Farmaster.net Problem Win 7

woohoorockz · 14.09.2014, 11:57

Huhu Leute,
Ich hab das Problem das sich bei jedem Neustart von meinem Pc die cmd.exe öffnet und die Website Farmaster.net in Opera öffnet..
Ich hab mir schon das Farbar Recovery Scan Tool runtergeladen und einen Scan durchgeführt aber ab jetzt weiß ich nicht mehr weiter also hoffe ich auf eure Hilfe ^.^
Hier die Logs. FRST.txt

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Maxi (administrator) on MAXI-PC on 14-09-2014 12:39:19
Running from C:\Users\Maxi\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Windows\DAODx.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Game Inc.) C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
() C:\Program Files (x86)\Opera\24.0.1558.53\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe [1805824 2013-10-16] (Game Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CMD] => cmd.exe /k if %date:~6,4%%date:~3,2%%date:~0,2% LEQ 20140911 (exit) else (start hxxp://farmaster.net/ && exit)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2292052161-4210806713-4271464568-1000\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)
HKU\S-1-5-21-2292052161-4210806713-4271464568-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=532c2615-5343-e7ff-269b-1cf3a94b6796&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=532c2615-5343-e7ff-269b-1cf3a94b6796&searchtype=hp&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9FCE9D15F8A7CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=532c2615-5343-e7ff-269b-1cf3a94b6796&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=532c2615-5343-e7ff-269b-1cf3a94b6796&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=532c2615-5343-e7ff-269b-1cf3a94b6796&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Maxi\AppData\Roaming\Mozilla\Firefox\Profiles\fv1gidzz.default
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll ()
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll ()
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Maxi\AppData\Roaming\Mozilla\Firefox\Profiles\fv1gidzz.default\searchplugins\SafeFinder Search.xml
FF SearchPlugin: C:\Users\Maxi\AppData\Roaming\Mozilla\Firefox\Profiles\fv1gidzz.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Maxi\AppData\Roaming\Mozilla\Firefox\Profiles\fv1gidzz.default\Extensions\abs@avira.com [2014-08-28]
FF Extension: Adblock Plus - C:\Users\Maxi\AppData\Roaming\Mozilla\Firefox\Profiles\fv1gidzz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-25]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-10-16] (DeviceVM, Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-06] (Disc Soft Ltd)
R3 GameKB; C:\Windows\System32\drivers\GameKB.sys [31232 2013-10-15] ( )
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 12:39 - 2014-09-14 12:40 - 00011973 _____ () C:\Users\Maxi\Desktop\FRST.txt
2014-09-14 12:39 - 2014-09-14 12:39 - 00029040 _____ () C:\Users\Maxi\Downloads\Logs.rar
2014-09-14 12:39 - 2014-09-14 12:39 - 00000000 ____D () C:\FRST
2014-09-14 12:35 - 2014-09-14 12:35 - 02105856 _____ (Farbar) C:\Users\Maxi\Desktop\FRST64.exe
2014-09-12 00:11 - 2014-09-12 02:18 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\TS3Client
2014-09-12 00:11 - 2014-09-12 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-09-12 00:09 - 2014-09-12 00:10 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\Maxi\Downloads\TeamSpeak3-Client-win64-3.0.16.exe
2014-09-12 00:09 - 2014-09-12 00:10 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\Maxi\Downloads\TeamSpeak3-Client-win64-3.0.16 (1).exe
2014-09-11 12:24 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 12:24 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 12:24 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 12:24 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 12:24 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 12:24 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 12:24 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 12:24 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 12:24 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 12:24 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 12:24 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 12:24 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 12:24 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 12:24 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 12:24 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 12:24 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 12:24 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 12:24 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 12:24 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 12:24 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 12:24 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 12:24 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 12:24 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 12:24 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 12:24 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 12:24 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 12:24 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 12:24 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 12:24 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 12:24 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 12:24 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 12:24 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 12:24 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 12:24 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 12:24 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 12:24 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 12:24 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 12:24 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 12:24 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 12:24 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 12:24 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 12:24 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 12:24 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 12:24 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 12:24 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 12:24 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 12:24 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 12:24 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 12:24 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 12:24 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 12:24 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 12:24 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 12:24 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 12:24 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 12:24 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 12:24 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 21:01 - 2014-09-10 21:01 - 05788228 _____ () C:\Users\Maxi\Downloads\Die fantastischen Abenteuer Knofensas [german Fandub].mp4
2014-09-10 14:06 - 2014-09-10 14:07 - 00000000 ____D () C:\Users\Maxi\AppData\Local\Adobe
2014-09-10 12:11 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 12:11 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 12:11 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 12:11 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 12:11 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-09 23:12 - 2014-09-09 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-08 16:47 - 2014-09-08 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2014-09-08 11:58 - 2014-09-08 12:05 - 00000000 ____D () C:\Users\Maxi\Desktop\Prinzessin.Mononoke.[GerJapEngDub][GerEngSub][1080p][Bluray]-Li0N
2014-09-06 00:51 - 2014-09-06 00:51 - 00000000 ____D () C:\Users\Maxi\Documents\Electronic Arts
2014-09-06 00:08 - 2012-12-10 16:21 - 00163376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-09-06 00:08 - 2012-11-26 11:10 - 00221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tabctl32.ocx
2014-09-06 00:08 - 2012-07-06 20:03 - 00617816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2014-09-06 00:08 - 2012-05-02 11:17 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx
2014-09-06 00:08 - 2011-01-12 13:36 - 01054208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71u.dll
2014-09-06 00:08 - 2011-01-12 13:25 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71deu.dll
2014-09-06 00:08 - 2011-01-12 13:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71ita.dll
2014-09-06 00:08 - 2011-01-12 13:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71fra.dll
2014-09-06 00:08 - 2011-01-12 13:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71esp.dll
2014-09-06 00:08 - 2011-01-12 13:25 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71enu.dll
2014-09-06 00:08 - 2011-01-12 13:25 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71kor.dll
2014-09-06 00:08 - 2011-01-12 13:25 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71jpn.dll
2014-09-06 00:08 - 2011-01-12 13:25 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71cht.dll
2014-09-06 00:08 - 2011-01-12 13:25 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71chs.dll
2014-09-06 00:08 - 2011-01-12 13:19 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-09-06 00:08 - 2011-01-12 12:53 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl71.dll
2014-09-06 00:08 - 2010-02-16 14:22 - 00659264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00443488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshflxgd.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00415552 _____ (Microsoft Corporation ) C:\Windows\SysWOW64\comct332.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00278352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdatgrd.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00258880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msflxgrd.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00252240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdatlst.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00222528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dblist32.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00218432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00215880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mci32.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00178512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmask32.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00170080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00136008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinet.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msstdfmt.dll
2014-09-06 00:08 - 2010-02-16 14:22 - 00126800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswinsck.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00119616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomm32.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00107840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msstkprp.dll
2014-09-06 00:08 - 2010-02-16 14:22 - 00100160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\picclp32.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00080208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysinfo.ocx
2014-09-06 00:08 - 2007-02-01 22:13 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-09-06 00:08 - 2007-02-01 19:11 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-09-06 00:08 - 2007-01-30 22:04 - 00339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2014-09-06 00:08 - 2006-08-26 00:28 - 01017344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70u.dll
2014-09-06 00:08 - 2006-08-26 00:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70ita.dll
2014-09-06 00:08 - 2006-08-26 00:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70fra.dll
2014-09-06 00:08 - 2006-08-26 00:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70esp.dll
2014-09-06 00:08 - 2006-08-26 00:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70deu.dll
2014-09-06 00:08 - 2006-08-26 00:15 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70enu.dll
2014-09-06 00:08 - 2006-08-26 00:15 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70kor.dll
2014-09-06 00:08 - 2006-08-26 00:15 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70jpn.dll
2014-09-06 00:08 - 2006-08-26 00:15 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70cht.dll
2014-09-06 00:08 - 2006-08-26 00:15 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70chs.dll
2014-09-06 00:08 - 2006-08-26 00:07 - 01024000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70.dll
2014-09-06 00:08 - 2006-08-25 23:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl70.dll
2014-09-06 00:08 - 2006-04-10 13:41 - 01066176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl32.ocx
2014-09-06 00:08 - 2005-01-20 19:25 - 00054784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvci70.dll
2014-09-06 00:08 - 2002-01-05 05:40 - 00487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp70.dll
2014-09-06 00:08 - 2001-08-23 00:00 - 01355776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvbvm50.dll
2014-09-06 00:08 - 1996-01-12 03:00 - 00722192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vb40032.dll
2014-09-06 00:08 - 1993-07-23 19:31 - 00210944 _____ () C:\Windows\SysWOW64\msvcrt10.dll
2014-09-06 00:00 - 2014-09-08 16:50 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-09-05 23:39 - 2014-09-05 23:39 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-05 23:37 - 2014-09-06 00:21 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\Origin
2014-09-05 23:37 - 2014-09-05 23:39 - 00000000 ____D () C:\Users\Maxi\AppData\Local\Origin
2014-09-05 23:32 - 2014-09-09 23:27 - 00000000 ____D () C:\ProgramData\Origin
2014-09-05 23:32 - 2014-09-09 23:27 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-05 23:32 - 2014-09-06 00:51 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-05 23:19 - 2014-09-05 23:22 - 00000000 ____D () C:\Users\Maxi\Desktop\The.SIMS.4 Deluxe.Edition.RePack-WestMore
2014-09-03 12:37 - 2014-09-13 14:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-09-02 10:54 - 2014-09-02 10:54 - 00003850 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1409246306
2014-08-30 15:07 - 2014-08-30 15:07 - 00000000 ____D () C:\Users\Maxi\Documents\Dolphin Emulator
2014-08-30 15:05 - 2014-08-30 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin
2014-08-30 15:05 - 2014-08-30 15:06 - 00000000 ____D () C:\Program Files\Dolphin
2014-08-30 15:05 - 2014-08-30 15:05 - 00000796 _____ () C:\Users\Public\Desktop\Dolphin.lnk
2014-08-28 22:36 - 2014-08-28 22:36 - 00002826 _____ () C:\Users\Maxi\AppData\Local\recently-used.xbel
2014-08-28 22:35 - 2014-08-28 22:35 - 00000000 ____D () C:\Users\Maxi\.thumbnails
2014-08-28 19:18 - 2014-09-02 10:54 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-28 19:18 - 2014-08-28 19:18 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-08-28 19:18 - 2014-08-28 19:18 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\Opera Software
2014-08-28 19:18 - 2014-08-28 19:18 - 00000000 ____D () C:\Users\Maxi\AppData\Local\Opera Software
2014-08-28 15:43 - 2014-08-28 15:43 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-08-28 09:43 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:43 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 09:43 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 21:48 - 2014-08-25 21:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-25 21:48 - 2014-08-25 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-23 22:29 - 2014-09-09 23:13 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-23 22:29 - 2014-08-23 22:29 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\Avira
2014-08-23 22:28 - 2014-09-09 23:12 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-23 22:28 - 2014-08-23 22:30 - 00000000 ____D () C:\ProgramData\Avira
2014-08-23 22:28 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-23 22:28 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-23 22:28 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-15 14:07 - 2014-08-15 14:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 12:40 - 2014-09-14 12:39 - 00011973 _____ () C:\Users\Maxi\Desktop\FRST.txt
2014-09-14 12:39 - 2014-09-14 12:39 - 00029040 _____ () C:\Users\Maxi\Downloads\Logs.rar
2014-09-14 12:39 - 2014-09-14 12:39 - 00000000 ____D () C:\FRST
2014-09-14 12:36 - 2014-07-24 21:09 - 00000012 ____H () C:\dvmexp.idx
2014-09-14 12:35 - 2014-09-14 12:35 - 02105856 _____ (Farbar) C:\Users\Maxi\Desktop\FRST64.exe
2014-09-14 12:34 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-14 12:34 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-14 12:32 - 2014-07-24 21:44 - 01095169 _____ () C:\Windows\WindowsUpdate.log
2014-09-14 12:26 - 2014-07-24 21:07 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-14 12:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-14 12:26 - 2009-07-14 06:51 - 00125686 _____ () C:\Windows\setupact.log
2014-09-14 00:55 - 2014-07-25 13:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-13 19:46 - 2014-07-25 13:29 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\Skype
2014-09-13 16:44 - 2014-07-25 14:00 - 00000000 ____D () C:\Users\Maxi\AppData\Local\PMB Files
2014-09-13 14:10 - 2014-09-03 12:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-09-12 13:25 - 2014-07-25 14:00 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-12 02:18 - 2014-09-12 00:11 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\TS3Client
2014-09-12 00:14 - 2014-07-25 16:41 - 00000000 ____D () C:\Users\Maxi\Desktop\Stuff
2014-09-12 00:14 - 2014-07-25 16:41 - 00000000 ____D () C:\Users\Maxi\Desktop\Games
2014-09-12 00:11 - 2014-09-12 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-09-12 00:10 - 2014-09-12 00:09 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\Maxi\Downloads\TeamSpeak3-Client-win64-3.0.16.exe
2014-09-12 00:10 - 2014-09-12 00:09 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\Maxi\Downloads\TeamSpeak3-Client-win64-3.0.16 (1).exe
2014-09-11 12:25 - 2010-11-21 08:50 - 00696620 _____ () C:\Windows\system32\perfh007.dat
2014-09-11 12:25 - 2010-11-21 08:50 - 00147916 _____ () C:\Windows\system32\perfc007.dat
2014-09-11 12:25 - 2009-07-14 07:13 - 01633540 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 12:23 - 2014-07-24 21:19 - 01589442 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 12:20 - 2014-07-29 10:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 12:19 - 2014-07-29 10:19 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 21:01 - 2014-09-10 21:01 - 05788228 _____ () C:\Users\Maxi\Downloads\Die fantastischen Abenteuer Knofensas [german Fandub].mp4
2014-09-10 14:07 - 2014-09-10 14:06 - 00000000 ____D () C:\Users\Maxi\AppData\Local\Adobe
2014-09-10 14:07 - 2014-07-25 13:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 14:07 - 2014-07-25 13:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 14:07 - 2014-07-25 13:16 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 23:27 - 2014-09-05 23:32 - 00000000 ____D () C:\ProgramData\Origin
2014-09-09 23:27 - 2014-09-05 23:32 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-09 23:13 - 2014-08-23 22:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-09 23:12 - 2014-09-09 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-09 23:12 - 2014-08-23 22:28 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-08 20:11 - 2014-07-26 20:48 - 00000000 ____D () C:\Program Files\JDownloader v2.0
2014-09-08 17:06 - 2014-07-26 22:54 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\vlc
2014-09-08 16:50 - 2014-09-06 00:00 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-09-08 16:47 - 2014-09-08 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2014-09-08 12:05 - 2014-09-08 11:58 - 00000000 ____D () C:\Users\Maxi\Desktop\Prinzessin.Mononoke.[GerJapEngDub][GerEngSub][1080p][Bluray]-Li0N
2014-09-06 00:51 - 2014-09-06 00:51 - 00000000 ____D () C:\Users\Maxi\Documents\Electronic Arts
2014-09-06 00:51 - 2014-09-05 23:32 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-06 00:21 - 2014-09-05 23:37 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\Origin
2014-09-06 00:14 - 2010-11-21 05:47 - 00228422 _____ () C:\Windows\PFRO.log
2014-09-05 23:39 - 2014-09-05 23:39 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-05 23:39 - 2014-09-05 23:37 - 00000000 ____D () C:\Users\Maxi\AppData\Local\Origin
2014-09-05 23:22 - 2014-09-05 23:19 - 00000000 ____D () C:\Users\Maxi\Desktop\The.SIMS.4 Deluxe.Edition.RePack-WestMore
2014-09-05 11:22 - 2014-07-25 13:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-03 01:07 - 2014-07-25 13:40 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-02 10:54 - 2014-09-02 10:54 - 00003850 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1409246306
2014-09-02 10:54 - 2014-08-28 19:18 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-30 15:07 - 2014-08-30 15:07 - 00000000 ____D () C:\Users\Maxi\Documents\Dolphin Emulator
2014-08-30 15:06 - 2014-08-30 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin
2014-08-30 15:06 - 2014-08-30 15:05 - 00000000 ____D () C:\Program Files\Dolphin
2014-08-30 15:06 - 2014-07-27 17:07 - 00386703 _____ () C:\Windows\DirectX.log
2014-08-30 15:05 - 2014-08-30 15:05 - 00000796 _____ () C:\Users\Public\Desktop\Dolphin.lnk
2014-08-29 11:18 - 2009-07-14 06:45 - 00266400 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 22:36 - 2014-08-28 22:36 - 00002826 _____ () C:\Users\Maxi\AppData\Local\recently-used.xbel
2014-08-28 22:36 - 2014-07-26 13:29 - 00000000 ____D () C:\Users\Maxi\AppData\Local\gtk-2.0
2014-08-28 22:36 - 2014-07-26 13:26 - 00000000 ____D () C:\Users\Maxi\.gimp-2.8
2014-08-28 22:35 - 2014-08-28 22:35 - 00000000 ____D () C:\Users\Maxi\.thumbnails
2014-08-28 22:35 - 2014-07-24 20:50 - 00000000 ____D () C:\Users\Maxi
2014-08-28 19:18 - 2014-08-28 19:18 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-08-28 19:18 - 2014-08-28 19:18 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\Opera Software
2014-08-28 19:18 - 2014-08-28 19:18 - 00000000 ____D () C:\Users\Maxi\AppData\Local\Opera Software
2014-08-28 15:43 - 2014-08-28 15:43 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-08-25 21:48 - 2014-08-25 21:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-25 21:48 - 2014-08-25 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-25 21:48 - 2014-07-25 13:29 - 00000000 ____D () C:\ProgramData\Skype
2014-08-23 22:30 - 2014-08-23 22:28 - 00000000 ____D () C:\ProgramData\Avira
2014-08-23 22:29 - 2014-08-23 22:29 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\Avira
2014-08-23 04:07 - 2014-08-28 09:43 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 09:43 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 09:43 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 20:05 - 2014-09-11 12:24 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-11 12:24 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 14:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-19 01:01 - 2014-09-11 12:24 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-11 12:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-11 12:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-11 12:24 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-11 12:24 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-11 12:24 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-11 12:24 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-11 12:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-11 12:24 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-11 12:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-11 12:24 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-11 12:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-11 12:24 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-11 12:24 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-11 12:24 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-11 12:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-11 12:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-11 12:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-11 12:24 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-11 12:24 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-11 12:24 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-11 12:24 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-11 12:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-11 12:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-11 12:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-11 12:24 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-11 12:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-11 12:24 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-11 12:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-11 12:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-11 12:24 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-11 12:24 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-11 12:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-11 12:24 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-11 12:24 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-11 12:24 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-11 12:24 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-11 12:24 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-11 12:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-11 12:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-11 12:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-11 12:24 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-11 12:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-11 12:24 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-11 12:24 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-11 12:24 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-11 12:24 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-11 12:24 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-11 12:24 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-11 12:24 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-11 12:24 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-11 12:24 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-11 12:24 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-11 12:24 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 17:22 - 2014-07-30 18:58 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\.minecraft
2014-08-15 14:07 - 2014-08-15 14:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-08-15 13:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 10:30 - 2014-08-23 22:28 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-15 10:30 - 2014-08-23 22:28 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-15 10:30 - 2014-08-23 22:28 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

Some content of TEMP:
====================
C:\Users\Maxi\AppData\Local\Temp\avgnt.exe
C:\Users\Maxi\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Maxi\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Maxi\AppData\Local\Temp\Nv3DVisionIePlugin64.dll
C:\Users\Maxi\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Maxi\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Maxi\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Maxi\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Maxi\AppData\Local\Temp\nvStInst.exe
C:\Users\Maxi\AppData\Local\Temp\proxy_vole1691991367675198375.dll
C:\Users\Maxi\AppData\Local\Temp\Quarantine.exe
C:\Users\Maxi\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Maxi\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Maxi\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Maxi\AppData\Local\Temp\x2blapi.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 19:27

==================== End Of Log ============================

und Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Maxi at 2014-09-14 12:40:22
Running from C:\Users\Maxi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed (HKLM-x32\...\Steam App 15100) (Version:  - Ubisoft Montreal)
ASUS nVidia Driver (x32 Version: 1.00.0000 - ASUSTek) Hidden
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - Ronimo Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dawngate (HKLM-x32\...\{1330926C-251C-414E-A681-F8CEF84899BC}) (Version: 182.23.92.0 - Electronic Arts, Inc.)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Free YouTube Download version 3.2.42.716 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.42.716 - DVDVideoSoft Ltd.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.9 - www.leaguereplays.com)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (HKLM\...\{3C28BFD4-90C7-3138-87EF-418DC16E9598}) (Version: 11.0.51106 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (HKLM\...\{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}) (Version: 11.0.51106 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (HKLM-x32\...\{6C772996-BFF3-3C8C-860B-B3D48FF05D65}) (Version: 11.0.51106 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (HKLM-x32\...\{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}) (Version: 11.0.51106 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.1.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.1.0 (x86 de)) (Version: 31.1.0 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6514 - NVIDIA Corporation)
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Opera Stable 24.0.1558.53 (HKLM-x32\...\Opera 24.0.1558.53) (Version: 24.0.1558.53 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.12.0 - Ralink)
Sacred 2 Gold (HKLM-x32\...\Steam App 225640) (Version:  - Ascaron)
Sacred 3 (HKLM-x32\...\U2FjcmVkMw==_is1) (Version: 1 - )
SafeFinder Smartbar (HKLM-x32\...\{FA6289D6-676C-4497-88CC-9E2E15488944}) (Version: 11.49.72.16858 - Linkury Ltd.) <==== ATTENTION
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
SHARKOON Skiller (HKLM-x32\...\{91C25547-9534-41A5-823A-1E54BA16EA3F}) (Version: 1.00.0000 - )
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.450.22786 - SteelSeries)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The SIMS 4 Deluxe Edition, версия 1.0 (HKLM-x32\...\The SIMS 4 Deluxe Edition_is1) (Version: 1.0 - )
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-09-2014 22:01:39 Microsoft Visual C++ 2005 Redistributable wird installiert
05-09-2014 22:02:52 Microsoft Visual C++ 2005 Redistributable (x64) wird installiert
05-09-2014 22:03:42 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523
05-09-2014 22:04:37 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523
05-09-2014 22:05:31 Installed Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
05-09-2014 22:06:36 Installed Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
05-09-2014 22:06:55 Installed Microsoft Visual F# 2.0 Runtime
05-09-2014 22:07:20 Installed Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
05-09-2014 22:07:37 Installed Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
05-09-2014 22:07:51 Installed Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
05-09-2014 22:08:10 Installed Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
05-09-2014 22:08:27 Installed Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
05-09-2014 22:08:41 Installed Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
07-09-2014 20:44:57 Windows-Sicherung
08-09-2014 14:50:33 Microsoft Visual C++ 2005 Redistributable wird installiert
08-09-2014 14:51:49 Microsoft Visual C++ 2005 Redistributable (x64) wird installiert
08-09-2014 14:52:51 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523
08-09-2014 14:53:48 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523
08-09-2014 14:54:32 Installed Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
08-09-2014 14:54:55 Installed Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
08-09-2014 14:55:26 Installed Microsoft Visual F# 2.0 Runtime
08-09-2014 14:56:06 Installed Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
08-09-2014 14:56:24 Installed Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
08-09-2014 14:56:42 Installed Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
08-09-2014 14:57:01 Installed Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
08-09-2014 14:57:21 Installed Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
08-09-2014 14:57:37 Installed Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
11-09-2014 10:17:40 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {088916CB-D8FD-46D5-8E2D-688A95420FBD} - System32\Tasks\{FE57D835-5B63-4EE2-8BDB-D569D65830BD} => D:\Programme\EA\Dawngate\launcher\Launcher.exe [2014-07-29] (Waystone Games, a division of Electronic Arts Inc.)
Task: {50270728-CB76-4D48-800C-16C92224C35E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {73C7E13A-04CE-4166-8974-FF7302447D7A} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {8ED2B953-92A5-41AD-A42E-491F427AC687} - System32\Tasks\Opera scheduled Autoupdate 1409246306 => C:\Program Files (x86)\Opera\launcher.exe [2014-08-27] (Opera Software)
Task: {BC6B75CE-C214-415A-BFA1-E229EEFB5632} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-07-24 21:20 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-03-30 08:32 - 2009-03-30 08:32 - 00032768 ____R () C:\Windows\DAODx.exe
2014-06-26 20:39 - 2014-06-26 20:39 - 00504832 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 09315328 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00015872 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00115200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2014-05-16 17:57 - 2014-05-16 17:57 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00034304 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-05-16 17:57 - 2014-05-16 17:57 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00189440 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00031744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00159744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00020992 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00029696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00023040 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2014-09-02 10:54 - 2014-09-02 10:54 - 01372280 _____ () C:\Program Files (x86)\Opera\24.0.1558.53\opera_crashreporter.exe
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-23 22:30 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Maxi\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-02 10:54 - 2014-09-02 10:54 - 01378936 _____ () C:\Program Files (x86)\Opera\24.0.1558.53\libglesv2.dll
2014-09-02 10:54 - 2014-09-02 10:54 - 00182392 _____ () C:\Program Files (x86)\Opera\24.0.1558.53\libegl.dll
2014-09-02 10:54 - 2014-09-02 10:54 - 00974968 _____ () C:\Program Files (x86)\Opera\24.0.1558.53\ffmpegsumo.dll
2014-09-10 12:55 - 2014-09-10 14:07 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2014 00:27:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 00:15:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 11:01:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 02:20:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 00:59:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 00:52:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/11/2014 08:10:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7e0

Startzeit: 01cfcdeb98d7a63c

Endzeit: 2

Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

Berichts-ID: da7fe754-39de-11e4-a8d8-e3282f07eb88

Error: (09/11/2014 00:15:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 11:47:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2014 11:08:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/13/2014 02:21:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (09/12/2014 01:01:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (09/09/2014 01:53:50 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (09/06/2014 01:31:56 AM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video5Graphics Exception: ESR 0x408030=0x80000003

Error: (09/06/2014 01:31:56 AM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video5Graphics Exception: Const out of Bound

Error: (09/06/2014 00:00:49 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (09/06/2014 00:00:47 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (09/05/2014 04:48:54 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (09/04/2014 11:14:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (09/03/2014 02:46:40 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (09/14/2014 00:27:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 00:15:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 11:01:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 02:20:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 00:59:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 00:52:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/11/2014 08:10:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rads_user_kernel.exe0.0.0.07e001cfcdeb98d7a63c2C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeda7fe754-39de-11e4-a8d8-e3282f07eb88

Error: (09/11/2014 00:15:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 11:47:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2014 11:08:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-08-19 14:51:57.375
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-19 14:51:57.374
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-19 14:51:57.373
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-19 14:51:57.345
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-19 14:51:57.339
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-19 14:51:57.328
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-07 22:52:19.843
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-07 22:52:19.843
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-07 22:52:19.843
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-07 22:52:19.827
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 30%
Total physical RAM: 8190.18 MB
Available physical RAM: 5693.63 MB
Total Pagefile: 16378.54 MB
Available Pagefile: 13366.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:488.18 GB) (Free:329.96 GB) NTFS
Drive d: () (Fixed) (Total:908.98 GB) (Free:804.57 GB) NTFS
Drive e: (WIFI_A 3.0) (CDROM) (Total:0.15 GB) (Free:0 GB) CDFS
Drive f: (INTENSO) (Fixed) (Total:931.28 GB) (Free:590.89 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 8FB88701)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=909 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 205239D8)
Partition 1: (Active) - (Size=931.5 GB) - (Type=0C)

==================== End Of Log ============================

Danke im Vorraus

M-K-D-B · 14.09.2014, 12:01

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

das Problem mit "Farmaster.net" ist nicht dein Einziges...

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
HKLM-x32\...\Run: [CMD] => cmd.exe /k if %date:~6,4%%date:~3,2%%date:~0,2% LEQ 20140911 (exit) else (start hxxp://farmaster.net/ && exit)
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 4
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.

Starte Zoek.exe mit einem Doppelklick.
Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
Code:
ATTFilter
```
iedefaults;
resetIEproxy;
shortcutfix;
emptyclsid;
         
```
Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).

Schritt 5

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von Zoek,
die beiden neuen Logdateien von FRST.

woohoorockz · 14.09.2014, 12:32

Fixlog.txt

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Maxi at 2014-09-14 13:21:34 Run:1
Running from C:\Users\Maxi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [CMD] => cmd.exe /k if %date:~6,4%%date:~3,2%%date:~0,2% LEQ 20140911 (exit) else (start hxxp://farmaster.net/ && exit)
end
         
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.


The system needed a reboot. 

==== End of Fixlog ====

M-K-D-B · 14.09.2014, 12:41

Servus,

gut gemacht.

Dann weiter mit den restlichen Schritten.

woohoorockz · 14.09.2014, 12:42

AdwCleaner.txt

Code:

ATTFilter

# AdwCleaner v3.310 - Bericht erstellt am 14/09/2014 um 13:34:59
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Maxi - MAXI-PC
# Gestartet von : C:\Users\Maxi\Desktop\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Maxi\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\Maxi\AppData\Roaming\OpenCandy
Datei Gelöscht : C:\Users\Maxi\AppData\Roaming\Mozilla\Firefox\Profiles\fv1gidzz.default\searchplugins\SafeFinder Search.xml
Datei Gelöscht : C:\Users\Maxi\AppData\Roaming\Mozilla\Firefox\Profiles\fv1gidzz.default\searchplugins\Web Search.xml

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SafeFinder_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SafeFinder_RASMANCS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\smartbarbackup
Schlüssel Gelöscht : HKCU\Software\smartbarlog
Schlüssel Gelöscht : HKLM\SOFTWARE\DeviceVM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA6289D6-676C-4497-88CC-9E2E15488944}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Maxi\AppData\Roaming\Mozilla\Firefox\Profiles\fv1gidzz.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3992 octets] - [26/07/2014 21:24:53]
AdwCleaner[R1].txt - [3630 octets] - [26/07/2014 21:32:57]
AdwCleaner[R2].txt - [4466 octets] - [14/09/2014 13:33:57]
AdwCleaner[S0].txt - [584 octets] - [26/07/2014 21:32:39]
AdwCleaner[S1].txt - [3640 octets] - [26/07/2014 21:33:17]
AdwCleaner[S2].txt - [2880 octets] - [14/09/2014 13:34:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2940 octets] ##########

Der Safetynut Müll wurde schon gefixt auch durch Malwarebytes und adwcleaner also sollte der kein Problem mehr darstellen

M-K-D-B · 14.09.2014, 12:45

Zitat:

Zitat von woohoorockz

Der Safetynut Müll wurde schon gefixt auch durch Malwarebytes und adwcleaner also sollte der kein Problem mehr darstellen

Was meinst du mit Safetynut-Müll genau?

Bitte einfach weiter im Programm.

woohoorockz · 14.09.2014, 13:01

mbam.txt

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 14.09.2014
Suchlauf-Zeit: 13:48:02
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.14.03
Rootkit Datenbank: v2014.09.13.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Maxi

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 308300
Verstrichene Zeit: 8 Min, 47 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Safetynut ist so eine lästige Smartbar die mir vor ein paar Monaten mit jDownloader installiert wurde, da sollte schon alles entfernt worden sein.. eigentlich ^^

M-K-D-B · 14.09.2014, 13:04

Zitat:

Zitat von woohoorockz

(end)[/CODE]
Safetynut ist so eine lästige Smartbar die mir vor ein paar Monaten mit jDownloader installiert wurde, da sollte schon alles entfernt worden sein.. eigentlich ^^

hehe ^^

Ja mal schauen, was noch so kommt...

Immer weiter

woohoorockz · 14.09.2014, 13:11

Zoeg.txt

Code:

ATTFilter

Zoek.exe v5.0.0.0 Updated 13-September-2014
Tool run by Maxi on 14.09.2014 at 14:03:18,36.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Maxi\Downloads\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

14.09.2014 14:04:16 Zoek.exe System Restore Point Created Succesfully.

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== shortcuts on Users Desktops ======================

C:\Users\Maxi\Desktop\Games\Dawngate.lnk - D:\Programme\EA\Dawngate\launcher\Launcher.exe 
C:\Users\Maxi\Desktop\Games\Play League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe 
C:\Users\Maxi\Desktop\Games\Sacred 3.lnk - C:\Program Files (x86)\Sacred 3\sacred3.exe 
C:\Users\Maxi\Desktop\Games\The SIMS 4 Deluxe Edition.lnk - D:\Programme\Sims 4\The SIMS 4 Deluxe Edition\Game\Bin\The.Sims.4.Launcher.exe 
C:\Users\Maxi\Desktop\Games\WildStar.lnk - C:\Program Files (x86)\NCSOFT\WildStar\Wildstar.exe 
C:\Users\Maxi\Desktop\Stuff\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe 
C:\Users\Maxi\Desktop\Stuff\GIMP 2.lnk - C:\Program Files\GIMP 2\bin\gimp-2.8.exe 
C:\Users\Maxi\Desktop\Stuff\JDownloader - Verknüpfung.lnk -  
C:\Users\Maxi\Desktop\Stuff\JDownloader 2.lnk - C:\Program Files (x86)\JDownloader v2.0\JDownloader2.exe 
C:\Users\Maxi\Desktop\Stuff\LOL Recorder.lnk - F:\LoL Replay\LOLReplay\LOLRecorder.exe 
C:\Users\Maxi\Desktop\Stuff\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe 
C:\Users\Maxi\Desktop\Stuff\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe 
C:\Users\Maxi\Desktop\Stuff\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe 
C:\Users\Maxi\Desktop\Stuff\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe 
C:\Users\Maxi\Desktop\Stuff\TeamSpeak 3 Client.lnk - D:\Programme\ts3client_win64.exe 
C:\Users\Maxi\Desktop\Stuff\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe 

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Dolphin.lnk - C:\Program Files\Dolphin\Dolphin.exe 
C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk - D:\Programme\ Malwarebytes Anti-Malware \mbam.exe 

==== shortcuts in Users Start Menu ======================

C:\Users\Maxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Maxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe  -extoff
C:\Users\Maxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Deinstallationsprogramm.lnk - C:\Program Files (x86)\JDownloader v2.0\Uninstall JDownloader.exe 
C:\Users\Maxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Update & Rescue.lnk - C:\Program Files (x86)\JDownloader v2.0\JDownloader2Update.exe 
C:\Users\Maxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2.lnk - C:\Program Files (x86)\JDownloader v2.0\JDownloader2.exe 
C:\Users\Maxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries\SteelSeries Engine\Diablo III Headset User Guide.lnk - C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeries_Diablo_III_Headset_Guide.pdf 
C:\Users\Maxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries\SteelSeries Engine\Diablo III Mouse User Guide.lnk - C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeries_Diablo_III_Mouse_Guide.pdf 
C:\Users\Maxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries\SteelSeries Engine\Sensei User Guide.lnk - C:\Program Files\SteelSeries\SteelSeries Engine\Sensei_UserGuide.pdf 
C:\Users\Maxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries\SteelSeries Engine\SteelSeries Engine User Guide.lnk - C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine_UserGuide.pdf 
C:\Users\Maxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries\SteelSeries Engine\SteelSeries Engine.lnk - C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe 
C:\Users\Maxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries\SteelSeries Engine\SteelSeries Firmware Update Tool.lnk - C:\Program Files\SteelSeries\SteelSeries Engine\SSEFix.exe 
C:\Users\Maxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries\SteelSeries Engine\Uninstall SteelSeries Engine.lnk - C:\Program Files\SteelSeries\SteelSeries Engine\uninst.exe 
C:\Users\Maxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -  
C:\Users\Maxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm 
C:\Users\Maxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt 
C:\Users\Maxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe 

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)\The SIMS 4 Deluxe Edition.lnk - D:\Programme\Sims 4\The SIMS 4 Deluxe Edition\Game\Bin\The.Sims.4.Launcher.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\My Avira\Avira.lnk - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin\Dolphin.lnk - C:\Program Files\Dolphin\Dolphin.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin\Uninstall Dolphin.lnk - C:\Program Files\Dolphin\uninst.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk - D:\Programme\ Malwarebytes Anti-Malware \unins000.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk - D:\Programme\ Malwarebytes Anti-Malware \mbam.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk - D:\Programme\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\TeamSpeak 3 Client.lnk - D:\Programme\ts3client_win64.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\Uninstall.lnk - D:\Programme\Uninstall.exe 

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Maxi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader 2.lnk - C:\Program Files (x86)\JDownloader v2.0\JDownloader2.exe 
C:\Users\Maxi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Maxi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe 
C:\Users\Maxi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Maxi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Maxi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe 
C:\Users\Maxi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
C:\Users\Maxi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe 
C:\Users\Maxi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Play League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe 
C:\Users\Maxi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 14.09.2014 at 14:04:34,51 ======================

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Maxi at 2014-09-14 14:07:49
Running from C:\Users\Maxi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed (HKLM-x32\...\Steam App 15100) (Version:  - Ubisoft Montreal)
ASUS nVidia Driver (x32 Version: 1.00.0000 - ASUSTek) Hidden
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - Ronimo Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dawngate (HKLM-x32\...\{1330926C-251C-414E-A681-F8CEF84899BC}) (Version: 182.23.92.0 - Electronic Arts, Inc.)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Free YouTube Download version 3.2.42.716 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.42.716 - DVDVideoSoft Ltd.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.9 - www.leaguereplays.com)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (HKLM\...\{3C28BFD4-90C7-3138-87EF-418DC16E9598}) (Version: 11.0.51106 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (HKLM\...\{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}) (Version: 11.0.51106 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (HKLM-x32\...\{6C772996-BFF3-3C8C-860B-B3D48FF05D65}) (Version: 11.0.51106 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (HKLM-x32\...\{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}) (Version: 11.0.51106 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.1.1 (x86 de)) (Version: 31.1.1 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6514 - NVIDIA Corporation)
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Opera Stable 24.0.1558.53 (HKLM-x32\...\Opera 24.0.1558.53) (Version: 24.0.1558.53 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.12.0 - Ralink)
Sacred 2 Gold (HKLM-x32\...\Steam App 225640) (Version:  - Ascaron)
Sacred 3 (HKLM-x32\...\U2FjcmVkMw==_is1) (Version: 1 - )
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
SHARKOON Skiller (HKLM-x32\...\{91C25547-9534-41A5-823A-1E54BA16EA3F}) (Version: 1.00.0000 - )
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.450.22786 - SteelSeries)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The SIMS 4 Deluxe Edition, версия 1.0 (HKLM-x32\...\The SIMS 4 Deluxe Edition_is1) (Version: 1.0 - )
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-09-2014 22:01:39 Microsoft Visual C++ 2005 Redistributable wird installiert
05-09-2014 22:02:52 Microsoft Visual C++ 2005 Redistributable (x64) wird installiert
05-09-2014 22:03:42 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523
05-09-2014 22:04:37 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523
05-09-2014 22:05:31 Installed Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
05-09-2014 22:06:36 Installed Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
05-09-2014 22:06:55 Installed Microsoft Visual F# 2.0 Runtime
05-09-2014 22:07:20 Installed Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
05-09-2014 22:07:37 Installed Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
05-09-2014 22:07:51 Installed Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
05-09-2014 22:08:10 Installed Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
05-09-2014 22:08:27 Installed Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
05-09-2014 22:08:41 Installed Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
07-09-2014 20:44:57 Windows-Sicherung
08-09-2014 14:50:33 Microsoft Visual C++ 2005 Redistributable wird installiert
08-09-2014 14:51:49 Microsoft Visual C++ 2005 Redistributable (x64) wird installiert
08-09-2014 14:52:51 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523
08-09-2014 14:53:48 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523
08-09-2014 14:54:32 Installed Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
08-09-2014 14:54:55 Installed Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
08-09-2014 14:55:26 Installed Microsoft Visual F# 2.0 Runtime
08-09-2014 14:56:06 Installed Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
08-09-2014 14:56:24 Installed Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
08-09-2014 14:56:42 Installed Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
08-09-2014 14:57:01 Installed Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
08-09-2014 14:57:21 Installed Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
08-09-2014 14:57:37 Installed Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
11-09-2014 10:17:40 Windows Update
14-09-2014 12:04:01 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {088916CB-D8FD-46D5-8E2D-688A95420FBD} - System32\Tasks\{FE57D835-5B63-4EE2-8BDB-D569D65830BD} => D:\Programme\EA\Dawngate\launcher\Launcher.exe [2014-07-29] (Waystone Games, a division of Electronic Arts Inc.)
Task: {50270728-CB76-4D48-800C-16C92224C35E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {73C7E13A-04CE-4166-8974-FF7302447D7A} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {8ED2B953-92A5-41AD-A42E-491F427AC687} - System32\Tasks\Opera scheduled Autoupdate 1409246306 => C:\Program Files (x86)\Opera\launcher.exe [2014-08-27] (Opera Software)
Task: {BC6B75CE-C214-415A-BFA1-E229EEFB5632} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-07-24 21:20 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-03-30 08:32 - 2009-03-30 08:32 - 00032768 ____R () C:\Windows\DAODx.exe
2014-06-26 20:39 - 2014-06-26 20:39 - 00504832 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 09315328 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00015872 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00115200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2014-05-16 17:57 - 2014-05-16 17:57 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00034304 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-05-16 17:57 - 2014-05-16 17:57 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00189440 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00031744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00159744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00020992 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00029696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00023040 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2014-06-26 20:39 - 2014-06-26 20:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2014-09-14 14:02 - 2014-09-14 14:02 - 01290240 _____ () C:\Users\Maxi\Downloads\zoek.exe
2014-09-02 10:54 - 2014-09-02 10:54 - 01372280 _____ () C:\Program Files (x86)\Opera\24.0.1558.53\opera_crashreporter.exe
2013-06-12 18:11 - 2014-07-25 14:04 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2014-07-25 14:00 - 2014-07-25 14:00 - 03089488 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
2014-07-25 14:05 - 2014-09-12 13:15 - 02454008 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.222\deploy\LoLLauncher.exe
2014-09-10 11:51 - 2014-09-10 11:51 - 04070904 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\LoLPatcher.exe
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-23 22:30 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Maxi\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-02 10:54 - 2014-09-02 10:54 - 01378936 _____ () C:\Program Files (x86)\Opera\24.0.1558.53\libglesv2.dll
2014-09-02 10:54 - 2014-09-02 10:54 - 00182392 _____ () C:\Program Files (x86)\Opera\24.0.1558.53\libegl.dll
2014-09-02 10:54 - 2014-09-02 10:54 - 00974968 _____ () C:\Program Files (x86)\Opera\24.0.1558.53\ffmpegsumo.dll
2014-09-10 12:55 - 2014-09-10 14:07 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
2014-09-10 11:51 - 2014-09-10 11:51 - 01636856 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\RiotLauncher.dll
2014-09-10 11:51 - 2014-09-10 11:51 - 42975744 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\libcef.dll
2014-09-10 11:51 - 2014-09-10 11:51 - 01559552 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\icui18n.dll
2014-09-10 11:51 - 2014-09-10 11:51 - 01241088 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\icuuc.dll
2014-09-10 11:51 - 2014-09-10 11:51 - 04945408 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\v8.dll
2014-09-10 11:51 - 2014-09-10 11:51 - 01712128 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\RiotRadsIO.dll
2014-09-10 11:51 - 2014-09-10 11:51 - 01098752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\libglesv2.dll
2014-09-10 11:51 - 2014-09-10 11:51 - 00133632 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\libegl.dll
2014-09-10 11:51 - 2014-09-10 11:51 - 01025536 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2014 01:37:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 01:24:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 00:27:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 00:15:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 11:01:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 02:20:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 00:59:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 00:52:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/11/2014 08:10:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7e0

Startzeit: 01cfcdeb98d7a63c

Endzeit: 2

Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

Berichts-ID: da7fe754-39de-11e4-a8d8-e3282f07eb88

Error: (09/11/2014 00:15:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/14/2014 01:21:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/14/2014 01:21:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/14/2014 01:21:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/14/2014 01:21:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/14/2014 01:21:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/14/2014 01:21:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "DeviceVM Meta Data Export Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/14/2014 01:21:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/14/2014 01:21:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/14/2014 01:21:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/14/2014 01:21:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (09/14/2014 01:37:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 01:24:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 00:27:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 00:15:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 11:01:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 02:20:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 00:59:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 00:52:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/11/2014 08:10:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rads_user_kernel.exe0.0.0.07e001cfcdeb98d7a63c2C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeda7fe754-39de-11e4-a8d8-e3282f07eb88

Error: (09/11/2014 00:15:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-08-19 14:51:57.375
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-19 14:51:57.374
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-19 14:51:57.373
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-19 14:51:57.345
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-19 14:51:57.339
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-19 14:51:57.328
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-07 22:52:19.843
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-07 22:52:19.843
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-07 22:52:19.843
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-07 22:52:19.827
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 28%
Total physical RAM: 8190.18 MB
Available physical RAM: 5833.06 MB
Total Pagefile: 16378.54 MB
Available Pagefile: 13381.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:488.18 GB) (Free:329.97 GB) NTFS
Drive d: () (Fixed) (Total:908.98 GB) (Free:804.52 GB) NTFS
Drive e: (WIFI_A 3.0) (CDROM) (Total:0.15 GB) (Free:0 GB) CDFS
Drive f: (INTENSO) (Fixed) (Total:931.28 GB) (Free:590.89 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 8FB88701)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=909 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 205239D8)
Partition 1: (Active) - (Size=931.5 GB) - (Type=0C)

==================== End Of Log ============================

FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Maxi (administrator) on MAXI-PC on 14-09-2014 14:07:26
Running from C:\Users\Maxi\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Windows\DAODx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Game Inc.) C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Maxi\Downloads\zoek.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
() C:\Program Files (x86)\Opera\24.0.1558.53\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.222\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.6\deploy\LoLPatcher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe [1805824 2013-10-16] (Game Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2292052161-4210806713-4271464568-1000\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)
HKU\S-1-5-21-2292052161-4210806713-4271464568-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2292052161-4210806713-4271464568-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)
HKU\S-1-5-21-2292052161-4210806713-4271464568-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9FCE9D15F8A7CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Maxi\AppData\Roaming\Mozilla\Firefox\Profiles\fv1gidzz.default
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll ()
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll ()
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Maxi\AppData\Roaming\Mozilla\Firefox\Profiles\fv1gidzz.default\Extensions\abs@avira.com [2014-08-28]
FF Extension: Adblock Plus - C:\Users\Maxi\AppData\Roaming\Mozilla\Firefox\Profiles\fv1gidzz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-25]

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-10-16] (DeviceVM, Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-06] (Disc Soft Ltd)
R3 GameKB; C:\Windows\System32\drivers\GameKB.sys [31232 2013-10-15] ( )
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 14:07 - 2014-09-14 14:07 - 00011306 _____ () C:\Users\Maxi\Desktop\FRST.txt
2014-09-14 14:05 - 2014-09-14 14:05 - 00000000 ____D () C:\Users\Maxi\Desktop\Neuer Ordner
2014-09-14 14:03 - 2014-09-14 14:04 - 00011194 _____ () C:\zoek-results.log
2014-09-14 14:03 - 2014-09-14 14:04 - 00000638 _____ () C:\runcheck.txt
2014-09-14 14:03 - 2014-09-14 14:03 - 00000000 ____D () C:\zoek_backup
2014-09-14 14:02 - 2014-09-14 14:02 - 04256073 _____ () C:\Users\Maxi\Downloads\zoek.rar
2014-09-14 14:02 - 2014-09-14 14:02 - 01290240 _____ () C:\Users\Maxi\Downloads\zoek.exe
2014-09-14 13:57 - 2014-09-14 13:57 - 00001157 _____ () C:\Users\Maxi\Desktop\mbam.txt
2014-09-14 13:46 - 2014-09-14 13:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 13:45 - 2014-09-14 13:45 - 00000731 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-14 13:45 - 2014-09-14 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-14 13:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-14 13:45 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-14 13:45 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-14 13:42 - 2014-09-14 13:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Maxi\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-14 13:33 - 2014-09-14 13:33 - 01373475 _____ () C:\Users\Maxi\Desktop\AdwCleaner_3.310.exe
2014-09-14 12:39 - 2014-09-14 14:07 - 00000000 ____D () C:\FRST
2014-09-14 12:39 - 2014-09-14 12:39 - 00029040 _____ () C:\Users\Maxi\Downloads\Logs.rar
2014-09-14 12:35 - 2014-09-14 12:35 - 02105856 _____ (Farbar) C:\Users\Maxi\Desktop\FRST64.exe
2014-09-13 14:10 - 2014-09-14 12:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-09-12 00:11 - 2014-09-12 02:18 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\TS3Client
2014-09-12 00:11 - 2014-09-12 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-09-12 00:09 - 2014-09-12 00:10 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\Maxi\Downloads\TeamSpeak3-Client-win64-3.0.16.exe
2014-09-12 00:09 - 2014-09-12 00:10 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\Maxi\Downloads\TeamSpeak3-Client-win64-3.0.16 (1).exe
2014-09-11 12:24 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 12:24 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 12:24 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 12:24 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 12:24 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 12:24 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 12:24 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 12:24 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 12:24 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 12:24 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 12:24 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 12:24 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 12:24 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 12:24 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 12:24 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 12:24 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 12:24 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 12:24 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 12:24 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 12:24 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 12:24 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 12:24 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 12:24 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 12:24 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 12:24 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 12:24 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 12:24 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 12:24 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 12:24 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 12:24 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 12:24 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 12:24 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 12:24 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 12:24 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 12:24 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 12:24 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 12:24 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 12:24 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 12:24 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 12:24 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 12:24 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 12:24 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 12:24 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 12:24 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 12:24 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 12:24 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 12:24 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 12:24 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 12:24 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 12:24 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 12:24 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 12:24 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 12:24 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 12:24 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 12:24 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 12:24 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 21:01 - 2014-09-10 21:01 - 05788228 _____ () C:\Users\Maxi\Downloads\Die fantastischen Abenteuer Knofensas [german Fandub].mp4
2014-09-10 14:06 - 2014-09-10 14:07 - 00000000 ____D () C:\Users\Maxi\AppData\Local\Adobe
2014-09-10 12:11 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 12:11 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 12:11 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 12:11 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 12:11 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-09 23:12 - 2014-09-09 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-08 16:47 - 2014-09-08 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2014-09-08 11:58 - 2014-09-08 12:05 - 00000000 ____D () C:\Users\Maxi\Desktop\Prinzessin.Mononoke.[GerJapEngDub][GerEngSub][1080p][Bluray]-Li0N
2014-09-06 00:51 - 2014-09-06 00:51 - 00000000 ____D () C:\Users\Maxi\Documents\Electronic Arts
2014-09-06 00:08 - 2012-12-10 16:21 - 00163376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-09-06 00:08 - 2012-11-26 11:10 - 00221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tabctl32.ocx
2014-09-06 00:08 - 2012-07-06 20:03 - 00617816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2014-09-06 00:08 - 2012-05-02 11:17 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx
2014-09-06 00:08 - 2011-01-12 13:36 - 01054208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71u.dll
2014-09-06 00:08 - 2011-01-12 13:25 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71deu.dll
2014-09-06 00:08 - 2011-01-12 13:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71ita.dll
2014-09-06 00:08 - 2011-01-12 13:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71fra.dll
2014-09-06 00:08 - 2011-01-12 13:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71esp.dll
2014-09-06 00:08 - 2011-01-12 13:25 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71enu.dll
2014-09-06 00:08 - 2011-01-12 13:25 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71kor.dll
2014-09-06 00:08 - 2011-01-12 13:25 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71jpn.dll
2014-09-06 00:08 - 2011-01-12 13:25 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71cht.dll
2014-09-06 00:08 - 2011-01-12 13:25 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71chs.dll
2014-09-06 00:08 - 2011-01-12 13:19 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-09-06 00:08 - 2011-01-12 12:53 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl71.dll
2014-09-06 00:08 - 2010-02-16 14:22 - 00659264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00443488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshflxgd.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00415552 _____ (Microsoft Corporation ) C:\Windows\SysWOW64\comct332.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00278352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdatgrd.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00258880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msflxgrd.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00252240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdatlst.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00222528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dblist32.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00218432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00215880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mci32.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00178512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmask32.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00170080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00136008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinet.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msstdfmt.dll
2014-09-06 00:08 - 2010-02-16 14:22 - 00126800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswinsck.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00119616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomm32.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00107840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msstkprp.dll
2014-09-06 00:08 - 2010-02-16 14:22 - 00100160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\picclp32.ocx
2014-09-06 00:08 - 2010-02-16 14:22 - 00080208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysinfo.ocx
2014-09-06 00:08 - 2007-02-01 22:13 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-09-06 00:08 - 2007-02-01 19:11 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-09-06 00:08 - 2007-01-30 22:04 - 00339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2014-09-06 00:08 - 2006-08-26 00:28 - 01017344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70u.dll
2014-09-06 00:08 - 2006-08-26 00:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70ita.dll
2014-09-06 00:08 - 2006-08-26 00:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70fra.dll
2014-09-06 00:08 - 2006-08-26 00:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70esp.dll
2014-09-06 00:08 - 2006-08-26 00:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70deu.dll
2014-09-06 00:08 - 2006-08-26 00:15 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70enu.dll
2014-09-06 00:08 - 2006-08-26 00:15 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70kor.dll
2014-09-06 00:08 - 2006-08-26 00:15 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70jpn.dll
2014-09-06 00:08 - 2006-08-26 00:15 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70cht.dll
2014-09-06 00:08 - 2006-08-26 00:15 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70chs.dll
2014-09-06 00:08 - 2006-08-26 00:07 - 01024000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70.dll
2014-09-06 00:08 - 2006-08-25 23:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl70.dll
2014-09-06 00:08 - 2006-04-10 13:41 - 01066176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl32.ocx
2014-09-06 00:08 - 2005-01-20 19:25 - 00054784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvci70.dll
2014-09-06 00:08 - 2002-01-05 05:40 - 00487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp70.dll
2014-09-06 00:08 - 2001-08-23 00:00 - 01355776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvbvm50.dll
2014-09-06 00:08 - 1996-01-12 03:00 - 00722192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vb40032.dll
2014-09-06 00:08 - 1993-07-23 19:31 - 00210944 _____ () C:\Windows\SysWOW64\msvcrt10.dll
2014-09-06 00:00 - 2014-09-08 16:50 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-09-05 23:39 - 2014-09-05 23:39 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-05 23:37 - 2014-09-06 00:21 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\Origin
2014-09-05 23:37 - 2014-09-05 23:39 - 00000000 ____D () C:\Users\Maxi\AppData\Local\Origin
2014-09-05 23:32 - 2014-09-09 23:27 - 00000000 ____D () C:\ProgramData\Origin
2014-09-05 23:32 - 2014-09-09 23:27 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-05 23:32 - 2014-09-06 00:51 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-05 23:19 - 2014-09-05 23:22 - 00000000 ____D () C:\Users\Maxi\Desktop\The.SIMS.4 Deluxe.Edition.RePack-WestMore
2014-09-02 10:54 - 2014-09-02 10:54 - 00003850 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1409246306
2014-08-30 15:07 - 2014-08-30 15:07 - 00000000 ____D () C:\Users\Maxi\Documents\Dolphin Emulator
2014-08-30 15:05 - 2014-08-30 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin
2014-08-30 15:05 - 2014-08-30 15:06 - 00000000 ____D () C:\Program Files\Dolphin
2014-08-30 15:05 - 2014-08-30 15:05 - 00000796 _____ () C:\Users\Public\Desktop\Dolphin.lnk
2014-08-28 22:36 - 2014-08-28 22:36 - 00002826 _____ () C:\Users\Maxi\AppData\Local\recently-used.xbel
2014-08-28 22:35 - 2014-08-28 22:35 - 00000000 ____D () C:\Users\Maxi\.thumbnails
2014-08-28 19:18 - 2014-09-02 10:54 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-28 19:18 - 2014-08-28 19:18 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-08-28 19:18 - 2014-08-28 19:18 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\Opera Software
2014-08-28 19:18 - 2014-08-28 19:18 - 00000000 ____D () C:\Users\Maxi\AppData\Local\Opera Software
2014-08-28 15:43 - 2014-08-28 15:43 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-08-28 09:43 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:43 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 09:43 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 21:48 - 2014-08-25 21:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-25 21:48 - 2014-08-25 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-23 22:29 - 2014-09-09 23:13 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-23 22:29 - 2014-08-23 22:29 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\Avira
2014-08-23 22:28 - 2014-09-09 23:12 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-23 22:28 - 2014-08-23 22:30 - 00000000 ____D () C:\ProgramData\Avira
2014-08-23 22:28 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-23 22:28 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-23 22:28 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-15 14:07 - 2014-08-15 14:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 14:07 - 2014-09-14 14:07 - 00011306 _____ () C:\Users\Maxi\Desktop\FRST.txt
2014-09-14 14:07 - 2014-09-14 12:39 - 00000000 ____D () C:\FRST
2014-09-14 14:07 - 2014-07-25 14:00 - 00000000 ____D () C:\Users\Maxi\AppData\Local\PMB Files
2014-09-14 14:05 - 2014-09-14 14:05 - 00000000 ____D () C:\Users\Maxi\Desktop\Neuer Ordner
2014-09-14 14:04 - 2014-09-14 14:03 - 00011194 _____ () C:\zoek-results.log
2014-09-14 14:04 - 2014-09-14 14:03 - 00000638 _____ () C:\runcheck.txt
2014-09-14 14:03 - 2014-09-14 14:03 - 00000000 ____D () C:\zoek_backup
2014-09-14 14:02 - 2014-09-14 14:02 - 04256073 _____ () C:\Users\Maxi\Downloads\zoek.rar
2014-09-14 14:02 - 2014-09-14 14:02 - 01290240 _____ () C:\Users\Maxi\Downloads\zoek.exe
2014-09-14 13:57 - 2014-09-14 13:57 - 00001157 _____ () C:\Users\Maxi\Desktop\mbam.txt
2014-09-14 13:55 - 2014-07-25 13:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-14 13:46 - 2014-09-14 13:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 13:46 - 2014-07-24 21:09 - 00000012 ____H () C:\dvmexp.idx
2014-09-14 13:45 - 2014-09-14 13:45 - 00000731 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-14 13:45 - 2014-09-14 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-14 13:43 - 2014-09-14 13:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Maxi\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-14 13:43 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-14 13:43 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-14 13:39 - 2014-07-24 21:44 - 01123197 _____ () C:\Windows\WindowsUpdate.log
2014-09-14 13:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-14 13:36 - 2009-07-14 06:51 - 00126022 _____ () C:\Windows\setupact.log
2014-09-14 13:35 - 2014-07-26 21:20 - 00000000 ____D () C:\AdwCleaner
2014-09-14 13:35 - 2014-07-24 21:07 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-14 13:35 - 2010-11-21 05:47 - 00228736 _____ () C:\Windows\PFRO.log
2014-09-14 13:33 - 2014-09-14 13:33 - 01373475 _____ () C:\Users\Maxi\Desktop\AdwCleaner_3.310.exe
2014-09-14 13:22 - 2014-07-25 13:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-14 12:49 - 2014-09-13 14:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-09-14 12:39 - 2014-09-14 12:39 - 00029040 _____ () C:\Users\Maxi\Downloads\Logs.rar
2014-09-14 12:35 - 2014-09-14 12:35 - 02105856 _____ (Farbar) C:\Users\Maxi\Desktop\FRST64.exe
2014-09-13 19:46 - 2014-07-25 13:29 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\Skype
2014-09-12 13:25 - 2014-07-25 14:00 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-12 02:18 - 2014-09-12 00:11 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\TS3Client
2014-09-12 00:14 - 2014-07-25 16:41 - 00000000 ____D () C:\Users\Maxi\Desktop\Stuff
2014-09-12 00:14 - 2014-07-25 16:41 - 00000000 ____D () C:\Users\Maxi\Desktop\Games
2014-09-12 00:11 - 2014-09-12 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-09-12 00:10 - 2014-09-12 00:09 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\Maxi\Downloads\TeamSpeak3-Client-win64-3.0.16.exe
2014-09-12 00:10 - 2014-09-12 00:09 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\Maxi\Downloads\TeamSpeak3-Client-win64-3.0.16 (1).exe
2014-09-11 12:25 - 2010-11-21 08:50 - 00696620 _____ () C:\Windows\system32\perfh007.dat
2014-09-11 12:25 - 2010-11-21 08:50 - 00147916 _____ () C:\Windows\system32\perfc007.dat
2014-09-11 12:25 - 2009-07-14 07:13 - 01633540 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 12:23 - 2014-07-24 21:19 - 01589442 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 12:20 - 2014-07-29 10:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 12:19 - 2014-07-29 10:19 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 21:01 - 2014-09-10 21:01 - 05788228 _____ () C:\Users\Maxi\Downloads\Die fantastischen Abenteuer Knofensas [german Fandub].mp4
2014-09-10 14:07 - 2014-09-10 14:06 - 00000000 ____D () C:\Users\Maxi\AppData\Local\Adobe
2014-09-10 14:07 - 2014-07-25 13:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 14:07 - 2014-07-25 13:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 14:07 - 2014-07-25 13:16 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 23:27 - 2014-09-05 23:32 - 00000000 ____D () C:\ProgramData\Origin
2014-09-09 23:27 - 2014-09-05 23:32 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-09 23:13 - 2014-08-23 22:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-09 23:12 - 2014-09-09 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-09 23:12 - 2014-08-23 22:28 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-08 20:11 - 2014-07-26 20:48 - 00000000 ____D () C:\Program Files\JDownloader v2.0
2014-09-08 17:06 - 2014-07-26 22:54 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\vlc
2014-09-08 16:50 - 2014-09-06 00:00 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-09-08 16:47 - 2014-09-08 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2014-09-08 12:05 - 2014-09-08 11:58 - 00000000 ____D () C:\Users\Maxi\Desktop\Prinzessin.Mononoke.[GerJapEngDub][GerEngSub][1080p][Bluray]-Li0N
2014-09-06 00:51 - 2014-09-06 00:51 - 00000000 ____D () C:\Users\Maxi\Documents\Electronic Arts
2014-09-06 00:51 - 2014-09-05 23:32 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-06 00:21 - 2014-09-05 23:37 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\Origin
2014-09-05 23:39 - 2014-09-05 23:39 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-05 23:39 - 2014-09-05 23:37 - 00000000 ____D () C:\Users\Maxi\AppData\Local\Origin
2014-09-05 23:22 - 2014-09-05 23:19 - 00000000 ____D () C:\Users\Maxi\Desktop\The.SIMS.4 Deluxe.Edition.RePack-WestMore
2014-09-03 01:07 - 2014-07-25 13:40 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-02 10:54 - 2014-09-02 10:54 - 00003850 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1409246306
2014-09-02 10:54 - 2014-08-28 19:18 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-30 15:07 - 2014-08-30 15:07 - 00000000 ____D () C:\Users\Maxi\Documents\Dolphin Emulator
2014-08-30 15:06 - 2014-08-30 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin
2014-08-30 15:06 - 2014-08-30 15:05 - 00000000 ____D () C:\Program Files\Dolphin
2014-08-30 15:06 - 2014-07-27 17:07 - 00386703 _____ () C:\Windows\DirectX.log
2014-08-30 15:05 - 2014-08-30 15:05 - 00000796 _____ () C:\Users\Public\Desktop\Dolphin.lnk
2014-08-29 11:18 - 2009-07-14 06:45 - 00266400 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 22:36 - 2014-08-28 22:36 - 00002826 _____ () C:\Users\Maxi\AppData\Local\recently-used.xbel
2014-08-28 22:36 - 2014-07-26 13:29 - 00000000 ____D () C:\Users\Maxi\AppData\Local\gtk-2.0
2014-08-28 22:36 - 2014-07-26 13:26 - 00000000 ____D () C:\Users\Maxi\.gimp-2.8
2014-08-28 22:35 - 2014-08-28 22:35 - 00000000 ____D () C:\Users\Maxi\.thumbnails
2014-08-28 22:35 - 2014-07-24 20:50 - 00000000 ____D () C:\Users\Maxi
2014-08-28 19:18 - 2014-08-28 19:18 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-08-28 19:18 - 2014-08-28 19:18 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\Opera Software
2014-08-28 19:18 - 2014-08-28 19:18 - 00000000 ____D () C:\Users\Maxi\AppData\Local\Opera Software
2014-08-28 15:43 - 2014-08-28 15:43 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-08-25 21:48 - 2014-08-25 21:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-25 21:48 - 2014-08-25 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-25 21:48 - 2014-07-25 13:29 - 00000000 ____D () C:\ProgramData\Skype
2014-08-23 22:30 - 2014-08-23 22:28 - 00000000 ____D () C:\ProgramData\Avira
2014-08-23 22:29 - 2014-08-23 22:29 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\Avira
2014-08-23 04:07 - 2014-08-28 09:43 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 09:43 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 09:43 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 20:05 - 2014-09-11 12:24 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-11 12:24 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 14:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-19 01:01 - 2014-09-11 12:24 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-11 12:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-11 12:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-11 12:24 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-11 12:24 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-11 12:24 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-11 12:24 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-11 12:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-11 12:24 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-11 12:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-11 12:24 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-11 12:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-11 12:24 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-11 12:24 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-11 12:24 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-11 12:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-11 12:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-11 12:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-11 12:24 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-11 12:24 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-11 12:24 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-11 12:24 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-11 12:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-11 12:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-11 12:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-11 12:24 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-11 12:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-11 12:24 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-11 12:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-11 12:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-11 12:24 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-11 12:24 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-11 12:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-11 12:24 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-11 12:24 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-11 12:24 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-11 12:24 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-11 12:24 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-11 12:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-11 12:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-11 12:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-11 12:24 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-11 12:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-11 12:24 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-11 12:24 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-11 12:24 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-11 12:24 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-11 12:24 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-11 12:24 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-11 12:24 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-11 12:24 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-11 12:24 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-11 12:24 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-11 12:24 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 17:22 - 2014-07-30 18:58 - 00000000 ____D () C:\Users\Maxi\AppData\Roaming\.minecraft
2014-08-15 14:07 - 2014-08-15 14:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-08-15 13:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 10:30 - 2014-08-23 22:28 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-15 10:30 - 2014-08-23 22:28 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-15 10:30 - 2014-08-23 22:28 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

Some content of TEMP:
====================
C:\Users\Maxi\AppData\Local\Temp\7za.exe
C:\Users\Maxi\AppData\Local\Temp\avgnt.exe
C:\Users\Maxi\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Maxi\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Maxi\AppData\Local\Temp\hijackthis.exe
C:\Users\Maxi\AppData\Local\Temp\NirCmd.exe
C:\Users\Maxi\AppData\Local\Temp\Nv3DVisionIePlugin64.dll
C:\Users\Maxi\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Maxi\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Maxi\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Maxi\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Maxi\AppData\Local\Temp\nvStInst.exe
C:\Users\Maxi\AppData\Local\Temp\PEVZ.EXE
C:\Users\Maxi\AppData\Local\Temp\proxy_vole1691991367675198375.dll
C:\Users\Maxi\AppData\Local\Temp\Quarantine.exe
C:\Users\Maxi\AppData\Local\Temp\remove.exe
C:\Users\Maxi\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Maxi\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Maxi\AppData\Local\Temp\sed.exe
C:\Users\Maxi\AppData\Local\Temp\swreg.exe
C:\Users\Maxi\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Maxi\AppData\Local\Temp\swxcacls.exe
C:\Users\Maxi\AppData\Local\Temp\wget.exe
C:\Users\Maxi\AppData\Local\Temp\x2blapi.dll
C:\Users\Maxi\AppData\Local\Temp\zoek-delete.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 19:27

==================== End Of Log ============================

--- --- ---

so jetzt sind alle schritte gemacht wars das jetzt? ^^
Ich sag nochmal danke für deine Hilfe ^.^

M-K-D-B · 14.09.2014, 13:21

Hattest bzw. hast du ein Torrent-Programm?
Üblicherweise holt man sich darüber "Farmaster.net" ein.

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

woohoorockz · 14.09.2014, 20:10

Das einzige Programm wo ich verwende um etwas runterzuladen ist jDownloader2.

Fixlog.txt

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Maxi at 2014-09-14 14:25:14 Run:2
Running from C:\Users\Maxi\Desktop\Stuff\Anti Viren Crap
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
EmptyTemp:
end
         
*****************

EmptyTemp: => Removed 1.5 GB temporary data.


The system needed a reboot. 

==== End of Fixlog ====

Eset log

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f90c4e3d03f6b64b815338662dc3d966
# engine=20148
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-14 12:36:05
# local_time=2014-09-14 02:36:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 7449 2606762 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1891911 162328015 0 0
# scanned=677
# found=1
# cleaned=0
# scan_time=47
sh=C3E2EEA43263CC610AA91F562ECE2B1562012BCA ft=1 fh=e62d3c9cdf00b1a7 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxi\AppData\Roaming\OpenCandy\09472658181841CEBBD91BBC316C2272\Installer.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f90c4e3d03f6b64b815338662dc3d966
# engine=20148
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-14 05:30:39
# local_time=2014-09-14 07:30:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 25123 2624436 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1909585 162345689 0 0
# scanned=176831
# found=14
# cleaned=0
# scan_time=17583
sh=C3E2EEA43263CC610AA91F562ECE2B1562012BCA ft=1 fh=e62d3c9cdf00b1a7 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxi\AppData\Roaming\OpenCandy\09472658181841CEBBD91BBC316C2272\Installer.exe.vir"
sh=37DE38598CFC7098B9BF302F914BCE1BA9EC4D97 ft=1 fh=ced1193a90f367db vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
sh=8F32875C50C828F12A5187957A7E6C63C0E97618 ft=1 fh=1d6a4f5c120f3a0c vn="Variante von Win32/Packed.VMProtect.AAA Trojaner" ac=I fn="D:\Programme\Sims 4\The SIMS 4 Deluxe Edition\Game\Bin\3dmgame.dll"
sh=29A25BCF3BEADE8F3EA48031B9BB8261B921B3DA ft=0 fh=0000000000000000 vn="Win32/RiskWare.HackAV.NR Anwendung" ac=I fn="F:\Kaspersky\KW1\med\Kaspersky Trial Reset 2.1.rar"
sh=571291A6E5B6B0FFBD8DA1807FE890E04693C2C9 ft=0 fh=0000000000000000 vn="Variante von Win32/RiskWare.HackAV.JN Anwendung" ac=I fn="F:\Kaspersky\KW1\med\Kaspersky World 1.3.13.17.rar"
sh=29A25BCF3BEADE8F3EA48031B9BB8261B921B3DA ft=0 fh=0000000000000000 vn="Win32/RiskWare.HackAV.NR Anwendung" ac=I fn="F:\Kaspersky\KW2\med\Kaspersky Trial Reset 2.1.rar"
sh=571291A6E5B6B0FFBD8DA1807FE890E04693C2C9 ft=0 fh=0000000000000000 vn="Variante von Win32/RiskWare.HackAV.JN Anwendung" ac=I fn="F:\Kaspersky\KW2\med\Kaspersky World 1.3.13.17.rar"
sh=96B3716753F104057E820823E1230B6309F37C7F ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="F:\MAXI-PC\Backup Set 2014-07-26 204913\Backup Files 2014-07-26 204913\Backup files 1.zip"
sh=6D677B3D0A4FB8D72227CE710B7F9AE5861C281F ft=0 fh=0000000000000000 vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="F:\MAXI-PC\Backup Set 2014-07-26 204913\Backup Files 2014-07-26 204913\Backup files 3.zip"
sh=8BD20A908024CDE32FEBCE37705BFC7BBCD2F649 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="F:\MAXI-PC\Backup Set 2014-07-26 204913\Backup Files 2014-08-03 190000\Backup files 1.zip"
sh=44083B55B69AC207C8101E37AC84535B8F1E26FE ft=0 fh=0000000000000000 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="F:\MAXI-PC\Backup Set 2014-07-26 204913\Backup Files 2014-08-10 190002\Backup files 3.zip"
sh=9E298563BB282560A2AD79E265F9CAF9A8BBC406 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="F:\MAXI-PC\Backup Set 2014-08-18 111001\Backup Files 2014-08-18 111001\Backup files 3.zip"
sh=EE7611D7E3FC6CDF76C49456D1F041B2FFA0C8BA ft=0 fh=0000000000000000 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="F:\MAXI-PC\Backup Set 2014-08-18 111001\Backup Files 2014-08-18 111001\Backup files 5.zip"
sh=EF3FD3534C8D58D7FF6EE00DF95C4E23B0592394 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="F:\MAXI-PC\Backup Set 2014-09-07 224439\Backup Files 2014-09-07 224439\Backup files 3.zip"

Die letzte log kommt gleich.. Eset hat etwas zu lange gedauert ^^

Checkup.txt

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 65  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.152  
 Mozilla Firefox (31.0) 
 Mozilla Thunderbird (31.1.1) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

M-K-D-B · 15.09.2014, 12:38

An deiner Stelle würde ich sämtliche illegale Software entfernen, hier mal ein Anfang:

Zitat:

sh=8F32875C50C828F12A5187957A7E6C63C0E97618 ft=1 fh=1d6a4f5c120f3a0c vn="Variante von Win32/Packed.VMProtect.AAA Trojaner" ac=I fn="D:\Programme\Sims 4\The SIMS 4 Deluxe Edition\Game\Bin\3dmgame.dll"
sh=29A25BCF3BEADE8F3EA48031B9BB8261B921B3DA ft=0 fh=0000000000000000 vn="Win32/RiskWare.HackAV.NR Anwendung" ac=I fn="F:\Kaspersky\KW1\med\Kaspersky Trial Reset 2.1.rar"
sh=571291A6E5B6B0FFBD8DA1807FE890E04693C2C9 ft=0 fh=0000000000000000 vn="Variante von Win32/RiskWare.HackAV.JN Anwendung" ac=I fn="F:\Kaspersky\KW1\med\Kaspersky World 1.3.13.17.rar"
sh=29A25BCF3BEADE8F3EA48031B9BB8261B921B3DA ft=0 fh=0000000000000000 vn="Win32/RiskWare.HackAV.NR Anwendung" ac=I fn="F:\Kaspersky\KW2\med\Kaspersky Trial Reset 2.1.rar"
sh=571291A6E5B6B0FFBD8DA1807FE890E04693C2C9 ft=0 fh=0000000000000000 vn="Variante von Win32/RiskWare.HackAV.JN Anwendung" ac=I fn="F:\Kaspersky\KW2\med\Kaspersky World 1.3.13.17.rar"

Diese Dateien von deiner externen Festplatte in naher Zukunft löschen:

Zitat:

sh=96B3716753F104057E820823E1230B6309F37C7F ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="F:\MAXI-PC\Backup Set 2014-07-26 204913\Backup Files 2014-07-26 204913\Backup files 1.zip"
sh=6D677B3D0A4FB8D72227CE710B7F9AE5861C281F ft=0 fh=0000000000000000 vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="F:\MAXI-PC\Backup Set 2014-07-26 204913\Backup Files 2014-07-26 204913\Backup files 3.zip"
sh=8BD20A908024CDE32FEBCE37705BFC7BBCD2F649 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="F:\MAXI-PC\Backup Set 2014-07-26 204913\Backup Files 2014-08-03 190000\Backup files 1.zip"
sh=44083B55B69AC207C8101E37AC84535B8F1E26FE ft=0 fh=0000000000000000 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="F:\MAXI-PC\Backup Set 2014-07-26 204913\Backup Files 2014-08-10 190002\Backup files 3.zip"
sh=9E298563BB282560A2AD79E265F9CAF9A8BBC406 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="F:\MAXI-PC\Backup Set 2014-08-18 111001\Backup Files 2014-08-18 111001\Backup files 3.zip"
sh=EE7611D7E3FC6CDF76C49456D1F041B2FFA0C8BA ft=0 fh=0000000000000000 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="F:\MAXI-PC\Backup Set 2014-08-18 111001\Backup Files 2014-08-18 111001\Backup files 5.zip"
sh=EF3FD3534C8D58D7FF6EE00DF95C4E23B0592394 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="F:\MAXI-PC\Backup Set 2014-09-07 224439\Backup Files 2014-09-07 224439\Backup files 3.zip"

Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Ändere regelmäßig alle deine Passwörter, jetzt nach der Bereinigung ist ein idealer Zeitpunkt dafür!

Verwende für jede Anwendung und jeden Account ein anderes Passwort.
Ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist das sehr wichtig.
Speichere keine Passwörter auf deinem PC, gib diese nicht an Dritte weiter.
Ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen.
Benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster.
Verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name) haben.

Schritt 1
Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren.
Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren.
Deinstalliere die folgenden Programme von deinem Rechner:

Java 7 Update 65

Starte deinen Rechner nach der Deinstallation neu auf.
Downloade und installiere dir bitte nun:

Java 8 Update 20

Starte deinen Rechner nach der Installation neu auf.

Schritt 2
Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Schritt 3
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti-Viren-Programm und zusätzlicher Schutz

Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
AdwCleaner
Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwünschten Programmen (PUPs).
Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
SpywareBlaster
Eine kurze Einführung findest du Hier

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox

Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
Es spart außerdem Downloadkapazität.

Performance

Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
Miekemoes Blogspot ( MVP )

Was du vermeiden solltest:

Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!

Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

woohoorockz · 16.09.2014, 21:44

Passt alles ich danke dir

D

M-K-D-B · 17.09.2014, 14:48

Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.