Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 31.07.2014, 12:21   #1
shrekislove
 
Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen - Standard

Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen



Hallo zusammen,

Vor etwa einer stunde hat mein pc eigenmächtig die seite hxxp://98uj8.de/s3brsn5ba66mgfzeinrum#noad ungefähr 50-100 mal(grob geschätzt) während ich den pc für etwa 20 min unbeaufsichtigt gelassen habe aufgerufen. Ich habe ein wenig gesucht und herausgefunden dass das ein trojaner ist und ich weis jetzt nicht was ich tun soll.Außer dem ist mir ein Prozess namens "monitor.exe" aufgefallen, jedoch konnte ich ihn nicht schließen da immer die Fehlermeldung "Zugriff verweigert" kam.

ich habe farbar und GMER durchlaufen lassen aber weis nicht was ich mit den logs anfangen soll, vielleicht könnt ihr mir ja helfen.

FRST:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01
Ran by Sebastian (administrator) on SEBASTIAN-PC on 31-07-2014 12:21:40
Running from C:\Users\Sebastian\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\ASGT.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Akamai Technologies, Inc.) C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe
(ROCCAT) C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
(ROCCAT) C:\Program Files (x86)\ROCCAT\Kone Mouse\OSD.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6553808 2014-06-24] (SoftPerfect Research)
HKLM-x32\...\Run: [Kone] => C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE [180224 2009-09-15] (ROCCAT)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-24] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-09-11] (AMD)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-02] (Google Inc.)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [37632 2014-01-30] (Overwolf LTD)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [AshSnap] => C:\Program Files\Ashampoo Snap 4\ashsnap.exe [1528176 2011-04-01] (ashampoo GmbH & Co. KG)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3323885&octid=EB_ORIGINAL_CTID&ISID=M0F8AE674-C2A6-4C02-A261-55C0048E5BEC&SearchSource=55&CUI=&UM=5&UP=SP35769814-387A-4554-9341-C2A5E68263A2&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xED82E6AE3520CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Sebastian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-03]

Chrome: 
=======
CHR HomePage: hxxp://google.de/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-02]
CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-02]
CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-02]
CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-02]
CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-02]
CHR Extension: (Hola Besseres Internet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-05-13]
CHR Extension: (avast! Online Security) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-03]
CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-02]
CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-01] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-03-03] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-03-23] () [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [98560 2014-01-30] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-28] ()
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [307928 2013-11-11] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-01] ()
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc.)
R3 KoneFltr; C:\Windows\System32\drivers\Kone.sys [15488 2008-12-11] (ROCCAT Ltd)
R1 networx; C:\Windows\System32\drivers\networx.sys [59384 2014-05-09] (NetFilterSDK.com)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 aswKbd; \??\C:\Windows\system32\drivers\aswKbd.sys [X]
S1 aswNdisFlt; system32\DRIVERS\aswNdisFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys FBB35875FEFE53D4280259842069ED72
C:\Windows\System32\DRIVERS\atikmpag.sys A32BCAD9377E3B75D034CAFBA463A0AE
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys E8CCB797DAF80779C768BD3A9FC8FCAF
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys 340B0467E98A8C92697D73034DB4BCB7
C:\Windows\system32\drivers\aswMonFlt.sys ED5B09937D559FFA53FC988D20031E98
C:\Windows\system32\drivers\aswRdr2.sys 33C77DCB0AEC76E26BD6352A1A5281BB
C:\Windows\System32\Drivers\aswRvrt.sys BF5B9E9E97CED45208E498D9FA73688F
C:\Windows\system32\drivers\aswSnx.sys F88CE00A7736C349ED1414D7ECDC9BED
C:\Windows\system32\drivers\aswSP.sys 3AE912B08E2A1ABB2B63F3C56BED95C2
C:\Windows\system32\drivers\aswStm.sys A7115ED31675BB823CFA9FE571C25676
C:\Windows\System32\Drivers\aswVmm.sys 47CBD3F64E412FFAFD93404580A3C7B9
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 770A3B0D78232B0C1054495392A1FBA3
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwlhigh664.sys 44E6E51AEDBF3E0B38A6CD5432649E57
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys 91CE0D3DC57DD377E690A2D324022B08
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\EtronHub3.sys 3DBC10CBC436288801FAEE66DE91AE47
C:\Windows\System32\Drivers\EtronXHCI.sys DE261095A2220D400D9603E1E42D4185
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys F2744FD54BE1580BE05916D1C755C92A
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\IOMap64.sys EBBB161339CC7D5FFC0749EB6BE8A126
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\Kone.sys B6D6F12C214DE823FA22709F7BD0EB0B
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LHidFilt.Sys 77D5786C6A7765503884E38706C9FD5E
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\LUsbFilt.Sys 97355D9AAC9EC42A7DFC9664F81FC699
C:\Windows\System32\drivers\MBfilt64.sys 8FF2D95CBA49B405C5DE27039FF0BF35
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys FAF015B07E3A2874A790A39B7D2C579F
C:\Windows\System32\DRIVERS\mrxsmb10.sys 08E2345DF129082BCDFFDC1440F9C00D
C:\Windows\System32\DRIVERS\mrxsmb20.sys 108D87409C5812EF47D81E22843E8C9D
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\drivers\networx.sys BB19A711B9E1C930583CDE4FAF677F3F
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\npf.sys C31FA031335EFF434B2D94278E74BCCE
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys F4C374B1C46DE294B573BB43723AC3F6
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scmndisp.sys 2A50BE713FAF033420466C25979C028E
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 2098B8556D1CEC2ACA9A29CD479E3692
C:\Windows\System32\DRIVERS\srv2.sys D0F73A42040F21F92FD314B42AC5C9E7
C:\Windows\System32\DRIVERS\srvnet.sys 2BA8F3250828CCDB4204ECF2C6F40B6A
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\drivers\tcpip.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tcpip.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys 2B5BDFF688EC9871D7EC5837833374E9
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 12:21 - 2014-07-31 12:22 - 00032002 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-07-31 12:21 - 2014-07-31 12:21 - 00000000 ____D () C:\FRST
2014-07-31 12:20 - 2014-07-31 12:20 - 02094080 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe
2014-07-31 12:17 - 2014-07-31 12:17 - 01084928 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST.exe
2014-07-31 11:33 - 2014-07-31 12:09 - 00000022 _____ () C:\Windows\S.dirmngr
2014-07-30 00:37 - 2014-07-30 00:37 - 00011842 _____ () C:\Users\Sebastian\Documents\ayy lmao.odt
2014-07-30 00:14 - 2014-07-30 00:14 - 00000000 ____D () C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2014-07-30 00:14 - 2014-07-30 00:14 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\2K Games
2014-07-29 16:06 - 2014-07-29 16:06 - 00000565 _____ () C:\Windows\wmsetup.log
2014-07-28 01:12 - 2014-07-28 01:14 - 06462968 _____ () C:\Users\Sebastian\Documents\I´m Sorry.mp4
2014-07-26 14:52 - 2013-07-02 17:29 - 00024824 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2014-07-23 22:55 - 2014-07-23 22:55 - 00000000 ____D () C:\Users\Sebastian\Desktop\Text dokumentz
2014-07-23 22:22 - 2014-07-23 22:24 - 27167987 _____ () C:\Users\Sebastian\Desktop\torbrowser-install-3.6.2_en-US.exe
2014-07-22 20:19 - 2014-07-22 21:16 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Bioshock
2014-07-22 20:19 - 2014-07-22 20:27 - 00000000 ____D () C:\Users\Sebastian\Documents\Bioshock
2014-07-22 20:18 - 2014-07-22 20:18 - 00000791 _____ () C:\Windows\DXError.log
2014-07-22 18:38 - 2014-07-30 20:47 - 00298032 _____ () C:\Windows\DirectX.log
2014-07-22 18:35 - 2014-07-27 00:31 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\DarknessII
2014-07-21 19:38 - 2014-07-21 19:38 - 00000220 _____ () C:\Users\Sebastian\Desktop\BioShock.url
2014-07-20 21:48 - 2014-07-20 21:48 - 00007605 _____ () C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg
2014-07-16 16:15 - 2014-07-16 16:15 - 00001222 ____R () C:\Users\Sebastian\Desktop\BitLocker-Wiederherstellungsschlüssel B66D4F0E-4BCD-479B-A766-A10180C7A72B.txt
2014-07-12 17:37 - 2014-07-12 17:39 - 00000000 ____D () C:\Users\Sebastian\Desktop\Zelda
2014-07-12 17:36 - 2014-07-12 17:39 - 00000000 ____D () C:\Users\Sebastian\Documents\Dolphin Emulator
2014-07-12 17:34 - 2014-07-12 17:35 - 00000000 ____D () C:\Users\Sebastian\Desktop\dolphin2
2014-07-07 00:18 - 2014-07-07 00:18 - 00020138 _____ () C:\Users\Sebastian\Documents\Kündigung2.odt
2014-07-07 00:18 - 2014-07-07 00:18 - 00020138 _____ () C:\Users\Sebastian\Desktop\Kündigung2.odt
2014-07-06 19:19 - 2014-07-06 23:20 - 00018103 _____ () C:\Users\Sebastian\Desktop\Kündigung.odt
2014-07-02 19:06 - 2014-07-09 21:18 - 00001094 _____ () C:\Windows\LkmdfCoInst.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 12:22 - 2014-07-31 12:21 - 00032002 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-07-31 12:21 - 2014-07-31 12:21 - 00000000 ____D () C:\FRST
2014-07-31 12:21 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-31 12:21 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-31 12:20 - 2014-07-31 12:20 - 02094080 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe
2014-07-31 12:20 - 2014-02-02 21:53 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Skype
2014-07-31 12:20 - 2014-02-02 01:34 - 00963444 _____ () C:\Windows\WindowsUpdate.log
2014-07-31 12:17 - 2014-07-31 12:17 - 01084928 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST.exe
2014-07-31 12:10 - 2014-02-02 22:02 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Overwolf
2014-07-31 12:09 - 2014-07-31 11:33 - 00000022 _____ () C:\Windows\S.dirmngr
2014-07-31 12:09 - 2014-06-23 20:16 - 00004088 _____ () C:\Windows\setupact.log
2014-07-31 12:09 - 2014-02-02 20:48 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-31 12:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-31 02:24 - 2014-02-02 20:48 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 02:08 - 2014-02-04 17:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-31 02:08 - 2014-02-03 00:07 - 00000000 ____D () C:\ProgramData\Origin
2014-07-31 01:45 - 2014-02-02 22:02 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\TS3Client
2014-07-30 23:39 - 2014-02-03 01:24 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-07-30 23:39 - 2014-02-03 00:58 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-07-30 23:38 - 2014-02-03 00:58 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-30 20:47 - 2014-07-22 18:38 - 00298032 _____ () C:\Windows\DirectX.log
2014-07-30 19:02 - 2014-06-29 15:18 - 00000075 _____ () C:\Users\Sebastian\.atl.properties
2014-07-30 17:32 - 2014-02-02 22:27 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-30 17:27 - 2014-05-10 17:34 - 00000000 ____D () C:\Users\Sebastian\Desktop\Temp
2014-07-30 17:24 - 2014-05-10 17:34 - 00000000 ____D () C:\Users\Sebastian\Desktop\Instances
2014-07-30 00:37 - 2014-07-30 00:37 - 00011842 _____ () C:\Users\Sebastian\Documents\ayy lmao.odt
2014-07-30 00:14 - 2014-07-30 00:14 - 00000000 ____D () C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2014-07-30 00:14 - 2014-07-30 00:14 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\2K Games
2014-07-29 21:10 - 2014-02-10 22:30 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Battle.net
2014-07-29 17:06 - 2014-02-02 20:48 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-29 17:06 - 2014-02-02 20:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-29 16:06 - 2014-07-29 16:06 - 00000565 _____ () C:\Windows\wmsetup.log
2014-07-29 15:37 - 2014-02-02 23:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-29 15:37 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-29 00:28 - 2014-02-26 22:40 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\.purple
2014-07-28 01:14 - 2014-07-28 01:12 - 06462968 _____ () C:\Users\Sebastian\Documents\I´m Sorry.mp4
2014-07-27 13:02 - 2011-04-12 09:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-07-27 13:02 - 2011-04-12 09:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-07-27 13:02 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-27 00:31 - 2014-07-22 18:35 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\DarknessII
2014-07-26 21:29 - 2014-02-04 21:08 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\.minecraft
2014-07-24 23:14 - 2014-02-10 22:30 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-23 22:55 - 2014-07-23 22:55 - 00000000 ____D () C:\Users\Sebastian\Desktop\Text dokumentz
2014-07-23 22:24 - 2014-07-23 22:22 - 27167987 _____ () C:\Users\Sebastian\Desktop\torbrowser-install-3.6.2_en-US.exe
2014-07-22 22:31 - 2014-05-30 17:08 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\PAYDAY 2
2014-07-22 21:19 - 2014-02-03 16:31 - 00000000 ____D () C:\Users\Sebastian\Documents\My Games
2014-07-22 21:16 - 2014-07-22 20:19 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Bioshock
2014-07-22 20:27 - 2014-07-22 20:19 - 00000000 ____D () C:\Users\Sebastian\Documents\Bioshock
2014-07-22 20:18 - 2014-07-22 20:18 - 00000791 _____ () C:\Windows\DXError.log
2014-07-22 19:42 - 2014-02-03 17:02 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-22 18:40 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-22 18:29 - 2014-02-03 00:09 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-07-22 18:23 - 2014-02-02 22:02 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-07-22 17:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-21 19:38 - 2014-07-21 19:38 - 00000220 _____ () C:\Users\Sebastian\Desktop\BioShock.url
2014-07-20 21:48 - 2014-07-20 21:48 - 00007605 _____ () C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg
2014-07-20 19:04 - 2014-02-11 23:58 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\vlc
2014-07-20 16:48 - 2014-05-02 21:04 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\dvdcss
2014-07-16 16:15 - 2014-07-16 16:15 - 00001222 ____R () C:\Users\Sebastian\Desktop\BitLocker-Wiederherstellungsschlüssel B66D4F0E-4BCD-479B-A766-A10180C7A72B.txt
2014-07-12 17:39 - 2014-07-12 17:37 - 00000000 ____D () C:\Users\Sebastian\Desktop\Zelda
2014-07-12 17:39 - 2014-07-12 17:36 - 00000000 ____D () C:\Users\Sebastian\Documents\Dolphin Emulator
2014-07-12 17:39 - 2014-06-11 17:11 - 00000000 ____D () C:\Users\Sebastian\Desktop\stick
2014-07-12 17:35 - 2014-07-12 17:34 - 00000000 ____D () C:\Users\Sebastian\Desktop\dolphin2
2014-07-12 17:32 - 2014-06-01 15:50 - 00000000 ____D () C:\Users\Sebastian\Desktop\Stick Patrick
2014-07-09 21:18 - 2014-07-02 19:06 - 00001094 _____ () C:\Windows\LkmdfCoInst.log
2014-07-09 21:18 - 2014-02-03 22:26 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-07-07 00:18 - 2014-07-07 00:18 - 00020138 _____ () C:\Users\Sebastian\Documents\Kündigung2.odt
2014-07-07 00:18 - 2014-07-07 00:18 - 00020138 _____ () C:\Users\Sebastian\Desktop\Kündigung2.odt
2014-07-06 23:20 - 2014-07-06 19:19 - 00018103 _____ () C:\Users\Sebastian\Desktop\Kündigung.odt
2014-07-06 23:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-06 17:39 - 2014-04-26 16:51 - 00000000 ____D () C:\Users\Sebastian\Desktop\K
2014-07-02 19:51 - 2014-02-03 00:49 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {current}
resumeobject            {9edaa718-8b98-11e3-bcf6-d311fd97538f}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
osdevice                partition=C:
systemroot              \Windows
resumeobject            {9edaa718-8b98-11e3-bcf6-d311fd97538f}
nx                      OptOut

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {9edaa718-8b98-11e3-bcf6-d311fd97538f}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}



LastRegBack: 2014-07-28 20:35

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---



Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 01
Ran by Sebastian at 2014-07-31 12:22:18
Running from C:\Users\Sebastian\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{4B5124DF-F465-2BA6-FCCF-82C149E1223D}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.9.2 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.4.9.2 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 3™ (HKLM-x32\...\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield™ Hardline Beta (HKLM-x32\...\{599276A7-F45D-40B1-A0B6-CF132A1CAD49}) (Version: 1.0.0.5 - Electronic Arts)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Marin)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version:  - )
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.00.0000 - JoWooD Productions Software AG)
Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project)
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.2 - NETGEAR)
NetWorx 5.3.2 (HKLM\...\NetWorx_is1) (Version:  - Softperfect Research)
Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.49.0 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\{A7234617-513C-4292-A013-7DD915493BDA}) (Version: 0.49.305 - Overwolf)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 beta r2286 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Rise and Fall (HKLM-x32\...\{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}) (Version: 1.00.0000 - Midway Games)
ROCCAT Kone Mouse Driver (HKLM-x32\...\{9733747E-E53D-4C17-977E-3A872AFB93E1}) (Version:  - )
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version:  - Yager)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25790 - TeamViewer)
The Darkness II (HKLM-x32\...\Steam App 67370) (Version:  - Digital Extremes)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Tom Clancy's Rainbow Six Vegas 2 (HKLM-x32\...\{FD416706-875C-4B0B-A23A-9E740DAE029E}) (Version: 1.03 - Ubisoft)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
War Thunder Launcher 1.0.1.322 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
WarRock (HKLM-x32\...\Warrock EU) (Version:  - )
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wise Registry Cleaner 8.12 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.12 - WiseCleaner.com, Inc.)
YTD Video Downloader 4.8.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.1 - GreenTree Applications SRL)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-07-2014 16:38:20 DirectX wurde installiert
22-07-2014 18:16:35 Microsoft Visual C++ 2005 Redistributable wird installiert
22-07-2014 18:17:53 DirectX wurde installiert
22-07-2014 19:16:50 Microsoft Visual C++ 2005 Redistributable wird installiert
22-07-2014 19:18:18 DirectX wurde installiert
26-07-2014 20:28:22 DirectX wurde installiert
29-07-2014 14:04:52 DirectX wurde installiert
29-07-2014 22:12:41 DirectX wurde installiert
30-07-2014 18:45:46 DirectX wurde installiert

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AE46977-DAFB-4E43-A6E8-48444D062FB6} - System32\Tasks\{EB801E42-A21F-4704-B6D9-FDB2CDBD1FAF} => C:\Program Files (x86)\Steam\Steam.exe [2014-07-16] (Valve Corporation)
Task: {2285D577-B1B3-48A5-B41A-480B3F01516F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02] (Google Inc.)
Task: {25D9B035-D6D6-4154-B1F0-7803BF5B455F} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {98518E86-C0C1-43D9-A8CC-B7A2ED1387FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02] (Google Inc.)
Task: {9A506F7D-02C4-4CF8-870B-C7785585C6DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {B62CCFBC-2983-4AFF-9F1A-4DFBC9DFE1E4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-01] (AVAST Software)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-06 17:06 - 2013-12-06 17:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-01-17 12:24 - 2012-01-17 12:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2013-10-07 16:54 - 2013-10-07 16:54 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2014-02-03 00:58 - 2014-06-28 18:03 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-03 21:28 - 2013-11-11 15:10 - 00307928 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2014-06-28 17:37 - 2014-06-06 15:41 - 00718336 _____ () C:\Program Files\NetWorx\sqlite.dll
2014-05-03 21:28 - 2013-11-22 19:34 - 08266456 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
2014-04-06 16:35 - 2014-04-06 16:35 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2014-04-06 16:35 - 2014-04-06 16:35 - 00747192 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2013-12-06 17:06 - 2013-12-06 17:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-07-30 21:27 - 2014-07-30 21:27 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14073002\algo.dll
2014-07-31 12:09 - 2014-07-31 12:09 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14073100\algo.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-10-07 16:47 - 2013-10-07 16:47 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-10-07 16:44 - 2013-10-07 16:44 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2014-05-03 21:28 - 2013-10-30 19:06 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2013-09-24 18:22 - 2013-09-24 18:22 - 00258048 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Vender.dll
2013-10-07 11:30 - 2013-10-07 11:30 - 00053248 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Exeio.dll
2014-02-02 23:37 - 2014-02-02 23:37 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-03 21:28 - 2013-11-01 17:31 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
2014-07-21 21:30 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-21 21:30 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-21 21:30 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-21 21:30 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-21 21:30 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Avast! Firewall Driver
Description: Avast! Firewall Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswNdisFlt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2014 00:09:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2014 00:08:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden.


Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.
.

Error: (07/31/2014 00:06:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2014 11:34:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2014 08:47:49 PM) (Source: MsiInstaller) (EventID: 1013) (User: Sebastian-PC)
Description: Product: NVIDIA PhysX -- Installation terminated

Error: (07/30/2014 05:12:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2014 00:14:31 AM) (Source: MsiInstaller) (EventID: 1013) (User: Sebastian-PC)
Description: Product: NVIDIA PhysX -- Installation terminated

Error: (07/29/2014 04:07:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm DeadIslandGame.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 14f0

Startzeit: 01cfab3651d60f18

Endzeit: 10

Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\Dead Island\DeadIslandGame.exe

Berichts-ID: 97fae872-1729-11e4-b49d-bc5ff4fa1dc1

Error: (07/29/2014 03:37:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2014 07:45:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/31/2014 00:15:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (07/31/2014 00:09:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
aswKbd
aswNdisFlt

Error: (07/31/2014 00:09:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! Firewall" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/31/2014 00:09:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst avast! Firewall erreicht.

Error: (07/31/2014 00:04:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFD
aswKbd
aswNdisFlt
aswRdr
aswRvrt
aswSnx
aswSP
aswVmm
CSC
DfsC
discache
NetBIOS
NetBT
networx
nsiproxy
Psched
rdbss
spldr
tdx
vwififlt
Wanarpv6
WfpLwf

Error: (07/31/2014 00:04:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/31/2014 00:04:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/31/2014 00:04:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/31/2014 00:04:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%31

Error: (07/31/2014 00:04:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (07/31/2014 00:09:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2014 00:08:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.

Error: (07/31/2014 00:06:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2014 11:34:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2014 08:47:49 PM) (Source: MsiInstaller) (EventID: 1013) (User: Sebastian-PC)
Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/30/2014 05:12:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2014 00:14:31 AM) (Source: MsiInstaller) (EventID: 1013) (User: Sebastian-PC)
Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/29/2014 04:07:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: DeadIslandGame.exe1.0.0.014f001cfab3651d60f1810C:\Program Files (x86)\Steam\steamapps\common\Dead Island\DeadIslandGame.exe97fae872-1729-11e4-b49d-bc5ff4fa1dc1

Error: (07/29/2014 03:37:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2014 07:45:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 8148.75 MB
Available physical RAM: 5349.72 MB
Total Pagefile: 16295.7 MB
Available Pagefile: 13108.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:487.38 GB) NTFS
Drive e: () (Removable) (Total:1.88 GB) (Free:1.52 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 4DA2E21B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 6E652072)
No partition Table on disk 1.

==================== End Of Log ============================
         

Shortcut:
Anhang 68552

GMER:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-31 13:32:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-2 ST1000DM003-1CH162 rev.CC47 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\SEBAST~1\AppData\Local\Temp\kglyauoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\wininit.exe[660] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007721eecd 1 byte [62]
.text  C:\Windows\system32\services.exe[716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007721eecd 1 byte [62]
.text  C:\Windows\system32\atiesrxx.exe[284] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Windows\System32\svchost.exe[368] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007721eecd 1 byte [62]
.text  C:\Windows\System32\svchost.exe[388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007721eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007721eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1360] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Windows\System32\spoolsv.exe[1636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1748] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                000000007721eecd 1 byte [62]
.text  C:\Windows\SysWOW64\ASGT.exe[1792] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                   00000000764da322 1 byte [62]
.text  C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1848] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                   00000000764da322 1 byte [62]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                               00000000764da322 1 byte [62]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                    0000000074f31a22 2 bytes [F3, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                    0000000074f31ad0 2 bytes [F3, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                    0000000074f31b08 2 bytes [F3, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                    0000000074f31bba 2 bytes [F3, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                    0000000074f31bda 2 bytes [F3, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                             0000000076461465 2 bytes [46, 76]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            00000000764614bb 2 bytes [46, 76]
.text  ...                                                                                                                                        * 2
.text  C:\Windows\system32\svchost.exe[1988] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe[1192] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                             00000000764da322 1 byte [62]
.text  C:\Windows\system32\taskhost.exe[2440] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                               000000007721eecd 1 byte [62]
.text  C:\Windows\system32\Dwm.exe[2516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                    000000007721eecd 1 byte [62]
.text  C:\Windows\Explorer.EXE[2548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                        000000007721eecd 1 byte [62]
.text  C:\Windows\system32\wbem\wmiprvse.exe[2736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                          000000007721eecd 1 byte [62]
.text  C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe[2880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                             00000000764da322 1 byte [62]
.text  C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           0000000076461465 2 bytes [46, 76]
.text  C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000764614bb 2 bytes [46, 76]
.text  ...                                                                                                                                        * 2
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3536] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                000000007721eecd 1 byte [62]
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                               000000007721eecd 1 byte [62]
.text  C:\Windows\system32\SearchIndexer.exe[3724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                          000000007721eecd 1 byte [62]
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[3804] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                             000000007721eecd 1 byte [62]
.text  C:\Program Files\NetWorx\networx.exe[3972] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                           000000007721eecd 1 byte [62]
.text  C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3120] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                00000000764da322 1 byte [62]
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2400] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112  00000000764da322 1 byte [62]
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[496] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                    00000000764da322 1 byte [62]
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  0000000076461465 2 bytes [46, 76]
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                 00000000764614bb 2 bytes [46, 76]
.text  ...                                                                                                                                        * 2
.text  C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[324] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189               000000007721eecd 1 byte [62]
.text  C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[3928] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                     00000000764da322 1 byte [62]
.text  C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000076461465 2 bytes [46, 76]
.text  C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000764614bb 2 bytes [46, 76]
.text  ...                                                                                                                                        * 2
.text  C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                     00000000764da322 1 byte [62]
.text  C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000076461465 2 bytes [46, 76]
.text  C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000764614bb 2 bytes [46, 76]
.text  ...                                                                                                                                        * 2
.text  C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE[3900] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                           00000000764da322 1 byte [62]
.text  C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         0000000076461465 2 bytes [46, 76]
.text  C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000764614bb 2 bytes [46, 76]
.text  ...                                                                                                                                        * 2
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4004] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                      000000007721eecd 1 byte [62]
.text  C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[4132] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                             00000000764da322 1 byte [62]
.text  C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[4132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           0000000076461465 2 bytes [46, 76]
.text  C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[4132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000764614bb 2 bytes [46, 76]
.text  ...                                                                                                                                        * 2
.text  C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe[4424] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                              00000000764da322 1 byte [62]
.text  C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000076461465 2 bytes [46, 76]
.text  C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           00000000764614bb 2 bytes [46, 76]
.text  ...                                                                                                                                        * 2
.text  C:\Windows\system32\conhost.exe[4456] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe[4516] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                               00000000764da322 1 byte [62]
.text  C:\Windows\system32\wbem\unsecapp.exe[4848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                          000000007721eecd 1 byte [62]
.text  C:\Windows\system32\AUDIODG.EXE[3440] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Users\Sebastian\Downloads\FRST64.exe[1340] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                        000000007721eecd 1 byte [62]
.text  C:\Windows\system32\notepad.exe[2640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Windows\system32\notepad.exe[3552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Windows\system32\notepad.exe[5388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Windows\system32\NOTEPAD.EXE[5228] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007721eecd 1 byte [62]
.text  C:\Users\Sebastian\Downloads\Gmer-19357.exe[4116] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                    00000000764da322 1 byte [62]

---- EOF - GMER 2.1 ----
         
Danke schonmal im voraus

Gruß sebi

Geändert von shrekislove (31.07.2014 um 12:33 Uhr)

 

Themen zu Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen
adware, akamai, antivirus, bootmgr, branding, computer, downloader, fehlermeldung, flash player, google, helper, homepage, iexplore.exe, installation, ip-hilfsdienst, monitor.exe, netgear, prozess, realtek, registry, scan, security, software, svchost.exe, system, teamspeak, trojaner, trojaner 98uj8, windows, zugriff verweigert




Ähnliche Themen: Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen


  1. Laptop ruft selbst die seite: http://98uj8.de/s3brsn5ba66mgfzeinrum#noad site:www.trojaner-board.de auf
    Log-Analyse und Auswertung - 15.08.2014 (11)
  2. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad Öffnet mehrere Seiten im Firefox
    Plagegeister aller Art und deren Bekämpfung - 07.08.2014 (9)
  3. Browser öffnet 98uj8.de/s3brsn5ba66mgfzeinrum#noad
    Plagegeister aller Art und deren Bekämpfung - 06.08.2014 (12)
  4. Webseite http://www.98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnet sich von alleine
    Log-Analyse und Auswertung - 06.08.2014 (9)
  5. http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal
    Plagegeister aller Art und deren Bekämpfung - 06.08.2014 (18)
  6. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnet sich im Sekundentakt
    Log-Analyse und Auswertung - 05.08.2014 (5)
  7. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad Öffnet sich mehrmals im Browser. :(
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (18)
  8. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öfnet sich hintereinander
    Plagegeister aller Art und deren Bekämpfung - 04.08.2014 (9)
  9. PC (Win7) hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet in Google Chrome
    Plagegeister aller Art und deren Bekämpfung - 04.08.2014 (4)
  10. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnet sich Mehrfach
    Plagegeister aller Art und deren Bekämpfung - 03.08.2014 (14)
  11. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnete sich selbstständig ca 30x
    Plagegeister aller Art und deren Bekämpfung - 02.08.2014 (4)
  12. Google Chrome öffnet 98uj8.de/s3brsn5ba66mgfzeinrum#noad selbstständig
    Plagegeister aller Art und deren Bekämpfung - 02.08.2014 (1)
  13. Windows 8: Firefox öffnet aus dem nichts unzählige Male "hXXp://98uj8.de/s3brsn5ba66mgfzeinrum#noad"
    Log-Analyse und Auswertung - 01.08.2014 (9)
  14. !KEINE FRAGE! meine lösung zum "98uj8.de/s3brsn5ba66mgfzeinrum#noad" problem
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (3)
  15. Windows 7 Trojaner : h**p://98uj8.de/s3brsn5ba66mgfzeinrum#noad
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (5)
  16. Windows 7: Firefox öffnet http://98uj8.de/s3brsn5ba66mgfzeinrum#noad
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (2)
  17. PC hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet
    Plagegeister aller Art und deren Bekämpfung - 21.06.2014 (15)

Zum Thema Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen - Hallo zusammen, Vor etwa einer stunde hat mein pc eigenmächtig die seite hxxp://98uj8.de/s3brsn5ba66mgfzeinrum#noad ungefähr 50-100 mal(grob geschätzt) während ich den pc für etwa 20 min unbeaufsichtigt gelassen habe aufgerufen. Ich - Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen...
Archiv
Du betrachtest: Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.