezeigt werden sollen. In dem gehe in das Register "Process Performance" und stelle sicher, dass dort "CPU Usage" angehakt ist, "CPU History" wäre ebenfalls sinnvoll. Unter "CPU Usage" wird der aktuelle Wert der Prozessorauslastung für jeden Prozess angezeigt (im Tabellentitel steht nur kurz "CPU"), "CPU History" blendet für jeden Prozess ein Diagramm ein, das eine Kurve mit der Prozessorauslastung für die letzte Zeit anzeigt. Damit sollte es Dir möglich sein, zu identifizieren, welcher Prozess Deine CPU in Trab hält. Mache einen Doppelklick auf den Prozess. Du kannst von dem ganzen auch einen Screenshot machen und ihn als Anhang mit Deiner Antwort hochladen (auf "Erweitert" unter dem Textfeld klicken und über "Anhänge verwalten" auf Deinem Rechner suchen lassen und über "Hochladen" anhängen).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
12.12.2014, 21:10 | #5 |
| Svchost.exe verbraucht viel Arbeitsspeicher Oki danke. :-) Hab das mit ProcessExplorer nun gemacht. Im Anhang ist nun mein Screenshot. "System Idle Process" verbraucht durchgängig ca. 96-97% CPU. Aber das müsste ja der Leerlaufprozess sein, das heißt, dass ca. 97% CPU Frei sind, oder? MBAM & Svchost verbrauchen extrem viel, meiner Meinung nach. Ebenso Opera (Ich weiß gar nicht, warum Opera öfter dort auftaucht, hab 1 mal Opera offen mit 2 Tabs..) Edit:: Bin auch grad dabei, paar Treiber zu laden und habe grad mal bei ProcessExplorer reingeschaut. Svchost verbraucht grad zwischen 400.000 - 950.000 Speicher.. Geändert von Julez010 (12.12.2014 um 21:20 Uhr) |
13.12.2014, 17:30 | #6 |
/// the machine /// TB-Ausbilder | Svchost.exe verbraucht viel Arbeitsspeicher CPU Last ist da keine. Pro Tab taucht ein Opera Prozess auf.
__________________ --> Svchost.exe verbraucht viel Arbeitsspeicher |
13.12.2014, 18:03 | #7 |
| Svchost.exe verbraucht viel Arbeitsspeicher Also ist alles in Ordnung? :-) |
14.12.2014, 12:41 | #8 |
/// the machine /// TB-Ausbilder | Svchost.exe verbraucht viel Arbeitsspeicher soweit ich das sehen kann ja
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.12.2014, 16:08 | #9 |
| Svchost.exe verbraucht viel Arbeitsspeicher Super, danke! |
14.12.2014, 23:35 | #10 |
/// the machine /// TB-Ausbilder | Svchost.exe verbraucht viel Arbeitsspeicher Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Svchost.exe verbraucht viel Arbeitsspeicher |
.exe, abend, arbeitsspeicher, arten, brauche, browser, extrem, fehlercode 0x00000001, fehlercode 0xc0000005, fehlercode 19, fehlercode 22, harkt, lange, langsam, melde, rechner, relativ, starte, starten, super, svchost.exe, verbraucht |