| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 8: .scr-Datei Download per Link über SteamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.01.2015, 17:32
| #1 |
 |  Windows 8: .scr-Datei Download per Link über Steam Hey Trojaner-Board Team! Gestern bekam ich von einem Freund von mir einen Link über Steam zugeschickt und dachte mir nichts böses, nach anklicken des Links begann allerdings sofort ein Download in meinem Browser, heruntergeladen wurde die Datei: "Screenshot_071" diese befindet sich immer noch auf meinem Rechner Ich habe den Rechner dann vom W-Lan getrennt. Habe hier jetzt noch die Logs: FRST Log: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Maximilian (administrator) on MAXIS-PC on 07-01-2015 16:42:19
Running from C:\Users\Maximilian\Desktop
Loaded Profile: Maximilian (Available profiles: Maximilian)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) D:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Maximilian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() D:\Programme\puush\puush.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(LOL Replay) D:\LOLReplay\LOLRecorder.exe
(ROCCAT GmbH) D:\Programm(x86)\ROCCAT\Isku Keyboard\IskuMonitor.exe
(ROCCAT GmbH Co., Ltd.) D:\Programm(x86)\ROCCAT\Talk\Roccat Talk.exe
(ROCCAT GmbH) D:\Programm(x86)\ROCCAT\Kone Pure\KonePureMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) D:\Program Files (x86)\PDF24\pdf24.exe
(Advanced Micro Devices Inc.) D:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) D:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [RoccatIsku] => D:\Programm(x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE [536576 2013-10-30] (ROCCAT GmbH)
HKLM-x32\...\Run: [RoccatKonePure] => D:\Programm(x86)\ROCCAT\Kone Pure\KonePureMonitor.EXE [561152 2013-10-22] (ROCCAT GmbH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] => D:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [StartCCC] => D:\Program Files\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKU\S-1-5-21-255192929-2864458584-2136872281-1001\...\Run: [GoogleChromeAutoLaunch_6EC6A5E07D40E919B614D70E465AAA4A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-255192929-2864458584-2136872281-1001\...\Run: [Spotify Web Helper] => C:\Users\Maximilian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-12] (Spotify Ltd)
HKU\S-1-5-21-255192929-2864458584-2136872281-1001\...\Run: [puush] => D:\Programme\puush\puush.exe [567880 2014-07-30] ()
HKU\S-1-5-21-255192929-2864458584-2136872281-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> D:\LOLReplay\LOLRecorder.exe (LOL Replay)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase6_17_erinnerung.lnk
ShortcutTarget: phase6_17_erinnerung.lnk -> D:\Program Files (x86)\phase6\phase6_17\WinStart\WinStart.exe (phase6)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Roccat Talk.lnk
ShortcutTarget: Roccat Talk.lnk -> C:\Windows\Installer\{605D671E-1D1E-4840-84D9-BFACE17F160D}\NewShortcut1_38373BA15BEE4DD08E16D3720C304537.exe (Flexera Software LLC)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Maximilian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Maximilian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Maximilian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Maximilian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Maximilian\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Maximilian\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Maximilian\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-255192929-2864458584-2136872281-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.de
SearchScopes: HKLM -> DefaultScope {9367127A-B854-46CE-BD8A-1247375B513E} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM -> {9367127A-B854-46CE-BD8A-1247375B513E} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-255192929-2864458584-2136872281-1001 -> DefaultScope {9367127A-B854-46CE-BD8A-1247375B513E} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-255192929-2864458584-2136872281-1001 -> {9367127A-B854-46CE-BD8A-1247375B513E} URL = hxxp://www.sm.de/?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-04]
Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-21]
CHR Extension: (Google Drive) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-21]
CHR Extension: (Google-Suche) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-21]
CHR Extension: (AdBlock) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-21]
CHR Extension: (Google Wallet) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-21]
CHR Extension: (Google Mail) - C:\Users\Maximilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; D:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-21] (Avast Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2014-08-29] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; D:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-21] ()
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-07-22] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-21] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-07 16:42 - 2015-01-07 16:42 - 00015262 _____ () C:\Users\Maximilian\Desktop\FRST.txt
2015-01-07 16:41 - 2015-01-07 16:42 - 00000000 ____D () C:\FRST
2015-01-07 16:41 - 2015-01-07 16:41 - 02124288 _____ (Farbar) C:\Users\Maximilian\Downloads\FRST64.exe
2015-01-07 16:41 - 2015-01-07 16:41 - 02124288 _____ (Farbar) C:\Users\Maximilian\Desktop\FRST64.exe
2015-01-07 16:40 - 2015-01-07 16:40 - 00000482 _____ () C:\Users\Maximilian\Desktop\defogger_disable.log
2015-01-07 16:40 - 2015-01-07 16:40 - 00000000 _____ () C:\Users\Maximilian\defogger_reenable
2015-01-07 16:39 - 2015-01-07 16:39 - 00050477 _____ () C:\Users\Maximilian\Downloads\Defogger.exe
2015-01-07 16:39 - 2015-01-07 16:39 - 00050477 _____ () C:\Users\Maximilian\Desktop\Defogger.exe
2015-01-06 20:33 - 2015-01-06 20:33 - 00068096 _____ (EasyAntiCheat Ltd) C:\Users\Maximilian\Downloads\Screenshot_071.scr
2015-01-05 15:36 - 2015-01-05 15:36 - 00000582 _____ () C:\Users\Maximilian\Desktop\Neues Textdokument.txt
2015-01-02 14:56 - 2015-01-02 14:57 - 00000000 ____D () C:\Users\Maximilian\AppData\Local\Skyrim
2015-01-01 14:56 - 2015-01-01 14:56 - 00000000 ____D () C:\Users\Maximilian\AppData\Local\Introversion
2014-12-31 23:11 - 2014-12-31 23:11 - 00000000 ____D () C:\Users\Maximilian\Documents\My Games
2014-12-31 20:29 - 2014-12-31 20:29 - 00000197 _____ () C:\WINDOWS\system32\2014-12-31-19-29-08.023-AvastVBoxSVC.exe-1844.log
2014-12-31 18:30 - 2014-12-31 18:30 - 01045496 _____ () C:\Users\Maximilian\Downloads\Far-Cry-3-Demo-lnstall.exe
2014-12-29 20:19 - 2014-12-29 20:19 - 07346943 _____ () C:\Users\Maximilian\Downloads\HemiHead426.zip
2014-12-29 20:16 - 2014-12-29 20:16 - 07358968 _____ () C:\Users\Maximilian\Downloads\Geforce.zip
2014-12-29 14:01 - 2014-12-29 14:06 - 190040291 _____ () C:\Users\Maximilian\Downloads\Beatmap Pack #385.rar
2014-12-29 11:06 - 2014-12-29 11:06 - 00000000 ____D () C:\ProgramData\ATI
2014-12-29 00:22 - 2014-12-29 00:22 - 00000000 ____D () C:\Users\Maximilian\AppData\Roaming\library_dir
2014-12-29 00:22 - 2014-12-29 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-12-29 00:21 - 2015-01-07 16:38 - 00000000 ____D () C:\Users\Maximilian\AppData\Roaming\Raptr
2014-12-29 00:21 - 2014-12-29 00:22 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-12-29 00:21 - 2014-12-29 00:21 - 00057374 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201412290021193760.log
2014-12-29 00:21 - 2014-12-29 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-29 00:21 - 2014-12-29 00:21 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-12-29 00:19 - 2014-12-29 00:20 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-12-29 00:10 - 2014-12-29 00:10 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\Maximilian\Downloads\autodetectutility.exe
2014-12-29 00:03 - 2014-12-29 00:03 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2014-12-28 21:31 - 2014-12-29 00:25 - 00000000 ____D () C:\Users\Maximilian\Documents\Euro Truck Simulator 2
2014-12-28 21:31 - 2014-12-28 21:35 - 00000000 ____D () C:\Users\Maximilian\Documents\ETS2MP
2014-12-28 17:41 - 2014-12-28 17:41 - 00000000 ____D () C:\ProgramData\LightScribe
2014-12-28 17:15 - 2014-12-28 17:15 - 00000890 _____ () C:\Users\Public\Desktop\Play Euro Truck Simulator 2 Multiplayer.lnk
2014-12-28 17:15 - 2014-12-28 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 Multiplayer
2014-12-28 16:59 - 2014-12-28 16:59 - 03853552 _____ () C:\Users\Maximilian\Downloads\ets2mp_client.zip
2014-12-28 16:22 - 2014-12-28 16:22 - 00000197 _____ () C:\WINDOWS\system32\2014-12-28-15-22-12.083-AvastVBoxSVC.exe-3104.log
2014-12-28 01:03 - 2014-12-28 01:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-12-28 01:00 - 2014-12-28 01:00 - 00000000 ____D () C:\Users\Maximilian\AppData\Roaming\3909
2014-12-27 20:57 - 2015-01-06 00:09 - 00000000 ____D () C:\Users\Maximilian\AppData\Local\Game Dev Tycoon - Steam
2014-12-26 14:45 - 2014-12-26 14:45 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2014-12-26 14:44 - 2014-12-26 14:45 - 07980403 _____ () C:\Users\Maximilian\Downloads\csgo settings.7z
2014-12-25 16:47 - 2014-12-25 16:47 - 00000197 _____ () C:\WINDOWS\system32\2014-12-25-15-47-43.083-AvastVBoxSVC.exe-2732.log
2014-12-25 16:43 - 2014-12-25 16:43 - 00000916 _____ () C:\Users\Public\Desktop\Leawo Blu-ray Player.lnk
2014-12-25 16:43 - 2014-12-25 16:43 - 00000000 ____D () C:\Users\Maximilian\AppData\Roaming\Leawo
2014-12-25 16:43 - 2014-12-25 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\leawo
2014-12-25 16:43 - 2014-12-25 16:43 - 00000000 ____D () C:\ProgramData\Leawo
2014-12-25 16:39 - 2014-12-25 16:40 - 38694632 _____ (leawo Software Co., Ltd. ) C:\Users\Maximilian\Downloads\blurayplayer_setup_g.exe
2014-12-25 16:23 - 2014-12-25 16:23 - 00000197 _____ () C:\WINDOWS\system32\2014-12-25-15-23-01.096-AvastVBoxSVC.exe-3056.log
2014-12-25 16:23 - 2014-12-25 16:23 - 00000000 ____D () C:\Users\Maximilian\Documents\CyberLink
2014-12-25 16:23 - 2014-12-25 16:23 - 00000000 ____D () C:\Users\Maximilian\AppData\Local\Power2Go
2014-12-25 16:20 - 2014-12-25 16:21 - 00000000 ____D () C:\Temp
2014-12-25 16:19 - 2014-12-25 16:46 - 00000000 _____ () C:\WINDOWS\lgfwup.ini
2014-12-25 16:19 - 2001-08-29 21:00 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wbemdisp.tlb
2014-12-25 16:19 - 1998-07-22 00:00 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Vb6stkit.dll
2014-12-25 16:19 - 1998-07-22 00:00 - 00102160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB6KO.DLL
2014-12-25 16:14 - 2014-12-25 16:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2014-12-25 16:14 - 2014-12-25 16:14 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2014-12-25 16:14 - 2014-12-25 16:14 - 00029480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll
2014-12-25 16:11 - 2014-12-25 16:23 - 00000000 ____D () C:\Users\Maximilian\AppData\Roaming\CyberLink
2014-12-25 16:11 - 2014-12-25 16:23 - 00000000 ____D () C:\Users\Maximilian\AppData\Local\Cyberlink
2014-12-25 16:09 - 2014-12-25 16:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2014-12-25 16:07 - 2014-12-25 16:41 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-25 16:06 - 2014-12-25 16:19 - 00000000 ____D () C:\ProgramData\Temp
2014-12-22 17:57 - 2014-12-22 17:57 - 14911608 _____ () C:\Users\Maximilian\Downloads\Professionelle_Websites.zip
2014-12-22 12:29 - 2014-12-22 12:29 - 02078158 _____ () C:\Users\Maximilian\Downloads\08.wmv
2014-12-21 20:26 - 2014-12-21 20:26 - 00000000 ____D () C:\Users\Maximilian\AppData\Roaming\Ubisoft
2014-12-21 20:26 - 2014-12-21 20:26 - 00000000 ____D () C:\ProgramData\Ubisoft
2014-12-21 11:47 - 2014-12-21 11:47 - 00279704 _____ () C:\WINDOWS\Minidump\122114-7843-01.dmp
2014-12-21 11:47 - 2014-12-21 11:47 - 00000197 _____ () C:\WINDOWS\system32\2014-12-21-10-47-22.080-AvastVBoxSVC.exe-2912.log
2014-12-20 19:01 - 2014-12-20 19:01 - 00000197 _____ () C:\WINDOWS\system32\2014-12-20-18-01-00.002-AvastVBoxSVC.exe-2896.log
2014-12-20 12:20 - 2014-12-20 12:22 - 00000000 ____D () C:\Users\Maximilian\AppData\Roaming\Notepad++
2014-12-20 12:20 - 2014-12-20 12:20 - 00000000 ____D () C:\Users\Maximilian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-12-20 12:20 - 2014-12-20 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-12-20 12:19 - 2014-12-20 12:19 - 07944971 _____ () C:\Users\Maximilian\Downloads\npp.6.7.Installer.exe
2014-12-19 20:02 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-19 20:02 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-19 19:30 - 2014-12-19 19:30 - 00866373 _____ () C:\Users\Maximilian\Downloads\OptiFine_1.8.1_HD_U_B4.jar
2014-12-19 15:34 - 2014-12-19 15:34 - 00005056 _____ () C:\Users\Maximilian\Downloads\bibanator config Dezember 2014.rar
2014-12-16 16:23 - 2014-12-18 20:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-13 19:14 - 2014-12-13 19:14 - 00000000 ____D () C:\Users\Maximilian\AppData\Roaming\AMD
2014-12-13 16:38 - 2014-12-13 16:38 - 01765113 _____ () C:\Users\Maximilian\Downloads\map aura.rar
2014-12-11 20:35 - 2014-12-11 20:36 - 49268534 _____ () C:\Users\Maximilian\Downloads\LIFE 128x (Vers. 81).zip
2014-12-11 14:21 - 2014-12-11 14:21 - 00000247 _____ () C:\WINDOWS\system32\2014-12-11-13-21-52.003-aswFe.exe-3780.log
2014-12-11 14:19 - 2014-12-11 14:21 - 00000247 _____ () C:\WINDOWS\system32\2014-12-11-13-19-25.014-aswFe.exe-3980.log
2014-12-11 14:17 - 2014-12-11 14:18 - 00000247 _____ () C:\WINDOWS\system32\2014-12-11-13-17-44.051-aswFe.exe-3612.log
2014-12-11 14:17 - 2014-12-11 14:17 - 00000197 _____ () C:\WINDOWS\system32\2014-12-11-13-17-42.037-AvastVBoxSVC.exe-2396.log
2014-12-11 14:11 - 2014-12-11 14:11 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox
2014-12-11 14:11 - 2014-12-11 14:11 - 00000000 ____D () C:\WINDOWS\system32\vbox
2014-12-10 17:37 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-10 17:37 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 17:37 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-10 17:37 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-10 17:24 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 17:24 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-10 17:24 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 17:24 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-10 17:24 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 17:24 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-10 17:24 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 17:24 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 17:24 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 17:24 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-10 17:24 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-10 17:24 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-10 17:24 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-10 17:24 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-10 17:24 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 17:24 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-10 17:24 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-10 17:24 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-10 17:24 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-10 17:24 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 17:24 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 17:24 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 17:24 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 17:24 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 17:24 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-10 17:24 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-10 17:24 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 17:24 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-10 17:24 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 17:24 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-10 17:24 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-10 17:24 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-10 17:24 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 17:24 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 17:24 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 17:24 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 17:24 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 17:24 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 17:24 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-10 17:24 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 17:24 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-10 17:24 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-10 17:24 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-10 17:24 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-10 17:24 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-10 17:24 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-10 17:24 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-07 16:40 - 2014-07-22 16:51 - 00000000 ____D () C:\Users\Maximilian
2015-01-07 16:40 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-07 16:39 - 2014-07-22 16:54 - 01768910 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-07 16:37 - 2014-08-25 16:19 - 00000000 ____D () C:\Users\Public\Documents\phase6_17_Daten
2015-01-07 16:37 - 2014-07-22 18:01 - 00000000 __RDO () C:\Users\Maximilian\OneDrive
2015-01-07 16:37 - 2014-07-21 19:40 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-06 22:26 - 2014-07-21 19:48 - 00000000 ____D () C:\Users\Maximilian\AppData\Roaming\Spotify
2015-01-06 21:47 - 2014-07-21 19:40 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-06 20:27 - 2014-07-23 19:11 - 00000000 ____D () C:\Users\Maximilian\AppData\Roaming\TS3Client
2015-01-06 20:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-06 10:29 - 2014-07-21 19:43 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-255192929-2864458584-2136872281-1001
2015-01-02 22:54 - 2014-07-21 19:49 - 00000000 ____D () C:\Users\Maximilian\AppData\Local\Spotify
2015-01-02 20:52 - 2014-03-18 11:04 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-02 20:52 - 2014-03-18 10:25 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-02 20:52 - 2014-03-18 10:25 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-02 17:31 - 2014-07-21 19:36 - 00000000 ____D () C:\Users\Maximilian\AppData\Local\VirtualStore
2015-01-02 17:29 - 2014-08-19 19:15 - 00000000 ____D () C:\Users\Maximilian\Desktop\Neuer Ordner
2015-01-02 15:14 - 2014-07-23 11:44 - 00369803 _____ () C:\WINDOWS\DirectX.log
2015-01-01 17:07 - 2014-07-21 20:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-31 20:28 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-29 00:25 - 2014-09-10 06:27 - 00000000 ____D () C:\Users\Maximilian\AppData\Roaming\Guild Wars 2
2014-12-29 00:25 - 2014-08-09 16:50 - 00000000 ____D () C:\Users\Maximilian\Documents\Assassin's Creed IV Black Flag
2014-12-29 00:21 - 2014-07-22 18:09 - 00000000 ____D () C:\ProgramData\AMD
2014-12-29 00:20 - 2014-10-24 23:09 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-12-29 00:20 - 2013-08-22 15:46 - 00300125 _____ () C:\WINDOWS\setupact.log
2014-12-29 00:16 - 2014-07-22 18:08 - 00000000 ____D () C:\AMD
2014-12-29 00:03 - 2014-10-24 22:52 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-12-28 16:21 - 2013-08-22 15:44 - 00420824 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-28 04:48 - 2014-08-19 06:00 - 00000000 ____D () C:\Users\Maximilian\AppData\Roaming\.minecraft
2014-12-25 16:50 - 2014-09-29 15:56 - 00000000 ____D () C:\Users\Maximilian\AppData\Roaming\dvdcss
2014-12-25 16:45 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-25 16:14 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated
2014-12-21 11:47 - 2014-08-15 16:39 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-20 18:58 - 2014-07-21 19:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-20 18:58 - 2014-03-18 02:51 - 00578224 _____ () C:\WINDOWS\PFRO.log
2014-12-19 21:42 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-18 20:27 - 2014-08-06 13:49 - 00000622 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-18 20:26 - 2014-09-04 13:35 - 00000000 ____D () C:\Users\Maximilian\Documents\Visual Studio 2012
2014-12-18 20:26 - 2014-07-21 19:44 - 00002110 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-12-18 20:26 - 2014-07-21 19:44 - 00002098 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-12-18 19:05 - 2014-07-23 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-12-17 21:16 - 2014-07-21 19:44 - 00000000 ____D () C:\Users\Maximilian\AppData\Local\Thunderbird
2014-12-17 19:25 - 2014-07-22 18:09 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-13 13:39 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-11 20:04 - 2014-08-17 13:19 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 14:49 - 2014-07-21 19:41 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-10 21:13 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-10 17:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-10 17:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-10 17:41 - 2014-07-21 20:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-10 17:39 - 2014-07-21 20:58 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-10 17:26 - 2014-08-10 15:31 - 00000000 ____D () C:\Users\Maximilian\AppData\Local\Battle.net
Some content of TEMP:
====================
C:\Users\Maximilian\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win8.1-64bit.exe
C:\Users\Maximilian\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Maximilian\AppData\Local\Temp\comver.dll
C:\Users\Maximilian\AppData\Local\Temp\drm_dyndata.dll
C:\Users\Maximilian\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Maximilian\AppData\Local\Temp\Execute2App.exe
C:\Users\Maximilian\AppData\Local\Temp\FreeAudioConverter.exe
C:\Users\Maximilian\AppData\Local\Temp\Gw2.exe
C:\Users\Maximilian\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Maximilian\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Maximilian\AppData\Local\Temp\raptrpatch.exe
C:\Users\Maximilian\AppData\Local\Temp\raptr_stub.exe
C:\Users\Maximilian\AppData\Local\Temp\sqlite3.exe
C:\Users\Maximilian\AppData\Local\Temp\SRLDetectionLibrary7860125379099896725.dll
C:\Users\Maximilian\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-05 11:14
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Maximilian at 2015-01-07 16:43:00
Running from C:\Users\Maximilian\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: - Gameforge)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version: - Trion Worlds, Inc.)
Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version: - Ubisoft Montreal)
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version: - Ubisoft)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.5.2014 - Georgy Berdyshev)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriverAgent by eSupport.com (HKLM-x32\...\DriverAgent_is1) (Version: - Copyright © 2013 eSupport.com, Inc • All Rights Reserved)
Dropbox (HKU\S-1-5-21-255192929-2864458584-2136872281-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Entity Framework Designer für Visual Studio 2012 - DEU (HKLM-x32\...\{B2BDC072-BE01-432D-B281-30891D597FBB}) (Version: 11.1.30729.00 - Microsoft Corporation)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{70D065C3-77E5-45E9-A75C-EEB2E84EA869}) (Version: 11.0.2100.60 - Microsoft Corporation)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software)
Euro Truck Simulator 2 Multiplayer 0.1.2 R2 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.1.2 R2 Alpha - ETS2MP Team)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Audio Converter version 5.0.52.1122 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.52.1122 - DVDVideoSoft Ltd.)
FSX - Dassault Mirage 2000N (HKLM-x32\...\FSX - Dassault Mirage 2000N_is1) (Version: - Danny Garnier)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games)
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Half-Life Dedicated Server Update Tool (HKLM-x32\...\Half-Life Dedicated Server Update Tool) (Version: - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Leawo Blu-ray Player version 1.8.0.4 (HKLM-x32\...\{CF7F52BF-DEE0-44CD-A7E1-AADD5CCECCDD}_is1) (Version: 1.8.0.4 - leawo Software)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
LibreOffice 4.2.7.2 (HKLM-x32\...\{A313C39F-79A7-408B-97EE-8F958407D694}) (Version: 4.2.7.2 - The Document Foundation)
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.9 - www.leaguereplays.com)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{98B45D1C-6EB1-460D-A87D-2B60678DC105}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{EF18EF0F-96D3-4A6B-9600-2197F1720A15}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{28C7A4BB-3966-4373-8376-C11F38290630}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20828.01) (HKLM-x32\...\{E511AE89-54BB-481D-BC4A-1B1F1E1B7693}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20828.01) (HKLM-x32\...\{00C84D22-DB8F-4159-BF70-682B8EA56A1E}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 für Windows Desktop - DEU (HKLM-x32\...\{69ec32be-d994-44de-9eae-6d86ced6f352}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{e57f95e3-88d0-4d98-a831-dc312b084fc6}) (Version: latest - ppy Pty Ltd)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
phase-6 Feeding Tool 1.1.6 (HKLM-x32\...\phase-6 Feeding Tool) (Version: 1.1.6 - phase-6)
phase6_17 (HKLM-x32\...\{EFFE151C-F863-4B1E-9E22-3C1369B4C690}) (Version: 1.70.0000 - phase6)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Raptr (HKLM-x32\...\Raptr) (Version: - )
ROCCAT Isku Keyboard Driver (HKLM-x32\...\{4ABAF918-A6BD-43D8-AE0B-5292034B14CB}) (Version: - Roccat GmbH)
ROCCAT Kone Pure Mouse Driver (HKLM-x32\...\{4905245D-56E7-4176-BE68-962728B803D6}) (Version: - Roccat GmbH)
Roccat Talk (HKLM-x32\...\{605D671E-1D1E-4840-84D9-BFACE17F160D}) (Version: 1.00.0004 - Roccat GmbH)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion)
Spotify (HKU\S-1-5-21-255192929-2864458584-2136872281-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
System Requirements Lab CYRI (HKLM-x32\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{0F7A3A0A-0E30-4B9C-99AB-B991E1382769}) (Version: 2.2.1.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
To the Moon (HKLM-x32\...\Steam App 206440) (Version: - Freebird Games)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
Visual Studio 2012 Update 4 (KB2707250) (HKLM-x32\...\{312d9252-c71c-4c84-b171-f4ad46e22098}) (Version: 11.0.61030 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-255192929-2864458584-2136872281-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Maximilian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-255192929-2864458584-2136872281-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Maximilian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-255192929-2864458584-2136872281-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Maximilian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-255192929-2864458584-2136872281-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Maximilian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-255192929-2864458584-2136872281-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Maximilian\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
21-12-2014 20:24:21 DirectX wurde installiert
25-12-2014 16:06:17 Installiert Suite
29-12-2014 00:18:18 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
01-01-2015 17:15:00 DirectX wurde installiert
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {15B4ABD5-3B2E-4952-8C94-62939E19C152} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {25359E8F-54C0-4001-9EB2-2AB49AA7B296} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-21] (AVAST Software)
Task: {88C95C5A-CDD2-44E5-8BC3-39AF5E00B00F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-21] (Google Inc.)
Task: {9C3C677B-BFD5-4D5E-BE4F-8D46753B811E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-21] (Google Inc.)
Task: {E1D50D70-ABC0-4E57-8F0D-149E30B65797} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {F3739E6B-0414-4376-AAD0-B773CA555887} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-255192929-2864458584-2136872281-1001
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-08-05 13:19 - 2014-08-05 13:19 - 00034304 _____ () C:\WINDOWS\System32\sst6clm.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () D:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () D:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () D:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00127488 _____ () D:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-08-06 17:28 - 2014-08-29 22:04 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-11-21 15:10 - 2014-11-21 15:10 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-21 15:10 - 2014-11-21 15:10 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-07-30 10:50 - 2014-07-30 10:50 - 00567880 _____ () D:\Programme\puush\puush.exe
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () D:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-12-31 15:35 - 2014-12-31 15:35 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14123100\algo.dll
2014-11-21 15:10 - 2014-11-21 15:10 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-12-31 20:29 - 2014-12-31 20:29 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14123101\algo.dll
2015-01-06 10:31 - 2015-01-06 10:31 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010600\algo.dll
2015-01-07 16:41 - 2015-01-07 16:41 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010700\algo.dll
2014-12-11 14:49 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-11 14:49 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-11 14:49 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-11 14:49 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-07-18 09:29 - 2014-07-18 09:29 - 00420352 _____ () D:\LOLReplay\LOLUtils.dll
2014-07-21 20:36 - 2010-11-04 10:48 - 00061440 _____ () D:\Programm(x86)\ROCCAT\Isku Keyboard\hiddriver.dll
2014-07-21 20:37 - 2012-06-23 13:54 - 00061440 _____ () D:\Programm(x86)\ROCCAT\Kone Pure\hiddriver.dll
2014-11-21 15:10 - 2014-11-21 15:10 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2014-08-14 01:37 - 2014-08-14 01:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-14 01:37 - 2014-08-14 01:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-21 01:05 - 2013-11-21 01:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 01:56 - 2014-06-18 01:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Maximilian\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-255192929-2864458584-2136872281-500 - Administrator - Disabled)
Gast (S-1-5-21-255192929-2864458584-2136872281-501 - Limited - Disabled)
Maximilian (S-1-5-21-255192929-2864458584-2136872281-1001 - Administrator - Enabled) => C:\Users\Maximilian
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/04/2015 01:38:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm AION.bin, Version 4514.319.722.8332 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 14ec
Startzeit: 01d0281b4de52983
Endzeit: 2
Anwendungspfad: D:\Programm(x86)\GameforgeLive\Games\DEU_deu\AION\Download\bin32\AION.bin
Berichts-ID: a3cec208-940e-11e4-be8b-0026833a0b80
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (01/03/2015 09:47:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm AION.bin, Version 4514.319.722.8332 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 9b8
Startzeit: 01d02796678b1359
Endzeit: 8
Anwendungspfad: D:\Programm(x86)\GameforgeLive\Games\DEU_deu\AION\Download\bin32\AION.bin
Berichts-ID: c6f1f5a1-9389-11e4-be8b-0026833a0b80
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (01/01/2015 05:19:03 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database
Error: (12/29/2014 00:18:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0dcc
Name des fehlerhaften Moduls: clr.dll, Version: 4.0.30319.34014, Zeitstempel: 0x52e0b86c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000039f0
ID des fehlerhaften Prozesses: 0x17c4
Startzeit der fehlerhaften Anwendung: 0xCCC.exe0
Pfad der fehlerhaften Anwendung: CCC.exe1
Pfad des fehlerhaften Moduls: CCC.exe2
Berichtskennung: CCC.exe3
Vollständiger Name des fehlerhaften Pakets: CCC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CCC.exe5
Error: (12/29/2014 00:18:54 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Anwendung: CCC.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines internen Fehlers in der .NET-Laufzeit beendet. bei IP 00007FFE8A5C39F0 (00007FFE8A5C0000) mit Exitcode 80131506.
Error: (12/28/2014 04:22:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0dcc
Name des fehlerhaften Moduls: amdmantle64.dll, Version: 9.1.10.34, Zeitstempel: 0x5417637b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000040cfa6
ID des fehlerhaften Prozesses: 0x17c4
Startzeit der fehlerhaften Anwendung: 0xCCC.exe0
Pfad der fehlerhaften Anwendung: CCC.exe1
Pfad des fehlerhaften Moduls: CCC.exe2
Berichtskennung: CCC.exe3
Vollständiger Name des fehlerhaften Pakets: CCC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CCC.exe5
Error: (12/28/2014 01:09:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: age2_x1.Exe, Version: 0.7.26.809, Zeitstempel: 0x3b7433ec
Name des fehlerhaften Moduls: TAPI32.dll_unloaded, Version: 6.3.9600.16384, Zeitstempel: 0x521588a2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000251c2
ID des fehlerhaften Prozesses: 0x1b08
Startzeit der fehlerhaften Anwendung: 0xage2_x1.Exe0
Pfad der fehlerhaften Anwendung: age2_x1.Exe1
Pfad des fehlerhaften Moduls: age2_x1.Exe2
Berichtskennung: age2_x1.Exe3
Vollständiger Name des fehlerhaften Pakets: age2_x1.Exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: age2_x1.Exe5
Error: (12/28/2014 01:06:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0dcc
Name des fehlerhaften Moduls: amdmantle64.dll, Version: 9.1.10.34, Zeitstempel: 0x5417637b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000040cfa6
ID des fehlerhaften Prozesses: 0xca0
Startzeit der fehlerhaften Anwendung: 0xCCC.exe0
Pfad der fehlerhaften Anwendung: CCC.exe1
Pfad des fehlerhaften Moduls: CCC.exe2
Berichtskennung: CCC.exe3
Vollständiger Name des fehlerhaften Pakets: CCC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CCC.exe5
Error: (12/27/2014 06:13:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0dcc
Name des fehlerhaften Moduls: amdmantle64.dll, Version: 9.1.10.34, Zeitstempel: 0x5417637b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000040cfa6
ID des fehlerhaften Prozesses: 0x1350
Startzeit der fehlerhaften Anwendung: 0xCCC.exe0
Pfad der fehlerhaften Anwendung: CCC.exe1
Pfad des fehlerhaften Moduls: CCC.exe2
Berichtskennung: CCC.exe3
Vollständiger Name des fehlerhaften Pakets: CCC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CCC.exe5
Error: (12/27/2014 03:33:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0dcc
Name des fehlerhaften Moduls: amdmantle64.dll, Version: 9.1.10.34, Zeitstempel: 0x5417637b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000040cfa6
ID des fehlerhaften Prozesses: 0x198c
Startzeit der fehlerhaften Anwendung: 0xCCC.exe0
Pfad der fehlerhaften Anwendung: CCC.exe1
Pfad des fehlerhaften Moduls: CCC.exe2
Berichtskennung: CCC.exe3
Vollständiger Name des fehlerhaften Pakets: CCC.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CCC.exe5
System errors:
=============
Error: (01/06/2015 10:27:09 PM) (Source: DCOM) (EventID: 10010) (User: MAXIS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (01/06/2015 10:27:09 PM) (Source: DCOM) (EventID: 10010) (User: MAXIS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (01/06/2015 00:10:11 AM) (Source: DCOM) (EventID: 10010) (User: MAXIS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (01/06/2015 00:10:11 AM) (Source: DCOM) (EventID: 10010) (User: MAXIS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (01/06/2015 00:10:11 AM) (Source: DCOM) (EventID: 10010) (User: MAXIS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (01/06/2015 00:10:11 AM) (Source: DCOM) (EventID: 10010) (User: MAXIS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (01/04/2015 11:36:48 PM) (Source: DCOM) (EventID: 10010) (User: MAXIS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (01/04/2015 11:36:48 PM) (Source: DCOM) (EventID: 10010) (User: MAXIS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (01/04/2015 05:06:20 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LAPTOP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{989B0D8E-0D60-4B1C-84A2-9CA9E85CBF8A}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/04/2015 00:31:20 AM) (Source: DCOM) (EventID: 10010) (User: MAXIS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Microsoft Office Sessions:
=========================
Error: (01/04/2015 01:38:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AION.bin4514.319.722.833214ec01d0281b4de529832D:\Programm(x86)\GameforgeLive\Games\DEU_deu\AION\Download\bin32\AION.bina3cec208-940e-11e4-be8b-0026833a0b80
Error: (01/03/2015 09:47:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AION.bin4514.319.722.83329b801d02796678b13598D:\Programm(x86)\GameforgeLive\Games\DEU_deu\AION\Download\bin32\AION.binc6f1f5a1-9389-11e4-be8b-0026833a0b80
Error: (01/01/2015 05:19:03 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883
Error: (12/29/2014 00:18:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccclr.dll4.0.30319.3401452e0b86cc000000500000000000039f017c401d022b21e805dbcC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dlle4502bd2-8ee7-11e4-be8a-0026833a0b80
Error: (12/29/2014 00:18:54 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Anwendung: CCC.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines internen Fehlers in der .NET-Laufzeit beendet. bei IP 00007FFE8A5C39F0 (00007FFE8A5C0000) mit Exitcode 80131506.
Error: (12/28/2014 04:22:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa617c401d022b21e805dbcC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\SYSTEM32\amdmantle64.dll5faf631d-8ea5-11e4-be8a-0026833a0b80
Error: (12/28/2014 01:09:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: age2_x1.Exe0.7.26.8093b7433ecTAPI32.dll_unloaded6.3.9600.16384521588a2c0000005000251c21b0801d022325aeee7c6D:\Program Files (x86)\Age2_X1\age2_x1.ExeTAPI32.dlld5ba3370-8e25-11e4-be89-0026833a0b80
Error: (12/28/2014 01:06:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6ca001d0223219b49902C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\SYSTEM32\amdmantle64.dll5ab64e02-8e25-11e4-be89-0026833a0b80
Error: (12/27/2014 06:13:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6135001d021f85d6f1591C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\SYSTEM32\amdmantle64.dll9dcac443-8deb-11e4-be89-0026833a0b80
Error: (12/27/2014 03:33:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6198c01d021e219751086C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\SYSTEM32\amdmantle64.dll5a3efe21-8dd5-11e4-be89-0026833a0b80
==================== Memory info ===========================
Processor: AMD A8-3870 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 26%
Total physical RAM: 8169.33 MB
Available physical RAM: 6002.19 MB
Total Pagefile: 16361.33 MB
Available Pagefile: 13870.88 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:59.62 GB) (Free:7.1 GB) NTFS
Drive d: () (Fixed) (Total:465.66 GB) (Free:228.36 GB) NTFS
Drive e: (SHERLOCK STAFFEL 3 DISK 1) (CDROM) (Total:43.89 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B17F5FA2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 59.6 GB) (Disk ID: 2C2E3B23)
Partition 1: (Not Active) - (Size=59.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:40 on 07/01/2015 (Maximilian)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-07 17:12:06
Windows 6.2.9200 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-4 SanDisk_SDSSDP064G rev.1.0.0 59,63GB
Running: Gmer-19357.exe; Driver: C:\Users\MAXIMI~1\AppData\Local\Temp\kglcypod.sys
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\atieclxx.exe[8032] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffae2d5169a 4 bytes [D5, E2, FA, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[8032] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffae2d516a2 4 bytes [D5, E2, FA, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[8032] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffae2d5181a 4 bytes [D5, E2, FA, 7F]
.text C:\WINDOWS\system32\atieclxx.exe[8032] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffae2d51832 4 bytes [D5, E2, FA, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [3152:6068] fffff9600083cb90
---- Processes - GMER 2.1 ----
Library C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c\LibWrap.dll (*** suspicious ***) @ C:\WINDOWS\syswow64\wwahost.exe [8184] (Microsoft Skype/Microsoft Corporation)(2014-12-14 11:17:16) 00000000662c0000
Library C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c\Microsoft.PerfTrack.dll (*** suspicious ***) @ C:\WINDOWS\syswow64\wwahost.exe [8184] (Microsoft.PerfTrack.dll/Microsoft Corporation)(2014-03-18 09:48:21) 00000000600c0000
Library C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c\MicrosoftAdvertising.dll (*** suspicious ***) @ C:\WINDOWS\syswow64\wwahost.exe [8184] (Microsoft Advertising Native SDK for Windows 8/Microsoft Corporation)(2014-03-18 09:48:21) 000000005baa0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\GSM4B70268853_02_07D8_76^DB0BFDCDEFF71A145EE8A336C1C7BB38@Timestamp 0x03 0xA6 0x1C 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1136430261
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 14941
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 18982
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeBootMgrTime 307
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppTime 606
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppStartTimestamp 15251
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeLibraryInitTime 43
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeInitTime 17
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime 544
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeRestoreImageStartTimestamp 15312
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeIoTime 331
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime 192
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp 15857
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 16526
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 17548
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime 16526
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 18835
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime 24140
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime 9
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberSharedBufferTime 2
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime 27389
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeHiberFileTime 1011
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeSharedBufferTime 6
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 1259
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed 252871
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten 0xE0 0x59 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed 33202
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten 0x06 0x4B 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberWriteRate 17
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberCompressRate 42
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeReadRate 315
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressRate 139
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeIoCpuTime 408
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime 19601
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HybridBootAnimationTime 1047
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0xA7 0x9D 0x69 0x1C ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0026833a0b80
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{FDF5E9A3-E534-42E6-950A-DF0B0975400A}@DefunctTimestamp 0xBE 0x38 0xAC 0x54 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\7c-4f-b5-96-66-2c@AddressCreationTimestamp 0xEF 0xC2 0xBC 0x0A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\7c-4f-b5-96-66-2c@TeredoAddress 2001:0:9d38:90d7:28f0:212:a226:9b5d
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 3564
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 1767
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{989B0D8E-0D60-4B1C-84A2-9CA9E85CBF8A}@LeaseObtainedTime 1420571117
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{989B0D8E-0D60-4B1C-84A2-9CA9E85CBF8A}@T1 1421478317
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{989B0D8E-0D60-4B1C-84A2-9CA9E85CBF8A}@T2 1422158717
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{989B0D8E-0D60-4B1C-84A2-9CA9E85CBF8A}@LeaseTerminatesTime 1422385517
Reg HKLM\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters\Interfaces\{989B0D8E-0D60-4B1C-84A2-9CA9E85CBF8A}@Dhcpv6InformationObtainedTime 1420571120
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{79fb8d99-11b7-11e4-824f-806e6f6e6963}\Current Media
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{79fb8d99-11b7-11e4-824f-806e6f6e6963}\Current Media@TotalBytes 0x00 0x00 0xAC 0xF8 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{79fb8d99-11b7-11e4-824f-806e6f6e6963}\Current Media@FreeBytes 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{79fb8d99-11b7-11e4-824f-806e6f6e6963}\Current Media@Blank Disc 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{79fb8d99-11b7-11e4-824f-806e6f6e6963}\Current Media@Can Close 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{79fb8d99-11b7-11e4-824f-806e6f6e6963}\Current Media@Media Type 1048576
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{79fb8d99-11b7-11e4-824f-806e6f6e6963}\Current Media@Imapi Media State 32768
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{79fb8d99-11b7-11e4-824f-806e6f6e6963}\Current Media@IsImapiDataBurnSupported 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{79fb8d99-11b7-11e4-824f-806e6f6e6963}\Current Media@IsImapiEraseSupported 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{79fb8d99-11b7-11e4-824f-806e6f6e6963}\Current Media@Live FS 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{79fb8d99-11b7-11e4-824f-806e6f6e6963}\Current Media@Disc Label SHERLOCK STAFFEL 3 DISK 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{79fb8d99-11b7-11e4-824f-806e6f6e6963}\Current Media@Set 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79fb8d99-11b7-11e4-824f-806e6f6e6963}\shell
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79fb8d99-11b7-11e4-824f-806e6f6e6963}\shell@ None
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79fb8d99-11b7-11e4-824f-806e6f6e6963}\shell\Autoplay
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79fb8d99-11b7-11e4-824f-806e6f6e6963}\shell\Autoplay@MUIVerb @shell32.dll,-8507
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79fb8d99-11b7-11e4-824f-806e6f6e6963}\shell\Autoplay\DropTarget
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79fb8d99-11b7-11e4-824f-806e6f6e6963}\shell\Autoplay\DropTarget@CLSID {F26A669A-BCBB-4E37-ABF9-7325DA15F931}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\StateStore@ProcessedPackageStateChangeVersion 803
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyLocalCollections@windows-wireless 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@PolicyDocumentLastRefresh 0xA2 0x16 0x5D 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsBandwidthBucketCounter 12100
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsBandwidthBucketDrainTime 0x7D 0x19 0x4E 0xF8 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsRequestBucketCounter 15074
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0xFE 0x10 0x91 0xC7 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeBandwidthBucketDrainTime 0x68 0xFA 0xAA 0x21 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0xFE 0x10 0x91 0xC7 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherBandwidthBucketCounter 600
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherBandwidthBucketDrainTime 0xE2 0xCC 0xD5 0x6F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0xFE 0x10 0x91 0xC7 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalBandwidthBucketCounter 43170
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalBandwidthBucketDrainTime 0x98 0x36 0x17 0x83 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter 100
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0xFE 0x10 0x91 0xC7 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken LM%3d63556167920437%3bID%3d2B10FB0C29EC20C5!104%3bLR%3d63556167921520%3bEP%3d4%3bTD%3dTrue%3bSO%3d0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastUploadTime 0x33 0x06 0xA9 0xC7 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0x81 0xD3 0xF9 0x28 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastDownloadCollectionInterest 0x84 0x4E 0x4D 0x4F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\PushNotifications@MobileBroadbandLastResetDate 0x51 0x9B 0xE8 0x1C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 14
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store@LastTileRefresh 0x48 0xD4 0x3E 0xDE ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store\RefreshBannedAppList@BannedAppsLastModified 0x00 0x4E 0xE0 0xDA ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk1\DR1 unknown MBR code
---- EOF - GMER 2.1 ----
Bedanke mich im Vorraus schon mal für die Hilfe  Mfg maxi078 |
| Themen zu Windows 8: .scr-Datei Download per Link über Steam |
| .dll, administrator, adobe, adware, antivirus, avast, browser, computer, defender, dvdvideosoft ltd., euro, explorer, google, installation, mozilla, refresh, registry, scan, scr-datei, security, server, services.exe, software, svchost.exe, system, teredo, uplay, ups, windows, windows 8, windowsapps, winlogon.exe |
Baum-Darstellung