Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.07.2014, 12:21   #1
shrekislove
 
Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen - Standard

Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen



Hallo zusammen,

Vor etwa einer stunde hat mein pc eigenmächtig die seite hxxp://98uj8.de/s3brsn5ba66mgfzeinrum#noad ungefähr 50-100 mal(grob geschätzt) während ich den pc für etwa 20 min unbeaufsichtigt gelassen habe aufgerufen. Ich habe ein wenig gesucht und herausgefunden dass das ein trojaner ist und ich weis jetzt nicht was ich tun soll.Außer dem ist mir ein Prozess namens "monitor.exe" aufgefallen, jedoch konnte ich ihn nicht schließen da immer die Fehlermeldung "Zugriff verweigert" kam.

ich habe farbar und GMER durchlaufen lassen aber weis nicht was ich mit den logs anfangen soll, vielleicht könnt ihr mir ja helfen.

FRST:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01
Ran by Sebastian (administrator) on SEBASTIAN-PC on 31-07-2014 12:21:40
Running from C:\Users\Sebastian\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\ASGT.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Akamai Technologies, Inc.) C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe
(ROCCAT) C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
(ROCCAT) C:\Program Files (x86)\ROCCAT\Kone Mouse\OSD.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6553808 2014-06-24] (SoftPerfect Research)
HKLM-x32\...\Run: [Kone] => C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE [180224 2009-09-15] (ROCCAT)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-24] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-09-11] (AMD)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-02] (Google Inc.)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [37632 2014-01-30] (Overwolf LTD)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [AshSnap] => C:\Program Files\Ashampoo Snap 4\ashsnap.exe [1528176 2011-04-01] (ashampoo GmbH & Co. KG)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3323885&octid=EB_ORIGINAL_CTID&ISID=M0F8AE674-C2A6-4C02-A261-55C0048E5BEC&SearchSource=55&CUI=&UM=5&UP=SP35769814-387A-4554-9341-C2A5E68263A2&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xED82E6AE3520CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Sebastian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-03]

Chrome: 
=======
CHR HomePage: hxxp://google.de/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-02]
CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-02]
CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-02]
CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-02]
CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-02]
CHR Extension: (Hola Besseres Internet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-05-13]
CHR Extension: (avast! Online Security) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-03]
CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-02]
CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-01] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-03-03] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-03-23] () [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [98560 2014-01-30] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-28] ()
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [307928 2013-11-11] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-01] ()
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc.)
R3 KoneFltr; C:\Windows\System32\drivers\Kone.sys [15488 2008-12-11] (ROCCAT Ltd)
R1 networx; C:\Windows\System32\drivers\networx.sys [59384 2014-05-09] (NetFilterSDK.com)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 aswKbd; \??\C:\Windows\system32\drivers\aswKbd.sys [X]
S1 aswNdisFlt; system32\DRIVERS\aswNdisFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys FBB35875FEFE53D4280259842069ED72
C:\Windows\System32\DRIVERS\atikmpag.sys A32BCAD9377E3B75D034CAFBA463A0AE
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys E8CCB797DAF80779C768BD3A9FC8FCAF
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys 340B0467E98A8C92697D73034DB4BCB7
C:\Windows\system32\drivers\aswMonFlt.sys ED5B09937D559FFA53FC988D20031E98
C:\Windows\system32\drivers\aswRdr2.sys 33C77DCB0AEC76E26BD6352A1A5281BB
C:\Windows\System32\Drivers\aswRvrt.sys BF5B9E9E97CED45208E498D9FA73688F
C:\Windows\system32\drivers\aswSnx.sys F88CE00A7736C349ED1414D7ECDC9BED
C:\Windows\system32\drivers\aswSP.sys 3AE912B08E2A1ABB2B63F3C56BED95C2
C:\Windows\system32\drivers\aswStm.sys A7115ED31675BB823CFA9FE571C25676
C:\Windows\System32\Drivers\aswVmm.sys 47CBD3F64E412FFAFD93404580A3C7B9
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 770A3B0D78232B0C1054495392A1FBA3
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwlhigh664.sys 44E6E51AEDBF3E0B38A6CD5432649E57
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys 91CE0D3DC57DD377E690A2D324022B08
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\EtronHub3.sys 3DBC10CBC436288801FAEE66DE91AE47
C:\Windows\System32\Drivers\EtronXHCI.sys DE261095A2220D400D9603E1E42D4185
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys F2744FD54BE1580BE05916D1C755C92A
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\IOMap64.sys EBBB161339CC7D5FFC0749EB6BE8A126
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\Kone.sys B6D6F12C214DE823FA22709F7BD0EB0B
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LHidFilt.Sys 77D5786C6A7765503884E38706C9FD5E
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\LUsbFilt.Sys 97355D9AAC9EC42A7DFC9664F81FC699
C:\Windows\System32\drivers\MBfilt64.sys 8FF2D95CBA49B405C5DE27039FF0BF35
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys FAF015B07E3A2874A790A39B7D2C579F
C:\Windows\System32\DRIVERS\mrxsmb10.sys 08E2345DF129082BCDFFDC1440F9C00D
C:\Windows\System32\DRIVERS\mrxsmb20.sys 108D87409C5812EF47D81E22843E8C9D
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\drivers\networx.sys BB19A711B9E1C930583CDE4FAF677F3F
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\npf.sys C31FA031335EFF434B2D94278E74BCCE
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys F4C374B1C46DE294B573BB43723AC3F6
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scmndisp.sys 2A50BE713FAF033420466C25979C028E
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 2098B8556D1CEC2ACA9A29CD479E3692
C:\Windows\System32\DRIVERS\srv2.sys D0F73A42040F21F92FD314B42AC5C9E7
C:\Windows\System32\DRIVERS\srvnet.sys 2BA8F3250828CCDB4204ECF2C6F40B6A
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\drivers\tcpip.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tcpip.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys 2B5BDFF688EC9871D7EC5837833374E9
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 12:21 - 2014-07-31 12:22 - 00032002 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-07-31 12:21 - 2014-07-31 12:21 - 00000000 ____D () C:\FRST
2014-07-31 12:20 - 2014-07-31 12:20 - 02094080 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe
2014-07-31 12:17 - 2014-07-31 12:17 - 01084928 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST.exe
2014-07-31 11:33 - 2014-07-31 12:09 - 00000022 _____ () C:\Windows\S.dirmngr
2014-07-30 00:37 - 2014-07-30 00:37 - 00011842 _____ () C:\Users\Sebastian\Documents\ayy lmao.odt
2014-07-30 00:14 - 2014-07-30 00:14 - 00000000 ____D () C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2014-07-30 00:14 - 2014-07-30 00:14 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\2K Games
2014-07-29 16:06 - 2014-07-29 16:06 - 00000565 _____ () C:\Windows\wmsetup.log
2014-07-28 01:12 - 2014-07-28 01:14 - 06462968 _____ () C:\Users\Sebastian\Documents\I´m Sorry.mp4
2014-07-26 14:52 - 2013-07-02 17:29 - 00024824 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2014-07-23 22:55 - 2014-07-23 22:55 - 00000000 ____D () C:\Users\Sebastian\Desktop\Text dokumentz
2014-07-23 22:22 - 2014-07-23 22:24 - 27167987 _____ () C:\Users\Sebastian\Desktop\torbrowser-install-3.6.2_en-US.exe
2014-07-22 20:19 - 2014-07-22 21:16 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Bioshock
2014-07-22 20:19 - 2014-07-22 20:27 - 00000000 ____D () C:\Users\Sebastian\Documents\Bioshock
2014-07-22 20:18 - 2014-07-22 20:18 - 00000791 _____ () C:\Windows\DXError.log
2014-07-22 18:38 - 2014-07-30 20:47 - 00298032 _____ () C:\Windows\DirectX.log
2014-07-22 18:35 - 2014-07-27 00:31 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\DarknessII
2014-07-21 19:38 - 2014-07-21 19:38 - 00000220 _____ () C:\Users\Sebastian\Desktop\BioShock.url
2014-07-20 21:48 - 2014-07-20 21:48 - 00007605 _____ () C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg
2014-07-16 16:15 - 2014-07-16 16:15 - 00001222 ____R () C:\Users\Sebastian\Desktop\BitLocker-Wiederherstellungsschlüssel B66D4F0E-4BCD-479B-A766-A10180C7A72B.txt
2014-07-12 17:37 - 2014-07-12 17:39 - 00000000 ____D () C:\Users\Sebastian\Desktop\Zelda
2014-07-12 17:36 - 2014-07-12 17:39 - 00000000 ____D () C:\Users\Sebastian\Documents\Dolphin Emulator
2014-07-12 17:34 - 2014-07-12 17:35 - 00000000 ____D () C:\Users\Sebastian\Desktop\dolphin2
2014-07-07 00:18 - 2014-07-07 00:18 - 00020138 _____ () C:\Users\Sebastian\Documents\Kündigung2.odt
2014-07-07 00:18 - 2014-07-07 00:18 - 00020138 _____ () C:\Users\Sebastian\Desktop\Kündigung2.odt
2014-07-06 19:19 - 2014-07-06 23:20 - 00018103 _____ () C:\Users\Sebastian\Desktop\Kündigung.odt
2014-07-02 19:06 - 2014-07-09 21:18 - 00001094 _____ () C:\Windows\LkmdfCoInst.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 12:22 - 2014-07-31 12:21 - 00032002 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-07-31 12:21 - 2014-07-31 12:21 - 00000000 ____D () C:\FRST
2014-07-31 12:21 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-31 12:21 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-31 12:20 - 2014-07-31 12:20 - 02094080 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe
2014-07-31 12:20 - 2014-02-02 21:53 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Skype
2014-07-31 12:20 - 2014-02-02 01:34 - 00963444 _____ () C:\Windows\WindowsUpdate.log
2014-07-31 12:17 - 2014-07-31 12:17 - 01084928 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST.exe
2014-07-31 12:10 - 2014-02-02 22:02 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Overwolf
2014-07-31 12:09 - 2014-07-31 11:33 - 00000022 _____ () C:\Windows\S.dirmngr
2014-07-31 12:09 - 2014-06-23 20:16 - 00004088 _____ () C:\Windows\setupact.log
2014-07-31 12:09 - 2014-02-02 20:48 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-31 12:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-31 02:24 - 2014-02-02 20:48 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 02:08 - 2014-02-04 17:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-31 02:08 - 2014-02-03 00:07 - 00000000 ____D () C:\ProgramData\Origin
2014-07-31 01:45 - 2014-02-02 22:02 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\TS3Client
2014-07-30 23:39 - 2014-02-03 01:24 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-07-30 23:39 - 2014-02-03 00:58 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-07-30 23:38 - 2014-02-03 00:58 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-30 20:47 - 2014-07-22 18:38 - 00298032 _____ () C:\Windows\DirectX.log
2014-07-30 19:02 - 2014-06-29 15:18 - 00000075 _____ () C:\Users\Sebastian\.atl.properties
2014-07-30 17:32 - 2014-02-02 22:27 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-30 17:27 - 2014-05-10 17:34 - 00000000 ____D () C:\Users\Sebastian\Desktop\Temp
2014-07-30 17:24 - 2014-05-10 17:34 - 00000000 ____D () C:\Users\Sebastian\Desktop\Instances
2014-07-30 00:37 - 2014-07-30 00:37 - 00011842 _____ () C:\Users\Sebastian\Documents\ayy lmao.odt
2014-07-30 00:14 - 2014-07-30 00:14 - 00000000 ____D () C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2014-07-30 00:14 - 2014-07-30 00:14 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\2K Games
2014-07-29 21:10 - 2014-02-10 22:30 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Battle.net
2014-07-29 17:06 - 2014-02-02 20:48 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-29 17:06 - 2014-02-02 20:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-29 16:06 - 2014-07-29 16:06 - 00000565 _____ () C:\Windows\wmsetup.log
2014-07-29 15:37 - 2014-02-02 23:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-29 15:37 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-29 00:28 - 2014-02-26 22:40 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\.purple
2014-07-28 01:14 - 2014-07-28 01:12 - 06462968 _____ () C:\Users\Sebastian\Documents\I´m Sorry.mp4
2014-07-27 13:02 - 2011-04-12 09:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-07-27 13:02 - 2011-04-12 09:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-07-27 13:02 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-27 00:31 - 2014-07-22 18:35 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\DarknessII
2014-07-26 21:29 - 2014-02-04 21:08 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\.minecraft
2014-07-24 23:14 - 2014-02-10 22:30 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-23 22:55 - 2014-07-23 22:55 - 00000000 ____D () C:\Users\Sebastian\Desktop\Text dokumentz
2014-07-23 22:24 - 2014-07-23 22:22 - 27167987 _____ () C:\Users\Sebastian\Desktop\torbrowser-install-3.6.2_en-US.exe
2014-07-22 22:31 - 2014-05-30 17:08 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\PAYDAY 2
2014-07-22 21:19 - 2014-02-03 16:31 - 00000000 ____D () C:\Users\Sebastian\Documents\My Games
2014-07-22 21:16 - 2014-07-22 20:19 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Bioshock
2014-07-22 20:27 - 2014-07-22 20:19 - 00000000 ____D () C:\Users\Sebastian\Documents\Bioshock
2014-07-22 20:18 - 2014-07-22 20:18 - 00000791 _____ () C:\Windows\DXError.log
2014-07-22 19:42 - 2014-02-03 17:02 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-22 18:40 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-22 18:29 - 2014-02-03 00:09 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-07-22 18:23 - 2014-02-02 22:02 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-07-22 17:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-21 19:38 - 2014-07-21 19:38 - 00000220 _____ () C:\Users\Sebastian\Desktop\BioShock.url
2014-07-20 21:48 - 2014-07-20 21:48 - 00007605 _____ () C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg
2014-07-20 19:04 - 2014-02-11 23:58 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\vlc
2014-07-20 16:48 - 2014-05-02 21:04 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\dvdcss
2014-07-16 16:15 - 2014-07-16 16:15 - 00001222 ____R () C:\Users\Sebastian\Desktop\BitLocker-Wiederherstellungsschlüssel B66D4F0E-4BCD-479B-A766-A10180C7A72B.txt
2014-07-12 17:39 - 2014-07-12 17:37 - 00000000 ____D () C:\Users\Sebastian\Desktop\Zelda
2014-07-12 17:39 - 2014-07-12 17:36 - 00000000 ____D () C:\Users\Sebastian\Documents\Dolphin Emulator
2014-07-12 17:39 - 2014-06-11 17:11 - 00000000 ____D () C:\Users\Sebastian\Desktop\stick
2014-07-12 17:35 - 2014-07-12 17:34 - 00000000 ____D () C:\Users\Sebastian\Desktop\dolphin2
2014-07-12 17:32 - 2014-06-01 15:50 - 00000000 ____D () C:\Users\Sebastian\Desktop\Stick Patrick
2014-07-09 21:18 - 2014-07-02 19:06 - 00001094 _____ () C:\Windows\LkmdfCoInst.log
2014-07-09 21:18 - 2014-02-03 22:26 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-07-07 00:18 - 2014-07-07 00:18 - 00020138 _____ () C:\Users\Sebastian\Documents\Kündigung2.odt
2014-07-07 00:18 - 2014-07-07 00:18 - 00020138 _____ () C:\Users\Sebastian\Desktop\Kündigung2.odt
2014-07-06 23:20 - 2014-07-06 19:19 - 00018103 _____ () C:\Users\Sebastian\Desktop\Kündigung.odt
2014-07-06 23:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-06 17:39 - 2014-04-26 16:51 - 00000000 ____D () C:\Users\Sebastian\Desktop\K
2014-07-02 19:51 - 2014-02-03 00:49 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {current}
resumeobject            {9edaa718-8b98-11e3-bcf6-d311fd97538f}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
osdevice                partition=C:
systemroot              \Windows
resumeobject            {9edaa718-8b98-11e3-bcf6-d311fd97538f}
nx                      OptOut

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {9edaa718-8b98-11e3-bcf6-d311fd97538f}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}



LastRegBack: 2014-07-28 20:35

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---



Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 01
Ran by Sebastian at 2014-07-31 12:22:18
Running from C:\Users\Sebastian\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{4B5124DF-F465-2BA6-FCCF-82C149E1223D}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.9.2 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.4.9.2 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 3™ (HKLM-x32\...\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield™ Hardline Beta (HKLM-x32\...\{599276A7-F45D-40B1-A0B6-CF132A1CAD49}) (Version: 1.0.0.5 - Electronic Arts)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Marin)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version:  - )
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.00.0000 - JoWooD Productions Software AG)
Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project)
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.2 - NETGEAR)
NetWorx 5.3.2 (HKLM\...\NetWorx_is1) (Version:  - Softperfect Research)
Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.49.0 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\{A7234617-513C-4292-A013-7DD915493BDA}) (Version: 0.49.305 - Overwolf)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 beta r2286 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Rise and Fall (HKLM-x32\...\{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}) (Version: 1.00.0000 - Midway Games)
ROCCAT Kone Mouse Driver (HKLM-x32\...\{9733747E-E53D-4C17-977E-3A872AFB93E1}) (Version:  - )
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version:  - Yager)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25790 - TeamViewer)
The Darkness II (HKLM-x32\...\Steam App 67370) (Version:  - Digital Extremes)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Tom Clancy's Rainbow Six Vegas 2 (HKLM-x32\...\{FD416706-875C-4B0B-A23A-9E740DAE029E}) (Version: 1.03 - Ubisoft)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
War Thunder Launcher 1.0.1.322 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
WarRock (HKLM-x32\...\Warrock EU) (Version:  - )
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wise Registry Cleaner 8.12 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.12 - WiseCleaner.com, Inc.)
YTD Video Downloader 4.8.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.1 - GreenTree Applications SRL)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-07-2014 16:38:20 DirectX wurde installiert
22-07-2014 18:16:35 Microsoft Visual C++ 2005 Redistributable wird installiert
22-07-2014 18:17:53 DirectX wurde installiert
22-07-2014 19:16:50 Microsoft Visual C++ 2005 Redistributable wird installiert
22-07-2014 19:18:18 DirectX wurde installiert
26-07-2014 20:28:22 DirectX wurde installiert
29-07-2014 14:04:52 DirectX wurde installiert
29-07-2014 22:12:41 DirectX wurde installiert
30-07-2014 18:45:46 DirectX wurde installiert

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AE46977-DAFB-4E43-A6E8-48444D062FB6} - System32\Tasks\{EB801E42-A21F-4704-B6D9-FDB2CDBD1FAF} => C:\Program Files (x86)\Steam\Steam.exe [2014-07-16] (Valve Corporation)
Task: {2285D577-B1B3-48A5-B41A-480B3F01516F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02] (Google Inc.)
Task: {25D9B035-D6D6-4154-B1F0-7803BF5B455F} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {98518E86-C0C1-43D9-A8CC-B7A2ED1387FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02] (Google Inc.)
Task: {9A506F7D-02C4-4CF8-870B-C7785585C6DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {B62CCFBC-2983-4AFF-9F1A-4DFBC9DFE1E4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-01] (AVAST Software)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-06 17:06 - 2013-12-06 17:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-01-17 12:24 - 2012-01-17 12:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2013-10-07 16:54 - 2013-10-07 16:54 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2014-02-03 00:58 - 2014-06-28 18:03 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-03 21:28 - 2013-11-11 15:10 - 00307928 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2014-06-28 17:37 - 2014-06-06 15:41 - 00718336 _____ () C:\Program Files\NetWorx\sqlite.dll
2014-05-03 21:28 - 2013-11-22 19:34 - 08266456 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
2014-04-06 16:35 - 2014-04-06 16:35 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2014-04-06 16:35 - 2014-04-06 16:35 - 00747192 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2013-12-06 17:06 - 2013-12-06 17:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-07-30 21:27 - 2014-07-30 21:27 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14073002\algo.dll
2014-07-31 12:09 - 2014-07-31 12:09 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14073100\algo.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-10-07 16:47 - 2013-10-07 16:47 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-10-07 16:44 - 2013-10-07 16:44 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2014-05-03 21:28 - 2013-10-30 19:06 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2013-09-24 18:22 - 2013-09-24 18:22 - 00258048 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Vender.dll
2013-10-07 11:30 - 2013-10-07 11:30 - 00053248 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Exeio.dll
2014-02-02 23:37 - 2014-02-02 23:37 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-03 21:28 - 2013-11-01 17:31 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
2014-07-21 21:30 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-21 21:30 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-21 21:30 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-21 21:30 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-21 21:30 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Avast! Firewall Driver
Description: Avast! Firewall Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswNdisFlt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2014 00:09:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2014 00:08:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden.


Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.
.

Error: (07/31/2014 00:06:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2014 11:34:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2014 08:47:49 PM) (Source: MsiInstaller) (EventID: 1013) (User: Sebastian-PC)
Description: Product: NVIDIA PhysX -- Installation terminated

Error: (07/30/2014 05:12:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2014 00:14:31 AM) (Source: MsiInstaller) (EventID: 1013) (User: Sebastian-PC)
Description: Product: NVIDIA PhysX -- Installation terminated

Error: (07/29/2014 04:07:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm DeadIslandGame.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 14f0

Startzeit: 01cfab3651d60f18

Endzeit: 10

Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\Dead Island\DeadIslandGame.exe

Berichts-ID: 97fae872-1729-11e4-b49d-bc5ff4fa1dc1

Error: (07/29/2014 03:37:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2014 07:45:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/31/2014 00:15:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (07/31/2014 00:09:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
aswKbd
aswNdisFlt

Error: (07/31/2014 00:09:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! Firewall" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/31/2014 00:09:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst avast! Firewall erreicht.

Error: (07/31/2014 00:04:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFD
aswKbd
aswNdisFlt
aswRdr
aswRvrt
aswSnx
aswSP
aswVmm
CSC
DfsC
discache
NetBIOS
NetBT
networx
nsiproxy
Psched
rdbss
spldr
tdx
vwififlt
Wanarpv6
WfpLwf

Error: (07/31/2014 00:04:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/31/2014 00:04:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/31/2014 00:04:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/31/2014 00:04:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%31

Error: (07/31/2014 00:04:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (07/31/2014 00:09:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2014 00:08:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.

Error: (07/31/2014 00:06:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2014 11:34:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2014 08:47:49 PM) (Source: MsiInstaller) (EventID: 1013) (User: Sebastian-PC)
Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/30/2014 05:12:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2014 00:14:31 AM) (Source: MsiInstaller) (EventID: 1013) (User: Sebastian-PC)
Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/29/2014 04:07:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: DeadIslandGame.exe1.0.0.014f001cfab3651d60f1810C:\Program Files (x86)\Steam\steamapps\common\Dead Island\DeadIslandGame.exe97fae872-1729-11e4-b49d-bc5ff4fa1dc1

Error: (07/29/2014 03:37:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2014 07:45:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 8148.75 MB
Available physical RAM: 5349.72 MB
Total Pagefile: 16295.7 MB
Available Pagefile: 13108.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:487.38 GB) NTFS
Drive e: () (Removable) (Total:1.88 GB) (Free:1.52 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 4DA2E21B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 6E652072)
No partition Table on disk 1.

==================== End Of Log ============================
         

Shortcut:
Anhang 68552

GMER:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-31 13:32:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-2 ST1000DM003-1CH162 rev.CC47 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\SEBAST~1\AppData\Local\Temp\kglyauoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\wininit.exe[660] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007721eecd 1 byte [62]
.text  C:\Windows\system32\services.exe[716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007721eecd 1 byte [62]
.text  C:\Windows\system32\atiesrxx.exe[284] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Windows\System32\svchost.exe[368] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007721eecd 1 byte [62]
.text  C:\Windows\System32\svchost.exe[388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007721eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007721eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1360] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Windows\System32\spoolsv.exe[1636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1748] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                000000007721eecd 1 byte [62]
.text  C:\Windows\SysWOW64\ASGT.exe[1792] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                   00000000764da322 1 byte [62]
.text  C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1848] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                   00000000764da322 1 byte [62]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                               00000000764da322 1 byte [62]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                    0000000074f31a22 2 bytes [F3, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                    0000000074f31ad0 2 bytes [F3, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                    0000000074f31b08 2 bytes [F3, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                    0000000074f31bba 2 bytes [F3, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                    0000000074f31bda 2 bytes [F3, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                             0000000076461465 2 bytes [46, 76]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            00000000764614bb 2 bytes [46, 76]
.text  ...                                                                                                                                        * 2
.text  C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe[1192] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                             00000000764da322 1 byte [62]
.text  C:\Windows\system32\taskhost.exe[2440] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                               000000007721eecd 1 byte [62]
.text  C:\Windows\system32\Dwm.exe[2516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                    000000007721eecd 1 byte [62]
.text  C:\Windows\Explorer.EXE[2548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                        000000007721eecd 1 byte [62]
.text  C:\Windows\system32\wbem\wmiprvse.exe[2736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                          000000007721eecd 1 byte [62]
.text  C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe[2880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                             00000000764da322 1 byte [62]
.text  C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           0000000076461465 2 bytes [46, 76]
.text  C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000764614bb 2 bytes [46, 76]
.text  ...                                                                                                                                        * 2
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3536] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                000000007721eecd 1 byte [62]
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                               000000007721eecd 1 byte [62]
.text  C:\Windows\system32\SearchIndexer.exe[3724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                          000000007721eecd 1 byte [62]
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[3804] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                             000000007721eecd 1 byte [62]
.text  C:\Program Files\NetWorx\networx.exe[3972] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                           000000007721eecd 1 byte [62]
.text  C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3120] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                00000000764da322 1 byte [62]
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2400] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112  00000000764da322 1 byte [62]
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[496] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                    00000000764da322 1 byte [62]
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  0000000076461465 2 bytes [46, 76]
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                 00000000764614bb 2 bytes [46, 76]
.text  ...                                                                                                                                        * 2
.text  C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[324] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189               000000007721eecd 1 byte [62]
.text  C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[3928] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                     00000000764da322 1 byte [62]
.text  C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000076461465 2 bytes [46, 76]
.text  C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000764614bb 2 bytes [46, 76]
.text  ...                                                                                                                                        * 2
.text  C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                     00000000764da322 1 byte [62]
.text  C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000076461465 2 bytes [46, 76]
.text  C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000764614bb 2 bytes [46, 76]
.text  ...                                                                                                                                        * 2
.text  C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE[3900] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                           00000000764da322 1 byte [62]
.text  C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         0000000076461465 2 bytes [46, 76]
.text  C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000764614bb 2 bytes [46, 76]
.text  ...                                                                                                                                        * 2
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4004] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                      000000007721eecd 1 byte [62]
.text  C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[4132] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                             00000000764da322 1 byte [62]
.text  C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[4132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           0000000076461465 2 bytes [46, 76]
.text  C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[4132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000764614bb 2 bytes [46, 76]
.text  ...                                                                                                                                        * 2
.text  C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe[4424] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                              00000000764da322 1 byte [62]
.text  C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000076461465 2 bytes [46, 76]
.text  C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           00000000764614bb 2 bytes [46, 76]
.text  ...                                                                                                                                        * 2
.text  C:\Windows\system32\conhost.exe[4456] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe[4516] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                               00000000764da322 1 byte [62]
.text  C:\Windows\system32\wbem\unsecapp.exe[4848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                          000000007721eecd 1 byte [62]
.text  C:\Windows\system32\AUDIODG.EXE[3440] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Users\Sebastian\Downloads\FRST64.exe[1340] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                        000000007721eecd 1 byte [62]
.text  C:\Windows\system32\notepad.exe[2640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Windows\system32\notepad.exe[3552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Windows\system32\notepad.exe[5388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Windows\system32\NOTEPAD.EXE[5228] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Users\Sebastian\Downloads\Gmer-19357.exe[4116] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                    00000000764da322 1 byte [62]

---- EOF - GMER 2.1 ----
         
Danke schonmal im voraus

Gruß sebi

Geändert von shrekislove (31.07.2014 um 12:33 Uhr)

Alt 31.07.2014, 12:31   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen - Standard

Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!





Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 31.07.2014, 12:42   #3
shrekislove
 
Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen - Standard

Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen



tut mir leid dafür, ich habe avast durchlaufen lassen, das programm hat aber nichts gefunden. ich deinstalliere es gerade und downloade mir gleich nod32.

hier nochmal der shortcut:
Code:
ATTFilter
Users shortcut scan result (x64) Version: 31-07-2014 01
Ran by Sebastian at 2014-07-31 12:22:48
Running from C:\Users\Sebastian\Downloads
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk -> C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\Uninstall.lnk -> C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\YTD Video Downloader.lnk -> C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe (GreenTree Applications SRL)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner\Wise Registry Cleaner.lnk -> C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe (WiseCleaner.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online Beta\The Elder Scrolls Online Beta - Uninstall.lnk -> C:\Program Files (x86)\Zenimax Online\Launcher\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\Uninstall.lnk -> C:\Program Files\TeamSpeak 3 Client\Uninstall.exe (TeamSpeak Systems GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pidgin-otr\Uninstall.lnk -> C:\Program Files (x86)\pidgin-otr\pidgin-otr-uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Deinstallieren von Origin.lnk -> C:\Program Files (x86)\Origin\OriginUninstall.exe (Electronic Arts, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin Fehlermelder.lnk -> C:\Program Files (x86)\Origin\OriginER.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin.lnk -> C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Base.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sbase.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Calc.lnk -> C:\Program Files (x86)\OpenOffice 4\program\scalc.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Draw.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Impress.lnk -> C:\Program Files (x86)\OpenOffice 4\program\simpress.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Math.lnk -> C:\Program Files (x86)\OpenOffice 4\program\smath.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Writer.lnk -> C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager\Nexus Mod Manager entfernen.lnk -> C:\Program Files\Nexus Mod Manager\uninstall\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager\Nexus Mod Manager.lnk -> C:\Program Files\Nexus Mod Manager\NexusClient.exe (Black Tree Gaming)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon\Combat Arms EU.lnk -> C:\Program Files (x86)\Combat Arms EU\CombatArms.exe (Nexon)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx\NetWorx on the Web.lnk -> C:\Program Files\NetWorx\networx.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx\NetWorx.lnk -> C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx\Uninstall NetWorx.lnk -> C:\Program Files\NetWorx\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA3100 Genie\NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Midway Games\Rise and Fall\Liesmich-Datei lesen.lnk -> C:\Program Files (x86)\Midway Games\Rise and Fall\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Midway Games\Rise and Fall\Manual.lnk -> C:\Program Files (x86)\Midway Games\Rise and Fall\Manual.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Unifying\Logitech Unifying-Software.lnk -> C:\Program Files\Common Files\Logishrd\Unifying\DJCUHost.exe (Logitech, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win\Kleopatra.lnk -> C:\Program Files (x86)\GNU\GnuPG\kleopatra.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win\Uninstall.lnk -> C:\Program Files (x86)\GNU\GnuPG\gpg4win-uninstall.exe (g10 Code GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win\Dokumentation\Gpg4win HOWTO SMIME.lnk -> C:\Program Files (x86)\GNU\GnuPG\share\gpg4win\HOWTO-SMIME.de.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win\Dokumentation\Gpg4win README.lnk -> C:\Program Files (x86)\GNU\GnuPG\share\gpg4win\README.de.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win\Dokumentation\Gpg4win-Kompendium (pdf, deutsch).lnk -> C:\Program Files (x86)\GNU\GnuPG\share\gpg4win\gpg4win-compendium-de.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win\Dokumentation\Gpg4win-Kompendium (pdf, english).lnk -> C:\Program Files (x86)\GNU\GnuPG\share\gpg4win\gpg4win-compendium-en.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps\Fraps.lnk -> C:\Program Files\fraps.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps\Uninstall.lnk -> C:\Program Files\uninstall.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios\DayZ Commander.lnk -> C:\Program Files (x86)\Dotjosh Studios\DayZ Commander\Current\DayZCommander.exe (Dotjosh Studios, LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Space\Dead Space Endbenutzer-Lizenzvertrag.lnk -> C:\Program Files (x86)\Origin Games\Dead Space\Support\eula\de_DE_eula.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Space\Dead Space.lnk -> C:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Space\Kundendienst.lnk -> C:\Program Files (x86)\Origin Games\Dead Space\Support\EA Help\Kundendienst.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Space\Readme.lnk -> C:\Program Files (x86)\Origin Games\Dead Space\Support\readme\readme.de.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk -> C:\Program Files\CCleaner\uninst.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\ArmA 2\BattlEye\Uninstall BattlEye.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\BattlEye\UnInstallBE.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Hardline Beta\Battlefield Hardline Beta End User License Agreement.lnk -> C:\Program Files (x86)\Origin Games\BFH Beta\Support\eula\en_US_eula.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Hardline Beta\Battlefield Hardline Beta.lnk -> C:\Program Files (x86)\Origin Games\BFH Beta\bfh.exe (Visceral Games)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Hardline Beta\Technical Support.lnk -> C:\Program Files (x86)\Origin Games\BFH Beta\Support\EA Help\Technical Support.en_US.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3\Battlefield 3.lnk -> C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe (EA Digital Illusions CE AB)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3\EA EULA.lnk -> C:\Program Files (x86)\Origin Games\Battlefield 3\Support\eula\ru_RU_eula.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3\Readme.lnk -> C:\Program Files (x86)\Origin Games\Battlefield 3\Support\readme\readme.ru.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3\Техническая поддержка.lnk -> C:\Program Files (x86)\Origin Games\Battlefield 3\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast! Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS GPU Tweak.lnk -> C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe (ASUS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\GPUTweakStreaming.lnk -> C:\Program Files (x86)\ASUS\GPUTweakStreaming\GPUTweakStreaming.exe (ASUS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\AMD Catalyst Control Center.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{E104C6B2-D1D9-45A0-AC70-56FB0294C458}\PlayTasks\3\Detection.exe.lnk -> C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\Detection.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{E104C6B2-D1D9-45A0-AC70-56FB0294C458}\PlayTasks\2\Spielehandbuch.lnk -> C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Support\Manual\R6Vegas2.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{E104C6B2-D1D9-45A0-AC70-56FB0294C458}\PlayTasks\1\Liesmich.txt.lnk -> C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Support\Readme\Liesmich.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{E104C6B2-D1D9-45A0-AC70-56FB0294C458}\PlayTasks\0\Spielen.lnk -> C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe (Ubisoft)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{D7E9E4AD-75C2-459C-81A3-05433A091675}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{B61326F5-0896-4603-A1C7-D7434BD1D128}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe (Bethesda Softworks)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{91EF1C5B-9E13-4136-83A8-E48B881FFD19}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Mafia II\pc\mafia2.exe (2K Czech)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{7EADF4B7-2B56-4E3D-961B-480417950424}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe (Avalanche Studios)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{599A476C-D74F-4E44-B406-C123A5316EF4}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\SpecOps_TheLine\Binaries\Win32\SpecOpsTheLine.exe (Take-Two Interactive Software, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{18C3DB19-89C7-4119-851E-050AACDD23C7}\PlayTasks\3\Detection.exe.lnk -> C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\Detection.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{18C3DB19-89C7-4119-851E-050AACDD23C7}\PlayTasks\2\Spielehandbuch.lnk -> C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Support\Manual\R6Vegas2.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{18C3DB19-89C7-4119-851E-050AACDD23C7}\PlayTasks\1\Liesmich.txt.lnk -> C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Support\Readme\Liesmich.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{18C3DB19-89C7-4119-851E-050AACDD23C7}\PlayTasks\0\Spielen.lnk -> C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe (Ubisoft)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Battlefield Hardline Beta.lnk -> C:\Program Files (x86)\Origin Games\BFH Beta\bfh.exe (Visceral Games)
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\Combat Arms EU.lnk -> C:\Program Files (x86)\Combat Arms EU\CombatArms.exe (Nexon)
Shortcut: C:\Users\Public\Desktop\NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Shortcut: C:\Users\Public\Desktop\Wise Registry Cleaner.lnk -> C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe (WiseCleaner.com)
Shortcut: C:\Users\Public\Desktop\YTD Video Downloader.lnk -> C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe (GreenTree Applications SRL)
Shortcut: C:\Users\Sebastian\Links\Desktop.lnk -> C:\Users\Sebastian\Desktop ()
Shortcut: C:\Users\Sebastian\Links\Downloads.lnk -> C:\Users\Sebastian\Downloads ()
Shortcut: C:\Users\Sebastian\Desktop\TeamSpeak 3 Client.lnk -> C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH)
Shortcut: C:\Users\Sebastian\Desktop\WRLauncher - Verknüpfung.lnk -> C:\Program Files (x86)\Warrock EU\WRLauncher.exe ()
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\avast! Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\spiel\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\spiel\Battlefield 3.lnk -> C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe (EA Digital Illusions CE AB)
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\spiel\DayZ Commander.lnk -> C:\Program Files (x86)\Dotjosh Studios\DayZ Commander\Current\DayZCommander.exe (Dotjosh Studios, LLC)
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\spiel\Dead Space.lnk -> C:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe ()
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\spiel\Katawa Shoujo - Verknüpfung.lnk -> C:\Program Files (x86)\Katawa Shoujo\Katawa Shoujo.exe ()
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\spiel\Nexus Mod Manager.lnk -> C:\Program Files\Nexus Mod Manager\NexusClient.exe (Black Tree Gaming)
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\spiel\rainbow six.lnk -> D:\autorun.exe (No File)
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\spiel\Skyrim (SKSE).lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\skse_loader.exe ()
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\spiel\WarThunder.lnk -> C:\Program Files (x86)\WarThunder\WarThunder\launcher.exe (Gaijin Entertainment)
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\programme\ASUS GPU Tweak.lnk -> C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe (ASUS)
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\programme\avast! Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\programme\Fraps.lnk -> C:\Program Files\fraps.exe (No File)
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\programme\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\programme\GPUTweakStreaming.lnk -> C:\Program Files (x86)\ASUS\GPUTweakStreaming\GPUTweakStreaming.exe (ASUS)
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\programme\NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\programme\OpenOffice 4.0.1.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\programme\Origin.lnk -> C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\programme\Overwolf.lnk -> C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe ()
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\programme\Skype.lnk -> C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe ()
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\programme\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\programme\TeamSpeak 3 Client.lnk -> C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH)
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\programme\TeamViewer 9.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\Users\Sebastian\Desktop\K - Kopie\programme\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\Sebastian\Desktop\K\avast! Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
Shortcut: C:\Users\Sebastian\Desktop\K\spiel\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Sebastian\Desktop\K\spiel\Battlefield 3.lnk -> C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe (EA Digital Illusions CE AB)
Shortcut: C:\Users\Sebastian\Desktop\K\spiel\DayZ Commander.lnk -> C:\Program Files (x86)\Dotjosh Studios\DayZ Commander\Current\DayZCommander.exe (Dotjosh Studios, LLC)
Shortcut: C:\Users\Sebastian\Desktop\K\spiel\Dead Space.lnk -> C:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe ()
Shortcut: C:\Users\Sebastian\Desktop\K\spiel\Katawa Shoujo - Verknüpfung.lnk -> C:\Program Files (x86)\Katawa Shoujo\Katawa Shoujo.exe ()
Shortcut: C:\Users\Sebastian\Desktop\K\spiel\Nexus Mod Manager.lnk -> C:\Program Files\Nexus Mod Manager\NexusClient.exe (Black Tree Gaming)
Shortcut: C:\Users\Sebastian\Desktop\K\spiel\rainbow six.lnk -> D:\autorun.exe (No File)
Shortcut: C:\Users\Sebastian\Desktop\K\spiel\Skyrim (SKSE).lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\skse_loader.exe ()
Shortcut: C:\Users\Sebastian\Desktop\K\spiel\WarThunder.lnk -> C:\Program Files (x86)\WarThunder\WarThunder\launcher.exe (Gaijin Entertainment)
Shortcut: C:\Users\Sebastian\Desktop\K\programme\ASUS GPU Tweak.lnk -> C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe (ASUS)
Shortcut: C:\Users\Sebastian\Desktop\K\programme\avast! Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
Shortcut: C:\Users\Sebastian\Desktop\K\programme\Fraps.lnk -> C:\Program Files\fraps.exe (No File)
Shortcut: C:\Users\Sebastian\Desktop\K\programme\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Sebastian\Desktop\K\programme\GPUTweakStreaming.lnk -> C:\Program Files (x86)\ASUS\GPUTweakStreaming\GPUTweakStreaming.exe (ASUS)
Shortcut: C:\Users\Sebastian\Desktop\K\programme\NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Shortcut: C:\Users\Sebastian\Desktop\K\programme\OpenOffice 4.0.1.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\Users\Sebastian\Desktop\K\programme\Origin.lnk -> C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\Users\Sebastian\Desktop\K\programme\Overwolf.lnk -> C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe ()
Shortcut: C:\Users\Sebastian\Desktop\K\programme\Skype.lnk -> C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe ()
Shortcut: C:\Users\Sebastian\Desktop\K\programme\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Sebastian\Desktop\K\programme\TeamSpeak 3 Client.lnk -> C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH)
Shortcut: C:\Users\Sebastian\Desktop\K\programme\TeamViewer 9.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\Users\Sebastian\Desktop\K\programme\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\War Thunder entfernen.lnk -> C:\Program Files (x86)\WarThunder\WarThunder\unins000.exe ()
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk -> C:\Program Files (x86)\WarThunder\WarThunder\launcher.exe (Gaijin Entertainment)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf\Overwolf.lnk -> C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe ()
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf\Uninstall Overwolf.lnk -> C:\Program Files (x86)\Overwolf\OWUninstaller.exe (Overwolf LTD)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\Arma 2 Operation Arrowhead\BattlEye\Uninstall BattlEye.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\Expansion\BattlEye\UnInstallBE.exe ()
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Origin.lnk -> C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam - Verknüpfung.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TeamSpeak 3 Client.lnk -> C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TorBrowser.lnk -> C:\Users\Sebastian\Desktop\Tor Browser\Browser\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Pidgin.lnk -> C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
Shortcut: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Sebastian\AppData\Local\Microsoft\Windows\GameExplorer\{E104C6B2-D1D9-45A0-AC70-56FB0294C458}\PlayTasks\3\Detection.exe.lnk -> C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\Detection.exe ()
Shortcut: C:\Users\Sebastian\AppData\Local\Microsoft\Windows\GameExplorer\{E104C6B2-D1D9-45A0-AC70-56FB0294C458}\PlayTasks\2\Spielehandbuch.lnk -> C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Support\Manual\R6Vegas2.pdf ()
Shortcut: C:\Users\Sebastian\AppData\Local\Microsoft\Windows\GameExplorer\{E104C6B2-D1D9-45A0-AC70-56FB0294C458}\PlayTasks\1\Liesmich.txt.lnk -> C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Support\Readme\Liesmich.txt ()
Shortcut: C:\Users\Sebastian\AppData\Local\Microsoft\Windows\GameExplorer\{E104C6B2-D1D9-45A0-AC70-56FB0294C458}\PlayTasks\0\Spielen.lnk -> C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe (Ubisoft)
Shortcut: C:\Users\Sebastian\AppData\Local\Microsoft\Windows\GameExplorer\{DEE780EC-F8FF-49CB-AE97-4877D0F64E53}\PlayTasks\0\Spielen.lnk -> C:\Users\Sebastian\Downloads\Gothic2.exe (Piranha Bytes)
Shortcut: C:\Users\Sebastian\AppData\Local\Microsoft\Windows\GameExplorer\{99710F9B-97C5-4304-96B7-F959FBADA588}\PlayTasks\0\Spielen.lnk -> C:\Program Files (x86)\Midway Games\Rise and Fall\RiseAndFall.exe (Midway Home Entertainment)
Shortcut: C:\Users\Sebastian\AppData\Local\Microsoft\Windows\GameExplorer\{8C65DA15-249C-4203-BD2D-3524A6D7D68A}\PlayTasks\0\Spielen.lnk -> C:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe ()




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online Beta\The Elder Scrolls Online Beta.lnk -> C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe (ZeniMax Online Studios) -> /InstallOrRun "ESO_Beta"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT\Kone Mouse\Kone Driver.lnk -> C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT) -> 1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT\Kone Mouse\Uninstall Kone Driver.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9733747E-E53D-4C17-977E-3A872AFB93E1}\Setup.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager\Nexus Mod Manager (Trace Mode).lnk -> C:\Program Files\Nexus Mod Manager\NexusClient.exe (Black Tree Gaming) -> -trace
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA3100 Genie\NETGEAR WNA3100-Software deinstallieren.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{C2425F91-1F7B-4037-9A05-9F290184798D}\setup.exe (Acresso Software Inc.                                        ) -> -z "-Remove"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Midway Games\Rise and Fall\Rise and Fall deinstallieren.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}\setup.exe (Macrovision Corporation) -> -removeonly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Midway Games\Rise and Fall\Rise and Fall.lnk -> C:\Program Files (x86)\Midway Games\Rise and Fall\RiseAndFall.exe (Midway Home Entertainment) ->  -datapath "data\" -redistpath "redist\" -nodump
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Maus und Tastatur\Maus- und Tastatureinstellungen.lnk -> C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast! SafeZone.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software) -> /sfzonebrowser
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\Hilfe.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Help -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Public\Desktop\Rise and Fall.lnk -> C:\Program Files (x86)\Midway Games\Rise and Fall\RiseAndFall.exe (Midway Home Entertainment) ->  -datapath "data\" -redistpath "redist\" -nodump
ShortcutWithArgument: C:\Users\Sebastian\Desktop\K - Kopie\spiel\The Elder Scrolls Online Beta.lnk -> C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe (ZeniMax Online Studios) -> /InstallOrRun "ESO_Beta"
ShortcutWithArgument: C:\Users\Sebastian\Desktop\K - Kopie\programme\avast! SafeZone.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software) -> /sfzonebrowser
ShortcutWithArgument: C:\Users\Sebastian\Desktop\K\spiel\The Elder Scrolls Online Beta.lnk -> C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe (ZeniMax Online Studios) -> /InstallOrRun "ESO_Beta"
ShortcutWithArgument: C:\Users\Sebastian\Desktop\K\programme\avast! SafeZone.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software) -> /sfzonebrowser
ShortcutWithArgument: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Logs and errors.lnk -> C:\Program Files (x86)\WarThunder\WarThunder\.game_logs () -> cd 
ShortcutWithArgument: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Replays.lnk -> C:\Program Files (x86)\WarThunder\WarThunder\Replays () -> cd 
ShortcutWithArgument: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Screenshots.lnk -> C:\Program Files (x86)\WarThunder\WarThunder\Screenshots () -> cd 
ShortcutWithArgument: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Rise and Fall.lnk -> C:\Program Files (x86)\Midway Games\Rise and Fall\RiseAndFall.exe (Midway Home Entertainment) ->  -datapath "data\" -redistpath "redist\" -nodump


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\Web site.url -> hxxp://www.ytddownloader.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon\WarRock.url -> hxxp://warrock.nexoneu.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon\넥슨.url -> hxxp://www.nexon.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win\Dokumentation\Gpg4win-Kompendium (html, deutsch).url -> hxxp://www.gpg4win.org/doc/de/gpg4win-compendium.html
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win\Dokumentation\Gpg4win-Kompendium (html, englisch).url -> hxxp://www.gpg4win.org/doc/en/gpg4win-compendium.html
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> hxxp://www.piriform.com/ccleaner
InternetURL: C:\Users\Sebastian\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Sebastian\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\Sebastian\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\Sebastian\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\Sebastian\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\Sebastian\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\Sebastian\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\Sebastian\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\Sebastian\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\Sebastian\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\Sebastian\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\Sebastian\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\Sebastian\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Sebastian\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\Sebastian\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\Sebastian\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\Sebastian\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Sebastian\Favorites\Links\Vorgeschlagene Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Sebastian\Favorites\Links\Web Slice-Katalog.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Sebastian\Desktop\Arma 3.url -> steam://rungameid/107410
InternetURL: C:\Users\Sebastian\Desktop\BioShock.url -> steam://rungameid/7670
InternetURL: C:\Users\Sebastian\Desktop\PAYDAY 2.url -> steam://rungameid/218620
InternetURL: C:\Users\Sebastian\Desktop\K - Kopie\WarRock.url -> hxxp://warrock.nexoneu.com/
InternetURL: C:\Users\Sebastian\Desktop\K - Kopie\spiel\Call of Duty Black Ops II - Multiplayer.url -> steam://rungameid/202990
InternetURL: C:\Users\Sebastian\Desktop\K\WarRock.url -> hxxp://warrock.nexoneu.com/
InternetURL: C:\Users\Sebastian\Desktop\K\spiel\Call of Duty Black Ops II - Multiplayer.url -> steam://rungameid/202990

==================== End of log =============================
         
__________________

Alt 31.07.2014, 13:44   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen - Standard

Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen



Zitat:
und downloade mir gleich nod32.
Wer hat gesagt du sollst das downloaden und ausführen??
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 31.07.2014, 13:56   #5
shrekislove
 
Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen - Standard

Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen



ein freund hat mir nur das antivirenprogramm empfohlen weil es besser als avast ist.


Alt 31.07.2014, 14:29   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen - Standard

Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen



Wenn wir dir hier helfen sollen installierst du aber nix ohne Absprache. Solche parallelel Helferschienen führen einfach ins Chaos.
__________________
--> Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen

Alt 31.07.2014, 15:46   #7
shrekislove
 
Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen - Standard

Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen



und, habt ihr vieleicht schon etwas gefunden?

Alt 31.07.2014, 22:33   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen - Standard

Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen



Ich wollte deine Bestätigung lesen, dass du nichts ohne meine Absprache installierst.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.08.2014, 00:12   #9
shrekislove
 
Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen - Standard

Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen



ok ich installiere nichts ohne Absprache. Und tut mir leid dass ich mich nicht mehr gemeldet habe, ich hatte die letzten tage leider keine Zeit.

Alt 04.08.2014, 10:21   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen - Standard

Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.08.2014, 15:36   #11
shrekislove
 
Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen - Standard

Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen



Hier die Adwcleaner Logdatei. schritt 2 und 3 hab ich noch nicht gemacht.

Code:
ATTFilter
# AdwCleaner v3.302 - Bericht erstellt am 04/08/2014 um 16:13:01
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Sebastian - SEBASTIAN-PC
# Gestartet von : C:\Users\Sebastian\Desktop\adwcleaner_3.302.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Ordner Gelöscht : C:\Users\Sebastian\AppData\Roaming\Systweak
Datei Gelöscht : C:\Windows\System32\roboot64.exe

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SearchProtectInt2
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\systweak

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7601.17514

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v36.0.1985.125

[ Datei : C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [2510 octets] - [04/08/2014 16:10:56]
AdwCleaner[S0].txt - [2095 octets] - [04/08/2014 16:13:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2155 octets] ##########
         
ok wies aussieht war es dieser blöde youtube downloader..im Adw war es der GreenTree applications ordner, welcher der youtube downloader war.
Im JRT war es auch der fall.

JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Sebastian on 04.08.2014 at 16:28:27,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.08.2014 at 16:32:55,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 04.08.2014, 21:07   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen - Standard

Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen



Neue FRST Logs fehlen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.08.2014, 22:08   #13
shrekislove
 
Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen - Standard

Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen



Die neuen:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01
Ran by Sebastian (administrator) on SEBASTIAN-PC on 04-08-2014 23:05:31
Running from C:\Users\Sebastian\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\ASGT.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Akamai Technologies, Inc.) C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(ROCCAT) C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Akamai Technologies, Inc.) C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ROCCAT) C:\Program Files (x86)\ROCCAT\Kone Mouse\OSD.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6553808 2014-06-24] (SoftPerfect Research)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5581888 2014-02-24] (ESET)
HKLM-x32\...\Run: [Kone] => C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE [180224 2009-09-15] (ROCCAT)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-09-11] (AMD)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-02] (Google Inc.)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [37632 2014-01-30] (Overwolf LTD)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [AshSnap] => C:\Program Files\Ashampoo Snap 4\ashsnap.exe [1528176 2011-04-01] (ashampoo GmbH & Co. KG)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xED82E6AE3520CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Sebastian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-03]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome: 
=======
CHR HomePage: hxxp://google.de/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-02]
CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-02]
CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-02]
CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-02]
CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-02]
CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-02]
CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-03-23] () [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1343408 2014-02-24] (ESET)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [98560 2014-01-30] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-28] ()
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [307928 2013-11-11] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
R3 KoneFltr; C:\Windows\System32\drivers\Kone.sys [15488 2008-12-11] (ROCCAT Ltd)
R1 networx; C:\Windows\System32\drivers\networx.sys [59384 2014-05-09] (NetFilterSDK.com)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 17:12 - 2014-08-04 17:12 - 00000405 _____ () C:\Users\Sebastian\Documents\Daniel pws
2014-08-04 16:32 - 2014-08-04 16:32 - 00000805 _____ () C:\Users\Sebastian\Desktop\JRT.txt
2014-08-04 16:28 - 2014-08-04 16:28 - 00000000 ____D () C:\Windows\ERUNT
2014-08-04 16:25 - 2014-08-04 16:26 - 01016261 _____ (Thisisu) C:\Users\Sebastian\Desktop\JRT.exe
2014-08-04 16:15 - 2014-08-04 16:15 - 00000022 _____ () C:\Windows\S.dirmngr
2014-08-04 16:11 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-04 16:10 - 2014-08-04 16:13 - 00000000 ____D () C:\AdwCleaner
2014-08-04 16:08 - 2014-08-04 16:08 - 01361309 _____ () C:\Users\Sebastian\Desktop\adwcleaner_3.302.exe
2014-08-04 16:06 - 2014-08-04 16:06 - 00000030 _____ () C:\Users\Sebastian\Desktop\paypal.txt
2014-08-04 16:05 - 2014-08-04 16:05 - 00000000 _____ () C:\Users\Sebastian\Desktop\MC accs.txt
2014-08-01 11:01 - 2014-08-04 16:15 - 00404686 _____ () C:\Windows\PFRO.log
2014-08-01 11:01 - 2014-08-04 16:15 - 00000392 _____ () C:\Windows\setupact.log
2014-08-01 11:01 - 2014-08-01 11:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-31 15:35 - 2014-07-31 15:35 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\ESET
2014-07-31 13:47 - 2014-07-31 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-07-31 13:47 - 2014-07-31 13:47 - 00000000 ____D () C:\ProgramData\ESET
2014-07-31 13:47 - 2014-07-31 13:47 - 00000000 ____D () C:\Program Files\ESET
2014-07-31 13:40 - 2014-07-31 13:40 - 01695680 _____ (ESET) C:\Users\Sebastian\Downloads\eset_nod32_antivirus_live_installer_.exe
2014-07-31 13:32 - 2014-07-31 13:32 - 00013817 _____ () C:\Users\Sebastian\Desktop\GMER.txt
2014-07-31 12:24 - 2014-07-31 12:24 - 00380416 _____ () C:\Users\Sebastian\Downloads\Gmer-19357.exe
2014-07-31 12:22 - 2014-07-31 12:22 - 00052312 _____ () C:\Users\Sebastian\Downloads\Shortcut.txt
2014-07-31 12:22 - 2014-07-31 12:22 - 00029171 _____ () C:\Users\Sebastian\Downloads\Addition.txt
2014-07-31 12:21 - 2014-08-04 23:05 - 00014117 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-07-31 12:21 - 2014-08-04 23:05 - 00000000 ____D () C:\FRST
2014-07-31 12:20 - 2014-07-31 12:20 - 02094080 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe
2014-07-31 12:17 - 2014-07-31 12:17 - 01084928 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST.exe
2014-07-30 00:37 - 2014-07-30 00:37 - 00011842 _____ () C:\Users\Sebastian\Documents\ayy lmao.odt
2014-07-30 00:14 - 2014-07-30 00:14 - 00000000 ____D () C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2014-07-30 00:14 - 2014-07-30 00:14 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\2K Games
2014-07-28 01:12 - 2014-07-28 01:14 - 06462968 _____ () C:\Users\Sebastian\Documents\I´m Sorry.mp4
2014-07-23 22:55 - 2014-07-23 22:55 - 00000000 ____D () C:\Users\Sebastian\Desktop\Text dokumentz
2014-07-23 22:22 - 2014-07-23 22:24 - 27167987 _____ () C:\Users\Sebastian\Desktop\torbrowser-install-3.6.2_en-US.exe
2014-07-22 20:19 - 2014-07-22 21:16 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Bioshock
2014-07-22 20:19 - 2014-07-22 20:27 - 00000000 ____D () C:\Users\Sebastian\Documents\Bioshock
2014-07-22 18:35 - 2014-07-27 00:31 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\DarknessII
2014-07-21 19:38 - 2014-07-21 19:38 - 00000220 _____ () C:\Users\Sebastian\Desktop\BioShock.url
2014-07-20 21:48 - 2014-07-20 21:48 - 00007605 _____ () C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg
2014-07-16 16:15 - 2014-07-16 16:15 - 00001222 ____R () C:\Users\Sebastian\Desktop\BitLocker-Wiederherstellungsschlüssel B66D4F0E-4BCD-479B-A766-A10180C7A72B.txt
2014-07-12 17:37 - 2014-07-12 17:39 - 00000000 ____D () C:\Users\Sebastian\Desktop\Zelda
2014-07-12 17:36 - 2014-07-12 17:39 - 00000000 ____D () C:\Users\Sebastian\Documents\Dolphin Emulator
2014-07-12 17:34 - 2014-07-12 17:35 - 00000000 ____D () C:\Users\Sebastian\Desktop\dolphin2
2014-07-07 00:18 - 2014-07-07 00:18 - 00020138 _____ () C:\Users\Sebastian\Documents\Kündigung2.odt
2014-07-07 00:18 - 2014-07-07 00:18 - 00020138 _____ () C:\Users\Sebastian\Desktop\Kündigung2.odt
2014-07-06 19:19 - 2014-07-06 23:20 - 00018103 _____ () C:\Users\Sebastian\Desktop\Kündigung.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 23:05 - 2014-07-31 12:21 - 00014117 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-08-04 23:05 - 2014-07-31 12:21 - 00000000 ____D () C:\FRST
2014-08-04 22:47 - 2014-02-02 21:53 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Skype
2014-08-04 22:24 - 2014-02-02 20:48 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-04 22:00 - 2014-02-02 22:02 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\TS3Client
2014-08-04 18:54 - 2014-02-04 17:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-04 18:16 - 2014-02-03 01:24 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-08-04 18:16 - 2014-02-03 00:58 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-08-04 18:09 - 2014-02-03 00:07 - 00000000 ____D () C:\ProgramData\Origin
2014-08-04 18:08 - 2014-02-02 22:27 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-04 17:12 - 2014-08-04 17:12 - 00000405 _____ () C:\Users\Sebastian\Documents\Daniel pws
2014-08-04 16:43 - 2014-02-02 01:34 - 01404193 _____ () C:\Windows\WindowsUpdate.log
2014-08-04 16:32 - 2014-08-04 16:32 - 00000805 _____ () C:\Users\Sebastian\Desktop\JRT.txt
2014-08-04 16:28 - 2014-08-04 16:28 - 00000000 ____D () C:\Windows\ERUNT
2014-08-04 16:26 - 2014-08-04 16:25 - 01016261 _____ (Thisisu) C:\Users\Sebastian\Desktop\JRT.exe
2014-08-04 16:22 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-04 16:22 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-04 16:15 - 2014-08-04 16:15 - 00000022 _____ () C:\Windows\S.dirmngr
2014-08-04 16:15 - 2014-08-01 11:01 - 00404686 _____ () C:\Windows\PFRO.log
2014-08-04 16:15 - 2014-08-01 11:01 - 00000392 _____ () C:\Windows\setupact.log
2014-08-04 16:15 - 2014-02-02 22:02 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Overwolf
2014-08-04 16:15 - 2014-02-02 20:48 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-04 16:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-04 16:13 - 2014-08-04 16:10 - 00000000 ____D () C:\AdwCleaner
2014-08-04 16:08 - 2014-08-04 16:08 - 01361309 _____ () C:\Users\Sebastian\Desktop\adwcleaner_3.302.exe
2014-08-04 16:06 - 2014-08-04 16:06 - 00000030 _____ () C:\Users\Sebastian\Desktop\paypal.txt
2014-08-04 16:05 - 2014-08-04 16:05 - 00000000 _____ () C:\Users\Sebastian\Desktop\MC accs.txt
2014-08-04 15:43 - 2011-04-12 09:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-08-04 15:43 - 2011-04-12 09:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-08-04 15:43 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-04 03:10 - 2014-02-10 22:30 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Battle.net
2014-08-03 23:05 - 2014-02-04 21:08 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\.minecraft
2014-08-03 20:44 - 2014-02-03 00:58 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-08-02 23:19 - 2014-06-29 15:18 - 00000075 _____ () C:\Users\Sebastian\.atl.properties
2014-08-01 11:42 - 2014-02-03 17:02 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-01 11:01 - 2014-08-01 11:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 11:01 - 2014-02-02 23:36 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-31 15:35 - 2014-07-31 15:35 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\ESET
2014-07-31 13:47 - 2014-07-31 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-07-31 13:47 - 2014-07-31 13:47 - 00000000 ____D () C:\ProgramData\ESET
2014-07-31 13:47 - 2014-07-31 13:47 - 00000000 ____D () C:\Program Files\ESET
2014-07-31 13:40 - 2014-07-31 13:40 - 01695680 _____ (ESET) C:\Users\Sebastian\Downloads\eset_nod32_antivirus_live_installer_.exe
2014-07-31 13:32 - 2014-07-31 13:32 - 00013817 _____ () C:\Users\Sebastian\Desktop\GMER.txt
2014-07-31 12:24 - 2014-07-31 12:24 - 00380416 _____ () C:\Users\Sebastian\Downloads\Gmer-19357.exe
2014-07-31 12:22 - 2014-07-31 12:22 - 00052312 _____ () C:\Users\Sebastian\Downloads\Shortcut.txt
2014-07-31 12:22 - 2014-07-31 12:22 - 00029171 _____ () C:\Users\Sebastian\Downloads\Addition.txt
2014-07-31 12:20 - 2014-07-31 12:20 - 02094080 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe
2014-07-31 12:17 - 2014-07-31 12:17 - 01084928 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST.exe
2014-07-30 17:27 - 2014-05-10 17:34 - 00000000 ____D () C:\Users\Sebastian\Desktop\Temp
2014-07-30 17:24 - 2014-05-10 17:34 - 00000000 ____D () C:\Users\Sebastian\Desktop\Instances
2014-07-30 00:37 - 2014-07-30 00:37 - 00011842 _____ () C:\Users\Sebastian\Documents\ayy lmao.odt
2014-07-30 00:14 - 2014-07-30 00:14 - 00000000 ____D () C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2014-07-30 00:14 - 2014-07-30 00:14 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\2K Games
2014-07-29 17:06 - 2014-02-02 20:48 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-29 17:06 - 2014-02-02 20:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-29 15:37 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-29 00:28 - 2014-02-26 22:40 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\.purple
2014-07-28 01:14 - 2014-07-28 01:12 - 06462968 _____ () C:\Users\Sebastian\Documents\I´m Sorry.mp4
2014-07-27 00:31 - 2014-07-22 18:35 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\DarknessII
2014-07-24 23:14 - 2014-02-10 22:30 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-23 22:55 - 2014-07-23 22:55 - 00000000 ____D () C:\Users\Sebastian\Desktop\Text dokumentz
2014-07-23 22:24 - 2014-07-23 22:22 - 27167987 _____ () C:\Users\Sebastian\Desktop\torbrowser-install-3.6.2_en-US.exe
2014-07-22 22:31 - 2014-05-30 17:08 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\PAYDAY 2
2014-07-22 21:19 - 2014-02-03 16:31 - 00000000 ____D () C:\Users\Sebastian\Documents\My Games
2014-07-22 21:16 - 2014-07-22 20:19 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Bioshock
2014-07-22 20:27 - 2014-07-22 20:19 - 00000000 ____D () C:\Users\Sebastian\Documents\Bioshock
2014-07-22 18:40 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-22 18:29 - 2014-02-03 00:09 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-07-22 18:23 - 2014-02-02 22:02 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-07-22 17:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-21 19:38 - 2014-07-21 19:38 - 00000220 _____ () C:\Users\Sebastian\Desktop\BioShock.url
2014-07-20 21:48 - 2014-07-20 21:48 - 00007605 _____ () C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg
2014-07-20 19:04 - 2014-02-11 23:58 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\vlc
2014-07-20 16:48 - 2014-05-02 21:04 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\dvdcss
2014-07-16 16:15 - 2014-07-16 16:15 - 00001222 ____R () C:\Users\Sebastian\Desktop\BitLocker-Wiederherstellungsschlüssel B66D4F0E-4BCD-479B-A766-A10180C7A72B.txt
2014-07-12 17:39 - 2014-07-12 17:37 - 00000000 ____D () C:\Users\Sebastian\Desktop\Zelda
2014-07-12 17:39 - 2014-07-12 17:36 - 00000000 ____D () C:\Users\Sebastian\Documents\Dolphin Emulator
2014-07-12 17:39 - 2014-06-11 17:11 - 00000000 ____D () C:\Users\Sebastian\Desktop\stick
2014-07-12 17:35 - 2014-07-12 17:34 - 00000000 ____D () C:\Users\Sebastian\Desktop\dolphin2
2014-07-12 17:32 - 2014-06-01 15:50 - 00000000 ____D () C:\Users\Sebastian\Desktop\Stick Patrick
2014-07-09 21:18 - 2014-02-03 22:26 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-07-07 00:18 - 2014-07-07 00:18 - 00020138 _____ () C:\Users\Sebastian\Documents\Kündigung2.odt
2014-07-07 00:18 - 2014-07-07 00:18 - 00020138 _____ () C:\Users\Sebastian\Desktop\Kündigung2.odt
2014-07-06 23:20 - 2014-07-06 19:19 - 00018103 _____ () C:\Users\Sebastian\Desktop\Kündigung.odt
2014-07-06 23:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-06 17:39 - 2014-04-26 16:51 - 00000000 ____D () C:\Users\Sebastian\Desktop\K

Some content of TEMP:
====================
C:\Users\Sebastian\AppData\Local\Temp\BackupSetup.exe
C:\Users\Sebastian\AppData\Local\Temp\InstHelper.exe
C:\Users\Sebastian\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 20:35

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 01
Ran by Sebastian at 2014-08-04 23:05:52
Running from C:\Users\Sebastian\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{4B5124DF-F465-2BA6-FCCF-82C149E1223D}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.9.2 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.4.9.2 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 3™ (HKLM-x32\...\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield™ Hardline Beta (HKLM-x32\...\{599276A7-F45D-40B1-A0B6-CF132A1CAD49}) (Version: 1.0.0.5 - Electronic Arts)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Marin)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version:  - )
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET NOD32 Antivirus (HKLM\...\{EDD78A07-776B-417C-817B-35BB00F12EBF}) (Version: 7.0.317.4 - ESET, spol s r. o.)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.00.0000 - JoWooD Productions Software AG)
Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project)
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.2 - NETGEAR)
NetWorx 5.3.2 (HKLM\...\NetWorx_is1) (Version:  - Softperfect Research)
Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.49.0 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\{A7234617-513C-4292-A013-7DD915493BDA}) (Version: 0.49.305 - Overwolf)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 beta r2286 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Rise and Fall (HKLM-x32\...\{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}) (Version: 1.00.0000 - Midway Games)
ROCCAT Kone Mouse Driver (HKLM-x32\...\{9733747E-E53D-4C17-977E-3A872AFB93E1}) (Version:  - )
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version:  - Yager)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25790 - TeamViewer)
The Darkness II (HKLM-x32\...\Steam App 67370) (Version:  - Digital Extremes)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Tom Clancy's Rainbow Six Vegas 2 (HKLM-x32\...\{FD416706-875C-4B0B-A23A-9E740DAE029E}) (Version: 1.03 - Ubisoft)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
War Thunder Launcher 1.0.1.322 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
WarRock (HKLM-x32\...\Warrock EU) (Version:  - )
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wise Registry Cleaner 8.12 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.12 - WiseCleaner.com, Inc.)
YTD Video Downloader 4.8.3 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.3 - GreenTree Applications SRL)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

26-07-2014 20:28:22 DirectX wurde installiert
29-07-2014 14:04:52 DirectX wurde installiert
29-07-2014 22:12:41 DirectX wurde installiert
30-07-2014 18:45:46 DirectX wurde installiert
31-07-2014 11:35:43 avast! antivirus system restore point
31-07-2014 11:43:38 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AE46977-DAFB-4E43-A6E8-48444D062FB6} - System32\Tasks\{EB801E42-A21F-4704-B6D9-FDB2CDBD1FAF} => C:\Program Files (x86)\Steam\Steam.exe [2014-07-16] (Valve Corporation)
Task: {2285D577-B1B3-48A5-B41A-480B3F01516F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02] (Google Inc.)
Task: {25D9B035-D6D6-4154-B1F0-7803BF5B455F} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {98518E86-C0C1-43D9-A8CC-B7A2ED1387FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02] (Google Inc.)
Task: {9A506F7D-02C4-4CF8-870B-C7785585C6DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-06 17:06 - 2013-12-06 17:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-12-06 17:06 - 2013-12-06 17:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-01-17 12:24 - 2012-01-17 12:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2013-10-07 16:54 - 2013-10-07 16:54 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2014-02-03 00:58 - 2014-06-28 18:03 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-03 21:28 - 2013-11-11 15:10 - 00307928 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2014-06-28 17:37 - 2014-06-06 15:41 - 00718336 _____ () C:\Program Files\NetWorx\sqlite.dll
2014-05-03 21:28 - 2013-11-22 19:34 - 08266456 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
2013-12-06 17:06 - 2013-12-06 17:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-04-06 12:30 - 2014-04-06 12:30 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-04-06 12:30 - 2014-04-06 12:30 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2014-04-06 12:30 - 2014-04-06 12:30 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2013-10-23 14:15 - 2014-06-24 21:58 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2013-10-23 14:15 - 2014-06-24 21:58 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-04-06 12:30 - 2014-04-06 12:30 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2014-04-06 12:30 - 2014-04-06 12:30 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2013-10-23 14:15 - 2014-07-22 18:23 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-10-23 14:15 - 2014-07-22 18:23 - 00579016 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-04-06 12:30 - 2014-04-06 12:30 - 00159232 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-10-07 16:47 - 2013-10-07 16:47 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-10-07 16:44 - 2013-10-07 16:44 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2014-05-03 21:28 - 2013-10-30 19:06 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2014-05-03 21:28 - 2013-11-01 17:31 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
2014-07-21 21:30 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-21 21:30 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-21 21:30 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-21 21:30 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-21 21:30 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-02-02 22:27 - 2014-07-27 14:59 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-02-02 22:27 - 2014-07-27 14:59 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-02-02 22:27 - 2014-07-27 14:59 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-02-02 22:27 - 2014-07-27 14:59 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-02-02 22:27 - 2014-07-27 14:59 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-02-02 22:27 - 2014-07-27 14:59 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-02-02 22:27 - 2014-07-27 14:59 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-02-02 22:27 - 2014-07-27 14:59 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-05-22 00:27 - 2014-07-12 02:53 - 01116672 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-04-23 14:45 - 2014-07-12 02:53 - 00438784 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-05-22 00:27 - 2014-07-12 02:53 - 00399360 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-02-04 17:32 - 2014-07-12 02:53 - 00331264 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-02-04 17:32 - 2014-06-27 00:40 - 00764416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 00:27 - 2014-07-16 04:28 - 02139328 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-22 00:27 - 2014-04-29 02:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2014-02-04 17:32 - 2014-07-16 04:28 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-02-04 17:32 - 2014-05-02 01:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2014 06:54:17 PM) (Source: MsiInstaller) (EventID: 1013) (User: Sebastian-PC)
Description: Product: NVIDIA PhysX -- Installation terminated


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (08/04/2014 06:54:17 PM) (Source: MsiInstaller) (EventID: 1013) (User: Sebastian-PC)
Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info =========================== 

Percentage of memory in use: 30%
Total physical RAM: 8148.75 MB
Available physical RAM: 5636.49 MB
Total Pagefile: 16295.7 MB
Available Pagefile: 13229.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:489.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 4DA2E21B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 04.08.2014, 22:17   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen - Standard

Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen



Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.08.2014, 00:21   #15
shrekislove
 
Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen - Standard

Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen



mbam:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 04.08.2014
Suchlauf-Zeit: 23:24:51
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.04.08
Rootkit Datenbank: v2014.08.04.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Sebastian

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 287324
Verstrichene Zeit: 6 Min, 54 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Mir ist des aufgefallen dass es in mehreren scans von den verschieden sachen hier des öfteren dieses "systweak" als malware und ähnliches angezeigt wurde.

Eset:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=95638c80ed265747a4c6136044722ea3
# engine=19497
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-04 11:10:46
# local_time=2014-08-05 01:10:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 104599623 158823696 0 0
# compatibility_mode_1='ESET NOD32 Antivirus 7.0'
# compatibility_mode=8220 16777213 100 100 310180 27773588 0 0
# scanned=377324
# found=1
# cleaned=1
# scan_time=3871
# nod_component=V3 Build:0x30000000
sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Sebastian\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
         

Antwort

Themen zu Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen
adware, akamai, antivirus, bootmgr, branding, computer, downloader, fehlermeldung, flash player, google, helper, homepage, iexplore.exe, installation, ip-hilfsdienst, monitor.exe, netgear, prozess, realtek, registry, scan, security, software, svchost.exe, system, teamspeak, trojaner, trojaner 98uj8, windows, zugriff verweigert




Ähnliche Themen: Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen


  1. Laptop ruft selbst die seite: http://98uj8.de/s3brsn5ba66mgfzeinrum#noad site:www.trojaner-board.de auf
    Log-Analyse und Auswertung - 15.08.2014 (11)
  2. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad Öffnet mehrere Seiten im Firefox
    Plagegeister aller Art und deren Bekämpfung - 07.08.2014 (9)
  3. Browser öffnet 98uj8.de/s3brsn5ba66mgfzeinrum#noad
    Plagegeister aller Art und deren Bekämpfung - 06.08.2014 (12)
  4. Webseite http://www.98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnet sich von alleine
    Log-Analyse und Auswertung - 06.08.2014 (9)
  5. http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal
    Plagegeister aller Art und deren Bekämpfung - 06.08.2014 (18)
  6. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnet sich im Sekundentakt
    Log-Analyse und Auswertung - 05.08.2014 (5)
  7. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad Öffnet sich mehrmals im Browser. :(
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (18)
  8. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öfnet sich hintereinander
    Plagegeister aller Art und deren Bekämpfung - 04.08.2014 (9)
  9. PC (Win7) hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet in Google Chrome
    Plagegeister aller Art und deren Bekämpfung - 04.08.2014 (4)
  10. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnet sich Mehrfach
    Plagegeister aller Art und deren Bekämpfung - 03.08.2014 (14)
  11. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnete sich selbstständig ca 30x
    Plagegeister aller Art und deren Bekämpfung - 02.08.2014 (4)
  12. Google Chrome öffnet 98uj8.de/s3brsn5ba66mgfzeinrum#noad selbstständig
    Plagegeister aller Art und deren Bekämpfung - 02.08.2014 (1)
  13. Windows 8: Firefox öffnet aus dem nichts unzählige Male "hXXp://98uj8.de/s3brsn5ba66mgfzeinrum#noad"
    Log-Analyse und Auswertung - 01.08.2014 (9)
  14. !KEINE FRAGE! meine lösung zum "98uj8.de/s3brsn5ba66mgfzeinrum#noad" problem
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (3)
  15. Windows 7 Trojaner : h**p://98uj8.de/s3brsn5ba66mgfzeinrum#noad
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (5)
  16. Windows 7: Firefox öffnet http://98uj8.de/s3brsn5ba66mgfzeinrum#noad
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (2)
  17. PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet
    Plagegeister aller Art und deren Bekämpfung - 21.06.2014 (15)

Zum Thema Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen - Hallo zusammen, Vor etwa einer stunde hat mein pc eigenmächtig die seite hxxp://98uj8.de/s3brsn5ba66mgfzeinrum#noad ungefähr 50-100 mal(grob geschätzt) während ich den pc für etwa 20 min unbeaufsichtigt gelassen habe aufgerufen. Ich - Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen...
Archiv
Du betrachtest: Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.