Danke für die Hilfe, hier sind die logfiles:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by paul-_000 (ATTENTION: The logged in user is not administrator) on HADES on 30-07-2014 16:05:23
Running from C:\Users\paul-_000\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Jesper Palm) C:\Program Files (x86)\Toastify\Toastify.exe
(Curse, Inc) C:\Users\paul-_000\AppData\Roaming\Curse Client\Bin\Curse.exe
(ROCCAT GmbH) P:\Programme\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Spotify Ltd) C:\Users\paul-_000\AppData\Roaming\Spotify\spotify.exe
() C:\Users\paul-_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\paul-_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\paul-_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\paul-_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\paul-_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Users\paul-_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [36352 2013-01-31] (Intel Corporation)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe [109280 2013-07-29] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [RoccatKoneXTD] => P:\Programme\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2013-07-30] (ROCCAT GmbH)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-01-31] (Advanced Micro Devices, Inc.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [461176 2014-02-22] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-973006526-2082709660-19200149-1003\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-973006526-2082709660-19200149-1003\...\Run: [LightShot] => C:\Users\paul-_000\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
HKU\S-1-5-21-973006526-2082709660-19200149-1003\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2990304 2013-10-30] (Nota Inc.)
HKU\S-1-5-21-973006526-2082709660-19200149-1003\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2014-01-31] (AMD)
HKU\S-1-5-21-973006526-2082709660-19200149-1003\...\Run: [Spotify Web Helper] => C:\Users\paul-_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-10] (Spotify Ltd)
HKU\S-1-5-21-973006526-2082709660-19200149-1003\...\Run: [Toastify] => C:\Program Files (x86)\Toastify\Toastify.exe [259072 2014-06-13] (Jesper Palm)
HKU\S-1-5-21-973006526-2082709660-19200149-1003\...\MountPoints2: {a4457589-4f1c-11e3-824b-806e6f6e6963} - "E:\Install Navigator.exe"
Startup: C:\Users\paul-_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\paul-_000\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\paul-_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD850A860FA92CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.120.201
FireFox:
========
FF ProfilePath: C:\Users\paul-_000\AppData\Roaming\Mozilla\Firefox\Profiles\ukpmtoxz.default-1406726366235
FF Homepage: hxxp://www.reddit.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - P:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - P:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Imgur Uploader - C:\Users\paul-_000\AppData\Roaming\Mozilla\Firefox\Profiles\ukpmtoxz.default-1406726366235\Extensions\giorgio@gilestro.tk.xpi [2014-07-30]
FF Extension: Reddit Enhancement Suite - C:\Users\paul-_000\AppData\Roaming\Mozilla\Firefox\Profiles\ukpmtoxz.default-1406726366235\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-07-30]
FF Extension: Clean Links - C:\Users\paul-_000\AppData\Roaming\Mozilla\Firefox\Profiles\ukpmtoxz.default-1406726366235\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2014-07-30]
FF Extension: Adblock Plus - C:\Users\paul-_000\AppData\Roaming\Mozilla\Firefox\Profiles\ukpmtoxz.default-1406726366235\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-30]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\paul-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbdgfncagnockiihpegigeglkcmgabhm [2014-03-01]
CHR Extension: (YouTube) - C:\Users\paul-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-17]
CHR Extension: (Google Search) - C:\Users\paul-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-17]
CHR Extension: (Google Wallet) - C:\Users\paul-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-26]
CHR Extension: (Gmail) - C:\Users\paul-_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-17]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [93048 2014-06-03] (EasyAntiCheat Ltd)
U2 HiPatchService; P:\Programme\HiPatchService.exe [9216 2014-07-18] (Hi-Rez Studios) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27360 2013-07-29] (Samsung Electronics Co., Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 e9f32388; "C:\Windows\system32\rundll32.exe" "c:\progra~2\gssupp~1\AssistantSvc.dll",service
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-19] (Advanced Micro Devices)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-03] (Malwarebytes Corporation)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [240864 2013-07-29] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2013-07-29] (Samsung Electronics Co., Ltd.)
R1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.RTM\WNt500x64\Sandra.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-30 16:05 - 2014-07-30 16:05 - 00016184 _____ () C:\Users\paul-_000\Downloads\FRST.txt
2014-07-30 16:05 - 2014-07-30 16:05 - 00000000 ____D () C:\FRST
2014-07-30 16:04 - 2014-07-30 16:04 - 02093568 _____ (Farbar) C:\Users\paul-_000\Downloads\FRST64.exe
2014-07-30 16:01 - 2014-07-30 16:01 - 00050477 _____ () C:\Users\paul-_000\Downloads\Defogger.exe
2014-07-30 15:15 - 2014-07-30 15:15 - 01365551 _____ () C:\Users\paul-_000\Downloads\adwcleaner_3.301.exe
2014-07-30 00:29 - 2014-07-30 00:29 - 02247960 _____ () C:\Users\paul-_000\Downloads\battlelog-web-plugins_2.4.0_141(1).exe
2014-07-29 23:23 - 2014-07-29 23:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-26 13:58 - 2014-07-26 13:58 - 1266632686 _____ () C:\Windows\MEMORY.DMP
2014-07-23 12:42 - 2014-07-23 12:42 - 00336583 _____ () C:\Users\paul-_000\Downloads\Tostify_1.6.5.exe
2014-07-16 07:23 - 2014-07-16 07:23 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-11 23:41 - 2014-07-12 00:35 - 00000000 ____D () C:\Users\paul-_000\AppData\Roaming\Curse Client
2014-07-11 23:41 - 2014-07-11 23:41 - 00001042 _____ () C:\Users\paul-_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-07-11 23:40 - 2014-07-11 23:41 - 42468752 _____ (Curse) C:\Users\paul-_000\Downloads\CurseClientSetup(1).exe
2014-07-11 13:32 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-07-09 15:18 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 15:18 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 15:18 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 15:18 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 15:18 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-07-09 15:18 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-07-09 15:18 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-07-09 15:18 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-07-09 15:18 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-09 15:18 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 15:17 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 15:17 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 15:17 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 15:17 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 15:17 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 15:17 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 15:17 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 15:17 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 15:17 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 15:17 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 15:17 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 15:17 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 15:17 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 15:17 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 15:17 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 15:17 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 15:17 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 15:17 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 15:17 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 15:17 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 15:17 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 15:17 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 15:17 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 15:17 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 15:17 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 15:17 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 15:17 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 15:17 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 15:17 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 15:17 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-09 15:17 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-07-09 15:17 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-07-09 15:17 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-07-09 15:17 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 15:17 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-09 15:17 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-09 15:17 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 15:17 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-09 15:17 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-09 15:17 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-09 15:17 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-07-09 15:17 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 15:17 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-07-09 15:17 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 15:16 - 2014-07-09 15:16 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-07-05 14:26 - 2014-07-05 14:26 - 00000695 _____ () C:\Users\Public\Desktop\ .lnk
2014-07-05 14:25 - 2014-07-05 14:26 - 39967251 _____ (Hi-Rez Studios) C:\Users\paul-_000\Downloads\InstallHiRezGamesEnglish.exe
2014-07-04 22:24 - 2014-07-04 22:24 - 00001718 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2014-07-04 22:24 - 2014-07-04 22:24 - 00000000 ____D () C:\Program Files\Rainmeter
2014-07-04 22:23 - 2014-07-04 22:23 - 02294104 _____ () C:\Users\paul-_000\Downloads\Rainmeter-3.1.exe
2014-07-04 19:41 - 2014-07-04 19:41 - 05141444 _____ () C:\Users\paul-_000\Downloads\GLaDOS.rar
2014-07-04 16:43 - 2014-07-30 15:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-30 16:05 - 2014-07-30 16:05 - 00016184 _____ () C:\Users\paul-_000\Downloads\FRST.txt
2014-07-30 16:05 - 2014-07-30 16:05 - 00000000 ____D () C:\FRST
2014-07-30 16:04 - 2014-07-30 16:04 - 02093568 _____ (Farbar) C:\Users\paul-_000\Downloads\FRST64.exe
2014-07-30 16:01 - 2014-07-30 16:01 - 00050477 _____ () C:\Users\paul-_000\Downloads\Defogger.exe
2014-07-30 16:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-07-30 15:59 - 2014-05-25 21:14 - 01241628 _____ () C:\Windows\WindowsUpdate.log
2014-07-30 15:59 - 2013-11-17 02:23 - 00000000 ____D () C:\Users\paul-_000\AppData\Roaming\ClassicShell
2014-07-30 15:57 - 2013-11-17 22:22 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-30 15:37 - 2013-11-17 02:17 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-30 15:37 - 2013-08-23 01:24 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2014-07-30 15:37 - 2013-08-23 01:24 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2014-07-30 15:36 - 2014-07-04 16:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-30 15:36 - 2013-11-17 20:19 - 00000000 ____D () C:\Users\paul-_000\AppData\Roaming\Spotify
2014-07-30 15:31 - 2013-11-17 01:09 - 00000000 ___RD () C:\Users\paul-_000\SkyDrive
2014-07-30 15:30 - 2014-03-01 19:43 - 00000454 ____H () C:\Windows\Tasks\WS.Booster-S-1431105474.job
2014-07-30 15:30 - 2013-11-17 22:22 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-30 15:30 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-30 15:25 - 2013-12-26 03:27 - 00000000 ____D () C:\Windows\Minidump
2014-07-30 15:17 - 2014-06-18 03:29 - 00002060 _____ () C:\Windows\PFRO.log
2014-07-30 15:17 - 2013-11-16 23:34 - 00000000 ____D () C:\AdwCleaner
2014-07-30 15:15 - 2014-07-30 15:15 - 01365551 _____ () C:\Users\paul-_000\Downloads\adwcleaner_3.301.exe
2014-07-30 14:53 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-30 14:46 - 2013-11-16 20:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 04:20 - 2013-11-17 19:47 - 00000000 ____D () C:\Users\paul-_000\AppData\Roaming\TS3Client
2014-07-30 02:25 - 2013-11-23 19:43 - 00000408 _____ () C:\Windows\Tasks\update-S-1-5-21-973006526-2082709660-19200149-1003.job
2014-07-30 01:23 - 2013-11-22 17:32 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-30 00:41 - 2013-11-22 17:32 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-07-30 00:29 - 2014-07-30 00:29 - 02247960 _____ () C:\Users\paul-_000\Downloads\battlelog-web-plugins_2.4.0_141(1).exe
2014-07-30 00:29 - 2013-12-14 04:40 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-07-29 23:23 - 2014-07-29 23:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 23:07 - 2014-06-17 00:21 - 00055687 _____ () C:\Windows\DirectX.log
2014-07-29 23:06 - 2013-12-08 15:26 - 00000000 ____D () C:\ProgramData\Origin
2014-07-29 23:06 - 2013-12-08 15:26 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-29 21:58 - 2013-11-17 20:21 - 00000000 ____D () C:\Users\paul-_000\AppData\Local\Spotify
2014-07-27 21:22 - 2013-11-17 01:37 - 00000000 ____D () C:\Users\paul-_000\AppData\Local\Paint.NET
2014-07-27 03:48 - 2013-11-17 00:57 - 00000000 ____D () C:\Users\paul-_000
2014-07-26 22:40 - 2014-06-28 02:46 - 00000000 ___RD () C:\Users\paul-_000\Desktop\Pics
2014-07-26 13:58 - 2014-07-26 13:58 - 1266632686 _____ () C:\Windows\MEMORY.DMP
2014-07-25 01:03 - 2013-11-17 00:58 - 00000000 ____D () C:\Users\paul-_000\AppData\Roaming\Skype
2014-07-23 12:42 - 2014-07-23 12:42 - 00336583 _____ () C:\Users\paul-_000\Downloads\Tostify_1.6.5.exe
2014-07-16 18:19 - 2014-06-14 04:08 - 00000000 ____D () C:\Users\paul-_000\Desktop\General
2014-07-16 07:23 - 2014-07-16 07:23 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-13 23:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-07-12 00:42 - 2013-08-22 16:44 - 00361176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-12 00:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-12 00:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 00:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 00:41 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-12 00:35 - 2014-07-11 23:41 - 00000000 ____D () C:\Users\paul-_000\AppData\Roaming\Curse Client
2014-07-11 23:41 - 2014-07-11 23:41 - 00001042 _____ () C:\Users\paul-_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-07-11 23:41 - 2014-07-11 23:40 - 42468752 _____ (Curse) C:\Users\paul-_000\Downloads\CurseClientSetup(1).exe
2014-07-11 13:33 - 2013-11-16 20:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-11 13:33 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-11 13:32 - 2013-11-16 20:47 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-11 13:32 - 2013-08-23 01:26 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 15:16 - 2014-07-09 15:16 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-07-05 14:49 - 2014-06-14 04:05 - 00000000 ___RD () C:\Users\paul-_000\Desktop\Utilities
2014-07-05 14:26 - 2014-07-05 14:26 - 00000695 _____ () C:\Users\Public\Desktop\ .lnk
2014-07-05 14:26 - 2014-07-05 14:25 - 39967251 _____ (Hi-Rez Studios) C:\Users\paul-_000\Downloads\InstallHiRezGamesEnglish.exe
2014-07-04 22:24 - 2014-07-04 22:24 - 00001718 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2014-07-04 22:24 - 2014-07-04 22:24 - 00000000 ____D () C:\Program Files\Rainmeter
2014-07-04 22:23 - 2014-07-04 22:23 - 02294104 _____ () C:\Users\paul-_000\Downloads\Rainmeter-3.1.exe
2014-07-04 19:41 - 2014-07-04 19:41 - 05141444 _____ () C:\Users\paul-_000\Downloads\GLaDOS.rar
2014-07-01 21:20 - 2014-06-01 14:25 - 00001413 _____ () C:\Windows\setupact.log
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
--- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by paul-_000 at 2014-07-30 16:05:37
Running from C:\Users\paul-_000\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40131 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0131.1535.27922 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{8D2C98CB-7D5D-25CE-C72B-3F2C257F0284}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AutoHotkey 1.1.13.01 (HKLM\...\AutoHotkey) (Version: 1.1.13.01 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.3825 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0131.1535.27922 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0131.1535.27922 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0131.1535.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0131.1535.27922 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Classic Shell (HKLM\...\{98BB5224-BC5D-4028-9D20-536C1C263AA9}) (Version: 4.0.2 - IvoSoft)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Gyazo 2.0.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Keysticks (HKLM-x32\...\{017E32B0-23A9-40F0-952B-6B12F0702A15}) (Version: 1.8.1 - Keysticks.net)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version: - Paradox North)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.1.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.1.0 (x86 de)) (Version: 24.1.0 - Mozilla)
Mozilla Thunderbird 24.1.1 (x86 de) (HKCU\...\Mozilla Thunderbird 24.1.1 (x86 de)) (Version: 24.1.1 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
ON_OFF Charge 2 B13.0403.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0403.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge B13.0403.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - )
RAPID Mode (Version: 1.0.1.42 - Samsung Electronics Co., Ltd.) Hidden
ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version: - Roccat GmbH)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.6 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.4.15 - Electronic Arts)
Toastify (HKLM-x32\...\Toastify) (Version: 1.6 - Jesper Palm)
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\update-S-1-5-21-973006526-2082709660-19200149-1003.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\WS.Booster-S-1431105474.job => ? <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-06-13 07:49 - 2014-06-13 07:49 - 00110592 _____ () C:\Program Files (x86)\Toastify\ManagedWinapi.dll
2014-05-25 16:18 - 2014-05-25 16:18 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2014-05-25 16:18 - 2014-05-25 16:18 - 00747192 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2014-05-25 16:17 - 2014-05-25 16:17 - 00408064 _____ () C:\Program Files\Rainmeter\Plugins\NowPlaying.DLL
2014-05-25 16:17 - 2014-05-25 16:17 - 00023040 _____ () C:\Program Files\Rainmeter\Plugins\Win7AudioPlugin.DLL
2013-11-17 20:21 - 2014-07-10 15:55 - 00601144 _____ () C:\Users\paul-_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\paul-_000\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKCU\...\StartupApproved\Run: => "Spotify"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"
HKCU\...\StartupApproved\Run: => "Gyazo"
HKCU\...\StartupApproved\Run: => "LightShot"
==================== Faulty Device Manager Devices =============
Name: Intel(R) HD Graphics 4600
Description: Intel(R) HD Graphics 4600
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: IGFX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/30/2014 03:31:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
Error: (07/30/2014 03:31:23 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (07/30/2014 03:31:23 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (07/30/2014 03:31:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4
Error: (07/30/2014 03:31:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
Error: (07/30/2014 03:31:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll4
Error: (07/30/2014 03:31:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (07/30/2014 03:18:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
Error: (07/30/2014 03:18:35 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (07/30/2014 03:18:35 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
System errors:
=============
Error: (07/30/2014 03:31:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst GS Supporter erreicht.
Error: (07/30/2014 03:18:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst GS Supporter erreicht.
Error: (07/30/2014 03:13:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst GS Supporter erreicht.
Error: (07/30/2014 02:47:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst GS Supporter erreicht.
Error: (07/30/2014 02:46:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 30.07.2014 um 04:37:54 unerwartet heruntergefahren.
Error: (07/30/2014 02:46:32 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212256841143856
Error: (07/29/2014 09:58:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst GS Supporter erreicht.
Error: (07/29/2014 09:57:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062
Error: (07/28/2014 03:13:50 PM) (Source: DCOM) (EventID: 10010) (User: HADES)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (07/27/2014 02:58:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst GS Supporter erreicht.
Microsoft Office Sessions:
=========================
Error: (07/30/2014 03:31:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
Error: (07/30/2014 03:31:23 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (07/30/2014 03:31:23 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (07/30/2014 03:31:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4
Error: (07/30/2014 03:31:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
Error: (07/30/2014 03:31:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll4
Error: (07/30/2014 03:31:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (07/30/2014 03:18:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
Error: (07/30/2014 03:18:35 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (07/30/2014 03:18:35 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
==================== Memory info ===========================
Percentage of memory in use: 46%
Total physical RAM: 8083.49 MB
Available physical RAM: 4294.79 MB
Total Pagefile: 16275.49 MB
Available Pagefile: 11839.54 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.27 GB) (Free:28.21 GB) NTFS
Drive d: (Daten) (Fixed) (Total:878.91 GB) (Free:878.69 GB) NTFS
Drive p: (Programme) (Fixed) (Total:878.91 GB) (Free:694.09 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Hoffentlich lässt sich was machen :/ |
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
