![]() |
|
Plagegeister aller Art und deren Bekämpfung: Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() | ![]() Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen Hallo zusammen, Vor etwa einer stunde hat mein pc eigenmächtig die seite hxxp://98uj8.de/s3brsn5ba66mgfzeinrum#noad ungefähr 50-100 mal(grob geschätzt) während ich den pc für etwa 20 min unbeaufsichtigt gelassen habe aufgerufen. Ich habe ein wenig gesucht und herausgefunden dass das ein trojaner ist und ich weis jetzt nicht was ich tun soll.Außer dem ist mir ein Prozess namens "monitor.exe" aufgefallen, jedoch konnte ich ihn nicht schließen da immer die Fehlermeldung "Zugriff verweigert" kam. ich habe farbar und GMER durchlaufen lassen aber weis nicht was ich mit den logs anfangen soll, vielleicht könnt ihr mir ja helfen. FRST: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01 Ran by Sebastian (administrator) on SEBASTIAN-PC on 31-07-2014 12:21:40 Running from C:\Users\Sebastian\Downloads Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe () C:\Windows\SysWOW64\ASGT.exe () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe () C:\Windows\SysWOW64\PnkBstrA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe (ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (SoftPerfect Research) C:\Program Files\NetWorx\networx.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (Akamai Technologies, Inc.) C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe (ROCCAT) C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe () C:\Program Files\Rainmeter\Rainmeter.exe (ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe (ROCCAT) C:\Program Files (x86)\ROCCAT\Kone Mouse\OSD.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6553808 2014-06-24] (SoftPerfect Research) HKLM-x32\...\Run: [Kone] => C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE [180224 2009-09-15] (ROCCAT) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-24] (AVAST Software) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-09-11] (AMD) HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-02] (Google Inc.) HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [37632 2014-01-30] (Overwolf LTD) HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [AshSnap] => C:\Program Files\Ashampoo Snap 4\ashsnap.exe [1528176 2011-04-01] (ashampoo GmbH & Co. KG) HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe () Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3323885&octid=EB_ORIGINAL_CTID&ISID=M0F8AE674-C2A6-4C02-A261-55C0048E5BEC&SearchSource=55&CUI=&UM=5&UP=SP35769814-387A-4554-9341-C2A5E68263A2&SSPV= HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xED82E6AE3520CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Sebastian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-03] Chrome: ======= CHR HomePage: hxxp://google.de/ CHR StartupUrls: "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-02] CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-02] CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-02] CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-02] CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-02] CHR Extension: (Hola Besseres Internet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-05-13] CHR Extension: (avast! Online Security) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-03] CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-02] CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-02] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed] R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-01] (AVAST Software) S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-03-03] (AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-03-23] () [File not signed] R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed] S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [98560 2014-01-30] (Overwolf LTD) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-28] () R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [307928 2013-11-11] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-01] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-01] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-01] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-01] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-01] () R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc.) R3 KoneFltr; C:\Windows\System32\drivers\Kone.sys [15488 2008-12-11] (ROCCAT Ltd) R1 networx; C:\Windows\System32\drivers\networx.sys [59384 2014-05-09] (NetFilterSDK.com) S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S1 aswKbd; \??\C:\Windows\system32\drivers\aswKbd.sys [X] S1 aswNdisFlt; system32\DRIVERS\aswNdisFlt.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys ==> MD5 is legit C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atikmdag.sys FBB35875FEFE53D4280259842069ED72 C:\Windows\System32\DRIVERS\atikmpag.sys A32BCAD9377E3B75D034CAFBA463A0AE C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys E8CCB797DAF80779C768BD3A9FC8FCAF C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\system32\drivers\aswHwid.sys 340B0467E98A8C92697D73034DB4BCB7 C:\Windows\system32\drivers\aswMonFlt.sys ED5B09937D559FFA53FC988D20031E98 C:\Windows\system32\drivers\aswRdr2.sys 33C77DCB0AEC76E26BD6352A1A5281BB C:\Windows\System32\Drivers\aswRvrt.sys BF5B9E9E97CED45208E498D9FA73688F C:\Windows\system32\drivers\aswSnx.sys F88CE00A7736C349ED1414D7ECDC9BED C:\Windows\system32\drivers\aswSP.sys 3AE912B08E2A1ABB2B63F3C56BED95C2 C:\Windows\system32\drivers\aswStm.sys A7115ED31675BB823CFA9FE571C25676 C:\Windows\System32\Drivers\aswVmm.sys 47CBD3F64E412FFAFD93404580A3C7B9 C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\drivers\AtihdW76.sys 770A3B0D78232B0C1054495392A1FBA3 C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bcmwlhigh664.sys 44E6E51AEDBF3E0B38A6CD5432649E57 C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys 91CE0D3DC57DD377E690A2D324022B08 C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415 C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\EtronHub3.sys 3DBC10CBC436288801FAEE66DE91AE47 C:\Windows\System32\Drivers\EtronXHCI.sys DE261095A2220D400D9603E1E42D4185 C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\RTKVHD64.sys F2744FD54BE1580BE05916D1C755C92A C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit C:\Windows\system32\drivers\IOMap64.sys EBBB161339CC7D5FFC0749EB6BE8A126 C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\drivers\Kone.sys B6D6F12C214DE823FA22709F7BD0EB0B C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\LHidFilt.Sys 77D5786C6A7765503884E38706C9FD5E C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\System32\Drivers\LUsbFilt.Sys 97355D9AAC9EC42A7DFC9664F81FC699 C:\Windows\System32\drivers\MBfilt64.sys 8FF2D95CBA49B405C5DE27039FF0BF35 C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys FAF015B07E3A2874A790A39B7D2C579F C:\Windows\System32\DRIVERS\mrxsmb10.sys 08E2345DF129082BCDFFDC1440F9C00D C:\Windows\System32\DRIVERS\mrxsmb20.sys 108D87409C5812EF47D81E22843E8C9D C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\System32\drivers\networx.sys BB19A711B9E1C930583CDE4FAF677F3F C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\npf.sys C31FA031335EFF434B2D94278E74BCCE C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Rt64win7.sys F4C374B1C46DE294B573BB43723AC3F6 C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scmndisp.sys 2A50BE713FAF033420466C25979C028E C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 2098B8556D1CEC2ACA9A29CD479E3692 C:\Windows\System32\DRIVERS\srv2.sys D0F73A42040F21F92FD314B42AC5C9E7 C:\Windows\System32\DRIVERS\srvnet.sys 2BA8F3250828CCDB4204ECF2C6F40B6A C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78 C:\Windows\System32\drivers\tcpip.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tcpip.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\system32\drivers\terminpt.sys 2B5BDFF688EC9871D7EC5837833374E9 C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8 C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbohci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-31 12:21 - 2014-07-31 12:22 - 00032002 _____ () C:\Users\Sebastian\Downloads\FRST.txt 2014-07-31 12:21 - 2014-07-31 12:21 - 00000000 ____D () C:\FRST 2014-07-31 12:20 - 2014-07-31 12:20 - 02094080 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe 2014-07-31 12:17 - 2014-07-31 12:17 - 01084928 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST.exe 2014-07-31 11:33 - 2014-07-31 12:09 - 00000022 _____ () C:\Windows\S.dirmngr 2014-07-30 00:37 - 2014-07-30 00:37 - 00011842 _____ () C:\Users\Sebastian\Documents\ayy lmao.odt 2014-07-30 00:14 - 2014-07-30 00:14 - 00000000 ____D () C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP 2014-07-30 00:14 - 2014-07-30 00:14 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\2K Games 2014-07-29 16:06 - 2014-07-29 16:06 - 00000565 _____ () C:\Windows\wmsetup.log 2014-07-28 01:12 - 2014-07-28 01:14 - 06462968 _____ () C:\Users\Sebastian\Documents\I´m Sorry.mp4 2014-07-26 14:52 - 2013-07-02 17:29 - 00024824 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys 2014-07-23 22:55 - 2014-07-23 22:55 - 00000000 ____D () C:\Users\Sebastian\Desktop\Text dokumentz 2014-07-23 22:22 - 2014-07-23 22:24 - 27167987 _____ () C:\Users\Sebastian\Desktop\torbrowser-install-3.6.2_en-US.exe 2014-07-22 20:19 - 2014-07-22 21:16 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Bioshock 2014-07-22 20:19 - 2014-07-22 20:27 - 00000000 ____D () C:\Users\Sebastian\Documents\Bioshock 2014-07-22 20:18 - 2014-07-22 20:18 - 00000791 _____ () C:\Windows\DXError.log 2014-07-22 18:38 - 2014-07-30 20:47 - 00298032 _____ () C:\Windows\DirectX.log 2014-07-22 18:35 - 2014-07-27 00:31 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\DarknessII 2014-07-21 19:38 - 2014-07-21 19:38 - 00000220 _____ () C:\Users\Sebastian\Desktop\BioShock.url 2014-07-20 21:48 - 2014-07-20 21:48 - 00007605 _____ () C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg 2014-07-16 16:15 - 2014-07-16 16:15 - 00001222 ____R () C:\Users\Sebastian\Desktop\BitLocker-Wiederherstellungsschlüssel B66D4F0E-4BCD-479B-A766-A10180C7A72B.txt 2014-07-12 17:37 - 2014-07-12 17:39 - 00000000 ____D () C:\Users\Sebastian\Desktop\Zelda 2014-07-12 17:36 - 2014-07-12 17:39 - 00000000 ____D () C:\Users\Sebastian\Documents\Dolphin Emulator 2014-07-12 17:34 - 2014-07-12 17:35 - 00000000 ____D () C:\Users\Sebastian\Desktop\dolphin2 2014-07-07 00:18 - 2014-07-07 00:18 - 00020138 _____ () C:\Users\Sebastian\Documents\Kündigung2.odt 2014-07-07 00:18 - 2014-07-07 00:18 - 00020138 _____ () C:\Users\Sebastian\Desktop\Kündigung2.odt 2014-07-06 19:19 - 2014-07-06 23:20 - 00018103 _____ () C:\Users\Sebastian\Desktop\Kündigung.odt 2014-07-02 19:06 - 2014-07-09 21:18 - 00001094 _____ () C:\Windows\LkmdfCoInst.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-31 12:22 - 2014-07-31 12:21 - 00032002 _____ () C:\Users\Sebastian\Downloads\FRST.txt 2014-07-31 12:21 - 2014-07-31 12:21 - 00000000 ____D () C:\FRST 2014-07-31 12:21 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-31 12:21 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-31 12:20 - 2014-07-31 12:20 - 02094080 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe 2014-07-31 12:20 - 2014-02-02 21:53 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Skype 2014-07-31 12:20 - 2014-02-02 01:34 - 00963444 _____ () C:\Windows\WindowsUpdate.log 2014-07-31 12:17 - 2014-07-31 12:17 - 01084928 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST.exe 2014-07-31 12:10 - 2014-02-02 22:02 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Overwolf 2014-07-31 12:09 - 2014-07-31 11:33 - 00000022 _____ () C:\Windows\S.dirmngr 2014-07-31 12:09 - 2014-06-23 20:16 - 00004088 _____ () C:\Windows\setupact.log 2014-07-31 12:09 - 2014-02-02 20:48 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-31 12:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-31 02:24 - 2014-02-02 20:48 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-31 02:08 - 2014-02-04 17:26 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-07-31 02:08 - 2014-02-03 00:07 - 00000000 ____D () C:\ProgramData\Origin 2014-07-31 01:45 - 2014-02-02 22:02 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\TS3Client 2014-07-30 23:39 - 2014-02-03 01:24 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-07-30 23:39 - 2014-02-03 00:58 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-07-30 23:38 - 2014-02-03 00:58 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-07-30 20:47 - 2014-07-22 18:38 - 00298032 _____ () C:\Windows\DirectX.log 2014-07-30 19:02 - 2014-06-29 15:18 - 00000075 _____ () C:\Users\Sebastian\.atl.properties 2014-07-30 17:32 - 2014-02-02 22:27 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-07-30 17:27 - 2014-05-10 17:34 - 00000000 ____D () C:\Users\Sebastian\Desktop\Temp 2014-07-30 17:24 - 2014-05-10 17:34 - 00000000 ____D () C:\Users\Sebastian\Desktop\Instances 2014-07-30 00:37 - 2014-07-30 00:37 - 00011842 _____ () C:\Users\Sebastian\Documents\ayy lmao.odt 2014-07-30 00:14 - 2014-07-30 00:14 - 00000000 ____D () C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP 2014-07-30 00:14 - 2014-07-30 00:14 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\2K Games 2014-07-29 21:10 - 2014-02-10 22:30 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Battle.net 2014-07-29 17:06 - 2014-02-02 20:48 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-29 17:06 - 2014-02-02 20:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-29 16:06 - 2014-07-29 16:06 - 00000565 _____ () C:\Windows\wmsetup.log 2014-07-29 15:37 - 2014-02-02 23:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-07-29 15:37 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-07-29 00:28 - 2014-02-26 22:40 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\.purple 2014-07-28 01:14 - 2014-07-28 01:12 - 06462968 _____ () C:\Users\Sebastian\Documents\I´m Sorry.mp4 2014-07-27 13:02 - 2011-04-12 09:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat 2014-07-27 13:02 - 2011-04-12 09:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat 2014-07-27 13:02 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-27 00:31 - 2014-07-22 18:35 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\DarknessII 2014-07-26 21:29 - 2014-02-04 21:08 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\.minecraft 2014-07-24 23:14 - 2014-02-10 22:30 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-07-23 22:55 - 2014-07-23 22:55 - 00000000 ____D () C:\Users\Sebastian\Desktop\Text dokumentz 2014-07-23 22:24 - 2014-07-23 22:22 - 27167987 _____ () C:\Users\Sebastian\Desktop\torbrowser-install-3.6.2_en-US.exe 2014-07-22 22:31 - 2014-05-30 17:08 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\PAYDAY 2 2014-07-22 21:19 - 2014-02-03 16:31 - 00000000 ____D () C:\Users\Sebastian\Documents\My Games 2014-07-22 21:16 - 2014-07-22 20:19 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Bioshock 2014-07-22 20:27 - 2014-07-22 20:19 - 00000000 ____D () C:\Users\Sebastian\Documents\Bioshock 2014-07-22 20:18 - 2014-07-22 20:18 - 00000791 _____ () C:\Windows\DXError.log 2014-07-22 19:42 - 2014-02-03 17:02 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-07-22 18:40 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-07-22 18:29 - 2014-02-03 00:09 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-07-22 18:23 - 2014-02-02 22:02 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2014-07-22 17:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-21 19:38 - 2014-07-21 19:38 - 00000220 _____ () C:\Users\Sebastian\Desktop\BioShock.url 2014-07-20 21:48 - 2014-07-20 21:48 - 00007605 _____ () C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg 2014-07-20 19:04 - 2014-02-11 23:58 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\vlc 2014-07-20 16:48 - 2014-05-02 21:04 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\dvdcss 2014-07-16 16:15 - 2014-07-16 16:15 - 00001222 ____R () C:\Users\Sebastian\Desktop\BitLocker-Wiederherstellungsschlüssel B66D4F0E-4BCD-479B-A766-A10180C7A72B.txt 2014-07-12 17:39 - 2014-07-12 17:37 - 00000000 ____D () C:\Users\Sebastian\Desktop\Zelda 2014-07-12 17:39 - 2014-07-12 17:36 - 00000000 ____D () C:\Users\Sebastian\Documents\Dolphin Emulator 2014-07-12 17:39 - 2014-06-11 17:11 - 00000000 ____D () C:\Users\Sebastian\Desktop\stick 2014-07-12 17:35 - 2014-07-12 17:34 - 00000000 ____D () C:\Users\Sebastian\Desktop\dolphin2 2014-07-12 17:32 - 2014-06-01 15:50 - 00000000 ____D () C:\Users\Sebastian\Desktop\Stick Patrick 2014-07-09 21:18 - 2014-07-02 19:06 - 00001094 _____ () C:\Windows\LkmdfCoInst.log 2014-07-09 21:18 - 2014-02-03 22:26 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2014-07-07 00:18 - 2014-07-07 00:18 - 00020138 _____ () C:\Users\Sebastian\Documents\Kündigung2.odt 2014-07-07 00:18 - 2014-07-07 00:18 - 00020138 _____ () C:\Users\Sebastian\Desktop\Kündigung2.odt 2014-07-06 23:20 - 2014-07-06 19:19 - 00018103 _____ () C:\Users\Sebastian\Desktop\Kündigung.odt 2014-07-06 23:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-07-06 17:39 - 2014-04-26 16:51 - 00000000 ____D () C:\Users\Sebastian\Desktop\K 2014-07-02 19:51 - 2014-02-03 00:49 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale de-DE inherit {globalsettings} default {current} resumeobject {9edaa718-8b98-11e3-bcf6-d311fd97538f} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows-Startladeprogramm ------------------------- Bezeichner {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale de-DE inherit {bootloadersettings} osdevice partition=C: systemroot \Windows resumeobject {9edaa718-8b98-11e3-bcf6-d311fd97538f} nx OptOut Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {9edaa718-8b98-11e3-bcf6-d311fd97538f} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description Windows-Speicherdiagnose locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems Yes Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} LastRegBack: 2014-07-28 20:35 ==================== End Of Log ============================ --- --- --- --- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 01 Ran by Sebastian at 2014-07-31 12:22:18 Running from C:\Users\Sebastian\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden AMD Catalyst Install Manager (HKLM\...\{4B5124DF-F465-2BA6-FCCF-82C149E1223D}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive) ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.9.2 - ASUSTek COMPUTER INC.) ASUS GPU Tweak (x32 Version: 2.4.9.2 - ASUSTek COMPUTER INC.) Hidden ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts) Battlefield 3™ (HKLM-x32\...\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}) (Version: 1.6.0.0 - Electronic Arts) Battlefield™ Hardline Beta (HKLM-x32\...\{599276A7-F45D-40B1-A0B6-CF132A1CAD49}) (Version: 1.0.0.5 - Electronic Arts) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston) BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin) Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - ) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version: - ) DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios) Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology) Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.00.0000 - JoWooD Productions Software AG) Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project) GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS) GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech) Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.2 - NETGEAR) NetWorx 5.3.2 (HKLM\...\NetWorx_is1) (Version: - Softperfect Research) Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version: - ) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.49.0 - Black Tree Gaming) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.) Overwolf (HKLM-x32\...\{A7234617-513C-4292-A013-7DD915493BDA}) (Version: 0.49.305 - Overwolf) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.) Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - ) pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 beta r2286 - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.) Rise and Fall (HKLM-x32\...\{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}) (Version: 1.00.0000 - Midway Games) ROCCAT Kone Mouse Driver (HKLM-x32\...\{9733747E-E53D-4C17-977E-3A872AFB93E1}) (Version: - ) Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version: - Yager) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25790 - TeamViewer) The Darkness II (HKLM-x32\...\Steam App 67370) (Version: - Digital Extremes) The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - ) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) Tom Clancy's Rainbow Six Vegas 2 (HKLM-x32\...\{FD416706-875C-4B0B-A23A-9E740DAE029E}) (Version: 1.03 - Ubisoft) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN) War Thunder Launcher 1.0.1.322 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - 2013 Gaijin Entertainment Corporation) WarRock (HKLM-x32\...\Warrock EU) (Version: - ) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Wise Registry Cleaner 8.12 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.12 - WiseCleaner.com, Inc.) YTD Video Downloader 4.8.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.1 - GreenTree Applications SRL) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 22-07-2014 16:38:20 DirectX wurde installiert 22-07-2014 18:16:35 Microsoft Visual C++ 2005 Redistributable wird installiert 22-07-2014 18:17:53 DirectX wurde installiert 22-07-2014 19:16:50 Microsoft Visual C++ 2005 Redistributable wird installiert 22-07-2014 19:18:18 DirectX wurde installiert 26-07-2014 20:28:22 DirectX wurde installiert 29-07-2014 14:04:52 DirectX wurde installiert 29-07-2014 22:12:41 DirectX wurde installiert 30-07-2014 18:45:46 DirectX wurde installiert ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0AE46977-DAFB-4E43-A6E8-48444D062FB6} - System32\Tasks\{EB801E42-A21F-4704-B6D9-FDB2CDBD1FAF} => C:\Program Files (x86)\Steam\Steam.exe [2014-07-16] (Valve Corporation) Task: {2285D577-B1B3-48A5-B41A-480B3F01516F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02] (Google Inc.) Task: {25D9B035-D6D6-4154-B1F0-7803BF5B455F} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.) Task: {98518E86-C0C1-43D9-A8CC-B7A2ED1387FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02] (Google Inc.) Task: {9A506F7D-02C4-4CF8-870B-C7785585C6DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd) Task: {B62CCFBC-2983-4AFF-9F1A-4DFBC9DFE1E4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-01] (AVAST Software) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-12-06 17:06 - 2013-12-06 17:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2013-07-26 06:59 - 2013-07-26 06:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2013-07-26 06:59 - 2013-07-26 06:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2012-01-17 12:24 - 2012-01-17 12:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe 2013-10-07 16:54 - 2013-10-07 16:54 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe 2014-02-03 00:58 - 2014-06-28 18:03 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-05-03 21:28 - 2013-11-11 15:10 - 00307928 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe 2014-06-28 17:37 - 2014-06-06 15:41 - 00718336 _____ () C:\Program Files\NetWorx\sqlite.dll 2014-05-03 21:28 - 2013-11-22 19:34 - 08266456 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe 2014-04-06 16:35 - 2014-04-06 16:35 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe 2014-04-06 16:35 - 2014-04-06 16:35 - 00747192 _____ () C:\Program Files\Rainmeter\Rainmeter.dll 2013-12-06 17:06 - 2013-12-06 17:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2014-07-30 21:27 - 2014-07-30 21:27 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14073002\algo.dll 2014-07-31 12:09 - 2014-07-31 12:09 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14073100\algo.dll 2013-10-07 16:49 - 2013-10-07 16:49 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll 2013-10-07 16:47 - 2013-10-07 16:47 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll 2013-10-07 16:44 - 2013-10-07 16:44 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll 2013-10-07 16:49 - 2013-10-07 16:49 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll 2013-10-07 16:49 - 2013-10-07 16:49 - 00628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll 2014-05-03 21:28 - 2013-10-30 19:06 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll 2013-09-24 18:22 - 2013-09-24 18:22 - 00258048 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Vender.dll 2013-10-07 11:30 - 2013-10-07 11:30 - 00053248 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Exeio.dll 2014-02-02 23:37 - 2014-02-02 23:37 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-05-03 21:28 - 2013-11-01 17:31 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll 2014-07-21 21:30 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll 2014-07-21 21:30 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll 2014-07-21 21:30 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll 2014-07-21 21:30 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll 2014-07-21 21:30 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Avast! Firewall Driver Description: Avast! Firewall Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswNdisFlt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (07/31/2014 00:09:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 00:08:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: ) Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden. Details: Could not query the status of the EventSystem service. System Error: Der Computer wird heruntergefahren. . Error: (07/31/2014 00:06:03 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 11:34:45 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/30/2014 08:47:49 PM) (Source: MsiInstaller) (EventID: 1013) (User: Sebastian-PC) Description: Product: NVIDIA PhysX -- Installation terminated Error: (07/30/2014 05:12:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/30/2014 00:14:31 AM) (Source: MsiInstaller) (EventID: 1013) (User: Sebastian-PC) Description: Product: NVIDIA PhysX -- Installation terminated Error: (07/29/2014 04:07:19 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm DeadIslandGame.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 14f0 Startzeit: 01cfab3651d60f18 Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\Dead Island\DeadIslandGame.exe Berichts-ID: 97fae872-1729-11e4-b49d-bc5ff4fa1dc1 Error: (07/29/2014 03:37:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/28/2014 07:45:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/31/2014 00:15:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (07/31/2014 00:09:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: aswKbd aswNdisFlt Error: (07/31/2014 00:09:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "avast! Firewall" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/31/2014 00:09:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst avast! Firewall erreicht. Error: (07/31/2014 00:04:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AFD aswKbd aswNdisFlt aswRdr aswRvrt aswSnx aswSP aswVmm CSC DfsC discache NetBIOS NetBT networx nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf Error: (07/31/2014 00:04:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/31/2014 00:04:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/31/2014 00:04:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/31/2014 00:04:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error: (07/31/2014 00:04:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Microsoft Office Sessions: ========================= Error: (07/31/2014 00:09:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 00:08:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: ) Description: Details: Could not query the status of the EventSystem service. System Error: Der Computer wird heruntergefahren. Error: (07/31/2014 00:06:03 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 11:34:45 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/30/2014 08:47:49 PM) (Source: MsiInstaller) (EventID: 1013) (User: Sebastian-PC) Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/30/2014 05:12:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/30/2014 00:14:31 AM) (Source: MsiInstaller) (EventID: 1013) (User: Sebastian-PC) Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/29/2014 04:07:19 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: DeadIslandGame.exe1.0.0.014f001cfab3651d60f1810C:\Program Files (x86)\Steam\steamapps\common\Dead Island\DeadIslandGame.exe97fae872-1729-11e4-b49d-bc5ff4fa1dc1 Error: (07/29/2014 03:37:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/28/2014 07:45:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 34% Total physical RAM: 8148.75 MB Available physical RAM: 5349.72 MB Total Pagefile: 16295.7 MB Available Pagefile: 13108.59 MB Total Virtual: 8192 MB Available Virtual: 8191.79 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:487.38 GB) NTFS Drive e: () (Removable) (Total:1.88 GB) (Free:1.52 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 4DA2E21B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 6E652072) No partition Table on disk 1. ==================== End Of Log ============================ Shortcut: Anhang 68552 GMER: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-07-31 13:32:13 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-2 ST1000DM003-1CH162 rev.CC47 931,51GB Running: Gmer-19357.exe; Driver: C:\Users\SEBAST~1\AppData\Local\Temp\kglyauoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[660] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Windows\system32\services.exe[716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[828] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Windows\system32\atiesrxx.exe[284] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[368] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1360] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1748] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Windows\SysWOW64\ASGT.exe[1792] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764da322 1 byte [62] .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1848] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764da322 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764da322 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074f31a22 2 bytes [F3, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074f31ad0 2 bytes [F3, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074f31b08 2 bytes [F3, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074f31bba 2 bytes [F3, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074f31bda 2 bytes [F3, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076461465 2 bytes [46, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764614bb 2 bytes [46, 76] .text ... * 2 .text C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe[1192] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764da322 1 byte [62] .text C:\Windows\system32\taskhost.exe[2440] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Windows\system32\Dwm.exe[2516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Windows\Explorer.EXE[2548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[2736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe[2880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764da322 1 byte [62] .text C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076461465 2 bytes [46, 76] .text C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764614bb 2 bytes [46, 76] .text ... * 2 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3536] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[3724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3804] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Program Files\NetWorx\networx.exe[3972] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3120] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764da322 1 byte [62] .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2400] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764da322 1 byte [62] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[496] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764da322 1 byte [62] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076461465 2 bytes [46, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764614bb 2 bytes [46, 76] .text ... * 2 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[324] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[3928] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764da322 1 byte [62] .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076461465 2 bytes [46, 76] .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764614bb 2 bytes [46, 76] .text ... * 2 .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764da322 1 byte [62] .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076461465 2 bytes [46, 76] .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764614bb 2 bytes [46, 76] .text ... * 2 .text C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE[3900] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764da322 1 byte [62] .text C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076461465 2 bytes [46, 76] .text C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764614bb 2 bytes [46, 76] .text ... * 2 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4004] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[4132] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764da322 1 byte [62] .text C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[4132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076461465 2 bytes [46, 76] .text C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[4132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764614bb 2 bytes [46, 76] .text ... * 2 .text C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe[4424] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764da322 1 byte [62] .text C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076461465 2 bytes [46, 76] .text C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764614bb 2 bytes [46, 76] .text ... * 2 .text C:\Windows\system32\conhost.exe[4456] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe[4516] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764da322 1 byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[4848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[3440] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Users\Sebastian\Downloads\FRST64.exe[1340] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Windows\system32\notepad.exe[2640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Windows\system32\notepad.exe[3552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Windows\system32\notepad.exe[5388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Windows\system32\NOTEPAD.EXE[5228] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007721eecd 1 byte [62] .text C:\Users\Sebastian\Downloads\Gmer-19357.exe[4116] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764da322 1 byte [62] ---- EOF - GMER 2.1 ---- Gruß sebi Geändert von shrekislove (31.07.2014 um 12:33 Uhr) |
Themen zu Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen |
adware, akamai, antivirus, bootmgr, branding, computer, downloader, fehlermeldung, flash player, google, helper, homepage, iexplore.exe, installation, ip-hilfsdienst, monitor.exe, netgear, prozess, realtek, registry, scan, security, software, svchost.exe, system, teamspeak, trojaner, trojaner 98uj8, windows, zugriff verweigert |