Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 8.0 : Windows öffnet cmd-Fenster und Farmaster in Nightly (Firefox)

Windows 8.0 : Windows öffnet cmd-Fenster und Farmaster in Nightly (Firefox)


Log-Analyse und Auswertung: Windows 8.0 : Windows öffnet cmd-Fenster und Farmaster in Nightly (Firefox)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 18.09.2014, 22:10   #1
Aislin
 
Windows 8.0 : Windows öffnet cmd-Fenster und Farmaster in Nightly (Firefox) - Standard

Windows 8.0 : Windows öffnet cmd-Fenster und Farmaster in Nightly (Firefox)


Hallo liebes Trojaner Team,

seit einigen Tagen habe ich das Problem, dass bei jedem Start vom PC direkt für den Bruchteil einer Sekunde ein cmd-fenster erscheint und hinterher direkt Farmaster (russische Pornoseite) in Nightly (Firefox) geöffnet wird.
Genau wie bei einigen anderen von denen ich schon hier im Forum gelesen habe.

Ich kann nicht sagen was der Ursprung dafür sein könnte.

Hier sind sämtliche Logs die ich laut "Für alle Hilfesuchenden" vorweg durchführen sollte.

defogger_diable.log:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:22 on 18/09/2014 (Nils)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-

FRST.txt:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Nils (administrator) on ANDRAS on 18-09-2014 22:25:24
Running from C:\Users\Nils\Desktop
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
() C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
(Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
() C:\Program Files (x86)\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe
() C:\Program Files (x86)\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
() E:\JD-Downloads\Shakes & Fidget Bot\sfBot.exe
(Mozilla Corporation) C:\Program Files\Nightly\plugin-container.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [CheckNDISPortF0acA7] => C:\Program Files (x86)\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe [419072 2013-05-10] ()
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe [446720 2013-05-10] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CMD] => cmd.exe /k if %date:~6,4%%date:~3,2%%date:~0,2% LEQ 20140911 (exit) else (start hxxp://farmaster.net/ && exit)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKU\S-1-5-21-2171337075-1393702317-1490181782-1001\...\Run: [OscarEditor] => C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe [3333632 2012-08-16] ()
HKU\S-1-5-21-2171337075-1393702317-1490181782-1001\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-21-2171337075-1393702317-1490181782-1001\...\MountPoints2: {4db164f3-face-11e3-bef8-e0cb4eff9bca} - "H:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-2171337075-1393702317-1490181782-1001\...\MountPoints2: {5886f06b-6022-11e2-be68-e0cb4eff9bca} - "G:\YDKJAutorun.exe" 
HKU\S-1-5-21-2171337075-1393702317-1490181782-1001\...\MountPoints2: {7e6fd4d3-3ba3-11e4-bf02-e0cb4eff9bca} - "H:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-2171337075-1393702317-1490181782-1001\...\MountPoints2: {8645b980-7622-11e3-beda-e0cb4eff9bca} - "H:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-2171337075-1393702317-1490181782-1001\...\MountPoints2: {8645b98f-7622-11e3-beda-e0cb4eff9bca} - "H:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-2171337075-1393702317-1490181782-1001\...\MountPoints2: {9660248d-9b2e-11e3-bee4-e0cb4eff9bca} - "H:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-2171337075-1393702317-1490181782-1001\...\MountPoints2: {ba846c51-2f73-11e4-beff-e0cb4eff9bca} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL H:\index.html
HKU\S-1-5-21-2171337075-1393702317-1490181782-1001\...\MountPoints2: {d68fe42c-409c-11e3-becb-e0cb4eff9bca} - "H:\AutoRun.exe" 
HKU\S-1-5-21-2171337075-1393702317-1490181782-1001\...\MountPoints2: {d68fea87-409c-11e3-becb-e0cb4eff9bca} - "I:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-2171337075-1393702317-1490181782-1001\...\MountPoints2: {d68feaa7-409c-11e3-becb-e0cb4eff9bca} - "I:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-2171337075-1393702317-1490181782-1001\...\MountPoints2: {d68feb02-409c-11e3-becb-e0cb4eff9bca} - "H:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-2171337075-1393702317-1490181782-1001\...\MountPoints2: {e7ebce3b-47f1-11e3-bece-344b50b7ef8c} - "H:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-2171337075-1393702317-1490181782-1001\...\MountPoints2: {ffdd936b-9594-11e2-be85-e0cb4eff9bca} - "G:\Autorun.exe" 
Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Scrobbler.exe - Verknüpfung.lnk
ShortcutTarget: Last.fm Scrobbler.exe - Verknüpfung.lnk -> C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe (Last.fm)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x41FEB7DE2AF4CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={7F6E1A48-981E-45C1-8F33-2EE40F90B95C}&mid=1ea5eadd570c47d09dd23182081b7239-d25ebc04efb3ba7179f17f9bc7b28afad7a6ba79&lang=de&ds=tc011&pr=sa&d=&v=&sap=dsp&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\kou7w5w4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF SearchPlugin: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\kou7w5w4.default\searchplugins\amazon-search-suggestions.xml
FF SearchPlugin: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\kou7w5w4.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\kou7w5w4.default\searchplugins\leo-ger-eng.xml
FF SearchPlugin: C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\kou7w5w4.default\searchplugins\youtube-video-search.xml
FF Extension: FoxyProxy Standard - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\kou7w5w4.default\Extensions\foxyproxy@eric.h.jung [2014-07-15]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\kou7w5w4.default\Extensions\ich@maltegoetz.de [2013-12-12]
FF Extension: Session Manager - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\kou7w5w4.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-01-18]
FF Extension: Adblock Plus - C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\kou7w5w4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-16]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-01-26] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [128000 2014-09-06] (Mozilla Foundation) [File not signed]
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-09] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2013-01-20] ()
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-03-31] (DT Soft Ltd)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 vdrive; \SystemRoot\system32\DRIVERS\vdrive.sys [X]
S3 ZTEusbmdm6k; \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 22:25 - 2014-09-18 22:25 - 00015392 _____ () C:\Users\Nils\Desktop\FRST.txt
2014-09-18 22:25 - 2014-09-18 22:25 - 00000000 ____D () C:\FRST
2014-09-18 22:23 - 2014-09-18 22:23 - 02105856 _____ (Farbar) C:\Users\Nils\Desktop\FRST64.exe
2014-09-18 22:22 - 2014-09-18 22:22 - 00000540 _____ () C:\Users\Nils\Desktop\defogger_disable.log
2014-09-18 22:22 - 2014-09-18 22:22 - 00000168 _____ () C:\Users\Nils\defogger_reenable
2014-09-18 22:20 - 2014-09-18 22:20 - 00050477 _____ () C:\Users\Nils\Desktop\Defogger.exe
2014-09-16 13:19 - 2014-09-16 13:22 - 00000000 ____D () C:\Users\Nils\Desktop\Schnurrr
2014-09-14 20:49 - 2014-09-14 21:18 - 00000341 _____ () C:\Users\Nils\Desktop\Mono G Ramp Deck.txt
2014-09-14 19:58 - 2014-09-14 20:10 - 00000223 _____ () C:\Users\Nils\Desktop\Pox Deck.txt
2014-09-14 19:32 - 2014-09-14 19:38 - 00000321 _____ () C:\Users\Nils\Desktop\Raffinity Deck.txt
2014-09-14 19:07 - 2014-09-14 19:26 - 00000243 _____ () C:\Users\Nils\Desktop\Zombie Deck.txt
2014-09-13 14:22 - 2014-09-13 14:22 - 00009964 _____ () C:\WINDOWS\PFRO.log
2014-09-11 23:48 - 2014-09-12 23:57 - 00000475 _____ () C:\Users\Nils\Desktop\Magic Liste.txt
2014-09-11 22:57 - 2014-09-16 23:46 - 00000278 _____ () C:\Users\Nils\Desktop\Magic Liste - Proxen.txt
2014-09-11 19:27 - 2014-09-11 19:33 - 02266328 _____ () C:\Users\Nils\Desktop\sc0000.bmp
2014-09-11 19:19 - 2014-08-16 11:34 - 01407488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-11 19:19 - 2014-08-16 11:34 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-11 19:19 - 2014-08-16 11:33 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-11 19:19 - 2014-08-16 11:33 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-11 19:19 - 2014-08-16 11:32 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-11 19:19 - 2014-08-16 11:32 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-11 19:19 - 2014-08-16 11:32 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-09-11 19:19 - 2014-08-16 11:32 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-11 19:19 - 2014-08-16 11:32 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-11 19:19 - 2014-08-16 09:37 - 01180672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-11 19:19 - 2014-08-16 09:36 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-11 19:19 - 2014-08-16 09:36 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-09-11 19:19 - 2014-08-16 09:36 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-11 19:19 - 2014-08-16 09:36 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-11 19:19 - 2014-08-16 09:36 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-11 19:19 - 2014-08-16 09:36 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-11 19:19 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-11 19:19 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-11 19:19 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-11 19:19 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-11 19:19 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-11 19:19 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-09-11 19:19 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-11 19:19 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-11 19:19 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-09-11 19:19 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-11 19:19 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-11 19:19 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-11 19:18 - 2014-08-16 11:34 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-11 19:18 - 2014-08-16 11:34 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-09-11 19:18 - 2014-08-16 11:33 - 19280384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-11 19:18 - 2014-08-16 11:32 - 15399424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-11 19:18 - 2014-08-16 11:32 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-11 19:18 - 2014-08-16 11:32 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-11 19:18 - 2014-08-16 09:37 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-11 19:18 - 2014-08-16 09:36 - 14369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-11 19:18 - 2014-08-16 09:36 - 13757440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-11 19:18 - 2014-08-16 09:36 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-11 19:18 - 2014-08-16 09:36 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-11 19:18 - 2014-08-16 09:35 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-11 19:18 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-11 19:18 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-11 19:18 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-09-11 00:13 - 2014-08-28 13:34 - 00059400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-11 00:13 - 2014-08-28 08:05 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-11 00:13 - 2014-08-28 08:05 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-09-11 00:13 - 2014-08-28 08:05 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-11 00:13 - 2014-08-28 08:05 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-09-11 00:13 - 2014-08-28 08:02 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-09-11 00:13 - 2014-08-28 08:01 - 03285504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-11 00:13 - 2014-08-28 08:01 - 01623552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-11 00:13 - 2014-08-28 08:01 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-11 00:13 - 2014-08-28 08:01 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-11 00:13 - 2014-08-28 08:01 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-09-11 00:13 - 2014-08-28 08:01 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-09-11 00:13 - 2014-08-28 08:01 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-11 00:13 - 2014-08-28 08:01 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-09-11 00:13 - 2014-08-01 01:40 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-11 00:13 - 2014-07-24 05:33 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-11 00:13 - 2014-07-24 05:33 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-11 00:13 - 2014-06-05 03:12 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2014-09-11 00:13 - 2014-06-04 01:12 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2014-09-07 15:30 - 2014-09-07 15:30 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-07 15:30 - 2014-09-07 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-07 15:30 - 2014-09-07 15:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-07 15:30 - 2014-09-07 15:30 - 00000000 ____D () C:\Program Files\iTunes
2014-09-07 15:30 - 2014-09-07 15:30 - 00000000 ____D () C:\Program Files\iPod
2014-09-07 15:30 - 2014-09-07 15:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-07 15:26 - 2014-09-16 13:19 - 00003738 _____ () C:\WINDOWS\setupact.log
2014-09-07 15:26 - 2014-09-07 15:26 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-09-05 00:11 - 2014-09-05 21:39 - 00000000 ____D () C:\ProgramData\Origin
2014-09-05 00:11 - 2014-09-05 21:29 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Origin
2014-08-31 15:58 - 2014-08-31 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2014-08-31 15:58 - 2014-08-31 15:58 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories
2014-08-31 13:08 - 2014-09-06 13:25 - 00000000 ____D () C:\Program Files\Nightly
2014-08-29 15:56 - 2014-07-02 19:44 - 00609240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2014-08-27 22:22 - 2014-08-23 08:47 - 04036096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-27 22:22 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-27 22:22 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-26 18:23 - 2014-08-26 18:23 - 234028650 _____ () C:\Users\Nils\Desktop\IMG_1433.psd
2014-08-26 18:21 - 2014-08-26 18:21 - 274261050 _____ () C:\Users\Nils\Desktop\IMG_m.psd
2014-08-25 23:00 - 2014-08-25 23:11 - 00000225 _____ () C:\Users\Nils\Desktop\JDownloads.txt
2014-08-23 12:42 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-08-23 12:41 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-23 12:41 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-23 12:28 - 2014-08-26 17:24 - 00000000 ____D () C:\Users\Nils\AppData\Local\Adobe
2014-08-23 02:59 - 2014-08-23 02:59 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-23 02:02 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-23 02:02 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2014-08-23 02:02 - 2014-06-05 19:56 - 00112984 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-23 02:02 - 2014-06-05 19:30 - 10116608 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-08-23 02:02 - 2014-06-05 19:29 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-23 02:02 - 2014-06-05 19:29 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-23 02:02 - 2014-06-05 19:28 - 02306560 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-23 02:02 - 2014-06-05 19:28 - 02146304 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-23 02:02 - 2014-06-05 15:12 - 08857600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-08-23 02:02 - 2014-06-05 15:11 - 02416128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-23 02:02 - 2014-06-05 15:11 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-23 02:02 - 2014-06-05 15:10 - 02037760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-23 02:02 - 2014-06-05 15:10 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-23 02:01 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-23 02:01 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-23 02:01 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2014-08-23 02:01 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 22:25 - 2014-09-18 22:25 - 00015392 _____ () C:\Users\Nils\Desktop\FRST.txt
2014-09-18 22:25 - 2014-09-18 22:25 - 00000000 ____D () C:\FRST
2014-09-18 22:23 - 2014-09-18 22:23 - 02105856 _____ (Farbar) C:\Users\Nils\Desktop\FRST64.exe
2014-09-18 22:22 - 2014-09-18 22:22 - 00000540 _____ () C:\Users\Nils\Desktop\defogger_disable.log
2014-09-18 22:22 - 2014-09-18 22:22 - 00000168 _____ () C:\Users\Nils\defogger_reenable
2014-09-18 22:22 - 2013-01-16 22:44 - 00000000 ____D () C:\Users\Nils
2014-09-18 22:20 - 2014-09-18 22:20 - 00050477 _____ () C:\Users\Nils\Desktop\Defogger.exe
2014-09-18 22:13 - 2014-01-05 17:29 - 01840361 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-18 22:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-16 23:46 - 2014-09-11 22:57 - 00000278 _____ () C:\Users\Nils\Desktop\Magic Liste - Proxen.txt
2014-09-16 17:01 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-09-16 16:46 - 2013-01-20 15:56 - 00000000 ____D () C:\Users\Nils\AppData\Local\Last.fm
2014-09-16 13:22 - 2014-09-16 13:19 - 00000000 ____D () C:\Users\Nils\Desktop\Schnurrr
2014-09-16 13:19 - 2014-09-07 15:26 - 00003738 _____ () C:\WINDOWS\setupact.log
2014-09-15 22:02 - 2013-01-16 23:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-15 00:01 - 2012-07-26 12:27 - 00751892 _____ () C:\WINDOWS\system32\perfh007.dat
2014-09-15 00:01 - 2012-07-26 12:27 - 00155620 _____ () C:\WINDOWS\system32\perfc007.dat
2014-09-15 00:01 - 2012-07-26 09:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-14 21:18 - 2014-09-14 20:49 - 00000341 _____ () C:\Users\Nils\Desktop\Mono G Ramp Deck.txt
2014-09-14 20:10 - 2014-09-14 19:58 - 00000223 _____ () C:\Users\Nils\Desktop\Pox Deck.txt
2014-09-14 19:38 - 2014-09-14 19:32 - 00000321 _____ () C:\Users\Nils\Desktop\Raffinity Deck.txt
2014-09-14 19:26 - 2014-09-14 19:07 - 00000243 _____ () C:\Users\Nils\Desktop\Zombie Deck.txt
2014-09-14 02:10 - 2013-01-16 23:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-14 02:10 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-14 01:58 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-13 14:22 - 2014-09-13 14:22 - 00009964 _____ () C:\WINDOWS\PFRO.log
2014-09-13 14:22 - 2014-06-24 20:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-13 03:18 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-09-13 01:12 - 2013-01-17 00:37 - 00000000 ____D () C:\Users\Nils\Documents\My Games
2014-09-13 00:09 - 2013-01-17 00:53 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-09-12 23:57 - 2014-09-11 23:48 - 00000475 _____ () C:\Users\Nils\Desktop\Magic Liste.txt
2014-09-12 16:13 - 2013-08-19 01:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-12 16:03 - 2013-01-18 00:44 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-11 19:33 - 2014-09-11 19:27 - 02266328 _____ () C:\Users\Nils\Desktop\sc0000.bmp
2014-09-11 19:21 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-07 15:30 - 2014-09-07 15:30 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-07 15:30 - 2014-09-07 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-07 15:30 - 2014-09-07 15:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-07 15:30 - 2014-09-07 15:30 - 00000000 ____D () C:\Program Files\iTunes
2014-09-07 15:30 - 2014-09-07 15:30 - 00000000 ____D () C:\Program Files\iPod
2014-09-07 15:30 - 2014-09-07 15:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-07 15:29 - 2013-01-17 01:02 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Media Player Classic
2014-09-07 15:27 - 2014-05-12 01:15 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Apple Computer
2014-09-07 15:26 - 2014-09-07 15:26 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-09-06 13:25 - 2014-08-31 13:08 - 00000000 ____D () C:\Program Files\Nightly
2014-09-05 21:48 - 2013-01-30 18:35 - 00000000 ____D () C:\WINDOWS\Minidump
2014-09-05 21:48 - 2013-01-16 23:26 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\DAEMON Tools Lite
2014-09-05 21:39 - 2014-09-05 00:11 - 00000000 ____D () C:\ProgramData\Origin
2014-09-05 21:29 - 2014-09-05 00:11 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Origin
2014-09-05 00:25 - 2013-01-21 21:07 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-03 20:58 - 2013-01-16 22:50 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2171337075-1393702317-1490181782-1001
2014-09-02 21:32 - 2012-07-26 10:14 - 00705480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-02 21:32 - 2012-07-26 10:14 - 00104904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-01 20:46 - 2013-12-15 21:21 - 00000000 ____D () C:\Users\Nils\AppData\Local\Battle.net
2014-08-31 18:26 - 2013-03-17 13:36 - 00004968 _____ () C:\Users\Nils\Documents\TombRaider.log
2014-08-31 15:58 - 2014-08-31 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2014-08-31 15:58 - 2014-08-31 15:58 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories
2014-08-31 13:32 - 2013-01-16 23:24 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-31 13:08 - 2013-01-16 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-08-29 15:56 - 2013-11-01 18:16 - 00000000 ____D () C:\Temp
2014-08-29 15:56 - 2013-01-16 23:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-08-29 13:58 - 2014-07-22 16:46 - 04917360 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-28 13:34 - 2014-09-11 00:13 - 00059400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-08-28 08:05 - 2014-09-11 00:13 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-08-28 08:05 - 2014-09-11 00:13 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-08-28 08:05 - 2014-09-11 00:13 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-08-28 08:05 - 2014-09-11 00:13 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-08-28 08:02 - 2014-09-11 00:13 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-08-28 08:01 - 2014-09-11 00:13 - 03285504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-08-28 08:01 - 2014-09-11 00:13 - 01623552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-08-28 08:01 - 2014-09-11 00:13 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-08-28 08:01 - 2014-09-11 00:13 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-08-28 08:01 - 2014-09-11 00:13 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-08-28 08:01 - 2014-09-11 00:13 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-08-28 08:01 - 2014-09-11 00:13 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-08-28 08:01 - 2014-09-11 00:13 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-08-26 18:23 - 2014-08-26 18:23 - 234028650 _____ () C:\Users\Nils\Desktop\IMG_1433.psd
2014-08-26 18:21 - 2014-08-26 18:21 - 274261050 _____ () C:\Users\Nils\Desktop\IMG_m.psd
2014-08-26 17:24 - 2014-08-23 12:28 - 00000000 ____D () C:\Users\Nils\AppData\Local\Adobe
2014-08-25 23:11 - 2014-08-25 23:00 - 00000225 _____ () C:\Users\Nils\Desktop\JDownloads.txt
2014-08-24 23:42 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-24 23:42 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-24 02:41 - 2014-07-27 04:53 - 00001080 _____ () C:\WINDOWS\system32\settingsbkup.sfm
2014-08-24 02:41 - 2014-07-27 04:53 - 00001080 _____ () C:\WINDOWS\system32\settings.sfm
2014-08-24 02:35 - 2014-02-09 15:42 - 00000000 ____D () C:\Users\Nils\AppData\Roaming\Skype
2014-08-23 08:47 - 2014-08-27 22:22 - 04036096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-23 02:59 - 2014-08-23 02:59 - 00000000 ____D () C:\ProgramData\McAfee

Some content of TEMP:
====================
C:\Users\Nils\AppData\Local\Temp\EAInstall.dll
C:\Users\Nils\AppData\Local\Temp\eauninstall.exe
C:\Users\Nils\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Nils\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe
C:\Users\Nils\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 15:30

==================== End Of Log ============================
--- --- ---



Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Nils at 2014-09-18 22:25:46
Running from C:\Users\Nils\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Alice: Madness Returns (HKLM-x32\...\Alice: Madness Returns_is1) (Version:  - )
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dawn of War - Dark Crusade (HKLM-x32\...\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}) (Version: 1.00.0000 - THQ)
Dawn of War - Soulstorm (HKLM-x32\...\{20533183-D42D-4261-A125-956736FBEA8C}) (Version: 1.00.0000 - THQ)
Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ) Hidden
Dawn Of War - Winter Assault (HKLM-x32\...\{DD8408E9-9421-484F-979D-DB6361E3E828}) (Version: 1.4 - THQ)
Dawn Of War (HKLM-x32\...\{83F12F73-D52E-40C0-93B1-463C311C4E17}) (Version: 1.40 - THQ)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version:  - Blizzard Entertainment)
Dishonored Die Maske des Zorns Game of the Year Edition MULTI-2 1.0 (HKLM-x32\...\Dishonored Die Maske des Zorns Game of the Year Edition MULTI-2 1.0) (Version:  - )
DmC Devil May Cry Incl. All DLCs MULTI-5 1.04 (HKLM-x32\...\DmC Devil May Cry Incl. All DLCs MULTI-5 1.04) (Version:  - )
Don't Starve version 13.06.2014 (HKLM-x32\...\Don't Starve_is1) (Version: 13.06.2014 - Klei Entertainment)
Dungeon Siege III (HKLM-x32\...\Dungeon Siege III_is1) (Version:  - )
Fable III (HKLM-x32\...\GFWL_{4D53090A-9B45-437B-A66A-831000008300}) (Version: 1.0.0000.131 - Microsoft Game Studios)
Fable III (x32 Version: 1.0.0000.131 - Microsoft Game Studios) Hidden
Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.1.618 - Foxit Corporation)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.14) (Version: 9.14 - Artifex Software Inc.)
Gtk# for .Net 2.12.10 (HKLM-x32\...\{04AE3BBC-ABFF-42CC-9F90-5B35D229328A}) (Version: 2.12.10 - Xamarin, Inc.)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417011FF}) (Version: 7.0.110 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Magic The Gathering - Duels of the Planeswalkers 2013 (HKLM-x32\...\Magic The Gathering - Duels of the Planeswalkers 2013_is1) (Version:  - )
Magicka (HKLM-x32\...\Magicka_is1) (Version:  - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Might & Magic Heroes VI - Shades of Darkness (HKLM-x32\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 2.1.0 - Ubisoft)
Minion (HKCU\...\{Minion}}_is1) (Version: 2.0 - ZAM Network LLC)
Morrowind (HKLM-x32\...\{81935798-5D0C-4892-832E-630E6CC07EAF}) (Version:  - )
Mouse Editor (HKLM-x32\...\InstallShield_{3A4218DE-B9DB-4AD5-9DB2-5853D3AA0335}) (Version: 12.08.0006 - Ihr Firmenname)
MOUSE Editor (x32 Version: 12.08.0006 - Ihr Firmenname) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0a1 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.50.3 - Black Tree Gaming)
Nightly 35.0a1 (x64 en-US) (HKLM\...\Nightly 35.0a1 (x64 en-US)) (Version: 35.0a1 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.160.1244 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.36 (Version: 15.3.36 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.36 (Version: 15.3.36 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.36 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Outlast (HKLM-x32\...\Outlast_is1) (Version:  - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
South Park Der Stab der Wahrheit Incl. Ultimate Fellowship Pack MULTI-2 1.00 (HKLM-x32\...\South Park Der Stab der Wahrheit Incl. Ultimate Fellowship Pack MULTI-2 1.00) (Version:  - )
South Park Der Stab der Wahrheit Update 4 Incl. DLCs MULTI-2 1.00 (HKLM-x32\...\South Park Der Stab der Wahrheit Update 4 Incl. DLCs MULTI-2 1.00) (Version:  - )
Super Meat Boy v1.5 (HKLM-x32\...\Super Meat Boy v1.5_is1) (Version:  - Team Meat)
TES Construction Set (HKLM-x32\...\{8245C111-D83F-4C66-BBC6-2424F6116944}) (Version:  - )
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Elder Scrolls V Hearthfire DLC Englische Version 1.00 (HKLM-x32\...\The Elder Scrolls V Hearthfire DLC Englische Version 1.00) (Version:  - )
The Elder Scrolls V Skyrim Dragonborn (c) Bethesda Softworks version 1 (HKLM-x32\...\The Elder Scrolls V Skyrim Dragonborn (c) Bethes~300CD4A2_is1) (Version: 1 - )
The Stanley Parable (HKLM-x32\...\The Stanley Parable_is1) (Version:  - )
Thief Master Thief Edition MULTI-2 1.01 (HKLM-x32\...\Thief Master Thief Edition MULTI-2 1.01) (Version:  - )
Tombraider (HKLM-x32\...\Tombraider_is1) (Version:  - )
Vampire - The Masquerade Bloodlines (HKLM-x32\...\InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}) (Version: 1.00.0000 - Activision)
Vampire - The Masquerade Bloodlines (x32 Version: 1.00.0000 - Activision) Hidden
Visual C++ 2008 Runtime (x64) (x32 Version: 1.0.1 - Highresolution Enterprises) Hidden
Watch Dogs Digital Deluxe Edition Multi2 1.0 (HKLM-x32\...\Watch Dogs Digital Deluxe Edition Multi2 1.0) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

31-08-2014 13:58:13 DirectX wurde installiert
08-09-2014 18:51:17 Geplanter Prüfpunkt
12-09-2014 14:03:21 Windows Update
15-09-2014 20:02:17 Removed Ubisoft Game Launcher

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {7DD4B124-5059-44B2-98CC-413194B41466} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {8E820C7F-C125-47DC-9C6E-11F90AD2756E} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E133AD74-5D4A-4DAB-B02C-C2ABFAE9C71D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-12] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

==================== Loaded Modules (whitelisted) =============

2012-12-07 19:27 - 2012-12-07 19:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-01-20 03:16 - 2013-01-20 03:16 - 00075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2013-01-16 23:11 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-08-16 06:11 - 2012-08-16 06:11 - 03333632 _____ () C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
2013-10-31 22:56 - 2013-05-10 13:03 - 00419072 _____ () C:\Program Files (x86)\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe
2013-10-31 22:56 - 2013-05-10 13:03 - 00446720 _____ () C:\Program Files (x86)\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe
2014-08-31 13:08 - 2014-09-06 13:25 - 05215232 _____ () C:\Program Files\Nightly\mozjs.dll
2014-05-24 17:39 - 2011-07-21 12:44 - 20237824 _____ () E:\JD-Downloads\Shakes & Fidget Bot\sfBot.exe
2014-08-23 02:59 - 2014-08-23 02:59 - 23235248 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-12-02 12:56 - 2010-12-02 12:56 - 00815104 _____ () C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll
2011-01-09 15:45 - 2011-01-09 15:45 - 00088064 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_MouseDeviceManager.dll
2012-06-14 10:59 - 2012-06-14 10:59 - 02414080 _____ () C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll
2012-05-17 06:17 - 2012-05-17 06:17 - 01000448 _____ () C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
2010-09-20 09:18 - 2010-09-20 09:18 - 00085504 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ZoomControl.dll
2010-09-20 09:18 - 2010-09-20 09:18 - 00054272 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ScrollbarControl.dll
2011-04-12 10:14 - 2011-04-12 10:14 - 00063488 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInRight.dll
2010-11-01 15:16 - 2010-11-01 15:16 - 00062976 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInOne.dll
2012-04-27 06:40 - 2012-04-27 06:40 - 00118272 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_Wheel4D.dll
2013-01-20 15:56 - 2013-09-03 15:01 - 00736768 _____ () C:\Program Files (x86)\Last.fm\unicorn.dll
2013-01-20 15:56 - 2013-09-03 15:01 - 00126976 _____ () C:\Program Files (x86)\Last.fm\listener.dll
2013-01-20 15:56 - 2013-09-03 15:01 - 00032768 _____ () C:\Program Files (x86)\Last.fm\logger.dll
2013-01-20 15:56 - 2013-09-03 11:54 - 00351232 _____ () C:\Program Files (x86)\Last.fm\lastfm.dll
2013-01-20 15:56 - 2013-01-18 13:39 - 00302592 _____ () C:\Program Files (x86)\Last.fm\phonon.dll
2013-11-08 01:12 - 2013-01-18 13:49 - 00182784 _____ () C:\Program Files (x86)\Last.fm\plugins\phonon_backend\phonon_vlc.dll
2013-01-20 15:56 - 2012-12-13 02:12 - 00111104 _____ () C:\Program Files (x86)\Last.fm\libvlc.dll
2013-01-20 15:56 - 2012-12-13 02:13 - 02286592 _____ () C:\Program Files (x86)\Last.fm\libvlccore.dll
2013-11-08 01:12 - 2012-12-13 02:13 - 00049664 _____ () C:\Program Files (x86)\Last.fm\plugins\audio_output\libaout_directx_plugin.dll
2013-01-16 23:18 - 2006-06-09 16:20 - 00003072 _____ () C:\WINDOWS\system32\CTXFIGER.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2014 01:30:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Andras)
Description: Die App „Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.

Error: (09/14/2014 01:07:10 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (09/14/2014 01:06:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/14/2014 01:06:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/14/2014 01:06:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/14/2014 01:06:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/11/2014 07:21:03 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (09/11/2014 07:21:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/11/2014 07:21:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/11/2014 07:21:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (09/16/2014 01:19:30 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2BOX" zum Namen "ANDRAS" auf Transport "NetBT_Tcpip_{3FE6C248-A11B-4E64-9C74-A2DF4927533D}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (09/14/2014 11:57:53 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{07A1A0A3-C826-4479-8049-CE094EFD4597} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (09/14/2014 11:57:49 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2BOX" zum Namen "ANDRAS" auf Transport "NetBT_Tcpip_{3FE6C248-A11B-4E64-9C74-A2DF4927533D}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (09/14/2014 00:53:01 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2BOX" zum Namen "ANDRAS" auf Transport "NetBT_Tcpip_{3FE6C248-A11B-4E64-9C74-A2DF4927533D}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (09/14/2014 02:10:31 AM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2BOX" zum Namen "ANDRAS" auf Transport "NetBT_Tcpip_{3FE6C248-A11B-4E64-9C74-A2DF4927533D}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (09/14/2014 02:10:26 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎14.‎09.‎2014 um 02:09:27 unerwartet heruntergefahren.

Error: (09/13/2014 02:22:30 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2BOX" zum Namen "ANDRAS" auf Transport "NetBT_Tcpip_{3FE6C248-A11B-4E64-9C74-A2DF4927533D}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (09/13/2014 03:19:11 AM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2BOX" zum Namen "ANDRAS" auf Transport "NetBT_Tcpip_{3FE6C248-A11B-4E64-9C74-A2DF4927533D}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (08/29/2014 03:53:55 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2BOX" zum Namen "ANDRAS" auf Transport "NetBT_Tcpip_{3FE6C248-A11B-4E64-9C74-A2DF4927533D}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (08/29/2014 03:53:52 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0xfffff88007f41b5f, 0xfffff88005ce47e8, 0xfffff88005ce4020)C:\WINDOWS\MEMORY.DMP082914-14664-01


Microsoft Office Sessions:
=========================
Error: (09/16/2014 01:30:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Andras)
Description: Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo

Error: (09/14/2014 01:07:10 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll3

Error: (09/14/2014 01:06:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll

Error: (09/14/2014 01:06:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdDefrag.dll

Error: (09/14/2014 01:06:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdCaps.dll

Error: (09/14/2014 01:06:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdFS.dll

Error: (09/11/2014 07:21:03 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll3

Error: (09/11/2014 07:21:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll

Error: (09/11/2014 07:21:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdDefrag.dll

Error: (09/11/2014 07:21:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdCaps.dll


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU K 875 @ 2.93GHz
Percentage of memory in use: 27%
Total physical RAM: 8182.05 MB
Available physical RAM: 5904.78 MB
Total Pagefile: 16374.05 MB
Available Pagefile: 13604.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:48.82 GB) NTFS
Drive d: (Volume) (Fixed) (Total:465.76 GB) (Free:48.23 GB) NTFS
Drive e: (Volume) (Fixed) (Total:1863.01 GB) (Free:211.97 GB) NTFS
Drive g: (ALICE_2) (CDROM) (Total:7.15 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 414878C4)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 8278219C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 414878C5)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Gmer.log:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-18 22:53:29
Windows 6.2.9200  x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-6 OCZ-VERTEX2 rev.1.11 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Nils\AppData\Local\Temp\uwlorpob.sys


---- User code sections - GMER 2.1 ----

.text   C:\WINDOWS\System32\dwm.exe[4068] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                           000007fc7a40177a 4 bytes [40, 7A, FC, 07]
.text   C:\WINDOWS\System32\dwm.exe[4068] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                           000007fc7a401782 4 bytes [40, 7A, FC, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5552] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690        000007fc759f1532 4 bytes [9F, 75, FC, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5552] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698        000007fc759f153a 4 bytes [9F, 75, FC, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5552] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246      000007fc759f165a 4 bytes [9F, 75, FC, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[3556] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690                                  000007fc759f1532 4 bytes [9F, 75, FC, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[3556] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698                                  000007fc759f153a 4 bytes [9F, 75, FC, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[3556] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246                                000007fc759f165a 4 bytes [9F, 75, FC, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[3556] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                        000007fc7a40177a 4 bytes [40, 7A, FC, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[3556] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                        000007fc7a401782 4 bytes [40, 7A, FC, 07]
.text   C:\WINDOWS\Explorer.EXE[4572] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                               000007fc7a40177a 4 bytes [40, 7A, FC, 07]
.text   C:\WINDOWS\Explorer.EXE[4572] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                               000007fc7a401782 4 bytes [40, 7A, FC, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[316] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690           000007fc759f1532 4 bytes [9F, 75, FC, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[316] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698           000007fc759f153a 4 bytes [9F, 75, FC, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[316] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246         000007fc759f165a 4 bytes [9F, 75, FC, 07]
.text   C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2904] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690    000007fc759f1532 4 bytes [9F, 75, FC, 07]
.text   C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2904] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698    000007fc759f153a 4 bytes [9F, 75, FC, 07]
.text   C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2904] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246  000007fc759f165a 4 bytes [9F, 75, FC, 07]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [2652:5908]                                                                                fffff960009705e8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                        338903081

---- EOF - GMER 2.1 ----

Das Gmer.log konnte ich nicht als .txt abspeichern. Ich hoffe, das macht so keinen Unterschied.

Habe sonst auch noch nichts im Alleingang unternommen. Auch noch kein Malwarebytes laufen lassen. Soll ich dass noch durchführen?

Vielleicht sollte ich noch erwähnen, dass ich den PC vor kurzem von meinem Bruder so übernommen habe (er hat sich einen neuen zugelegt), ohne irgendwas daran geändert zu haben, da ich mich wirklich kaum auskenne.

Vielen Dank schonmal für eure Hilfe.

LG Aislin

Edit: Ich bin ab morgen (Freitag) erstmal für das Wochenende weg und komme erst am Sonntag wieder. Vielleicht habe ich aber noch Zeit morgen kurz reinzuschauen bevor ich weg bin, kann aber nichts versprechen.

 

Themen zu Windows 8.0 : Windows öffnet cmd-Fenster und Farmaster in Nightly (Firefox)
adware, bonjour, cid, cpu, defender, excel, fehler, firefox, flash player, installation, memory.dmp, mozilla, netzwerk, photoshop, problem, programm, registry, remotecomputer, rundll, scan, security, services.exe, software, svchost.exe, system, trojaner, windows


« Windows 7: Lauter Links und neue Fenster in Chrome und Firefox | Windows 8.1: ERR_SSL_PROTOCOL_ERROR, Weiterleitung auf Werbung »


Ähnliche Themen: Windows 8.0 : Windows öffnet cmd-Fenster und Farmaster in Nightly (Firefox)


  1. Windows 7: CMD-Fenster öffnet und schließt sich.
    Log-Analyse und Auswertung - 20.12.2014 (10)
  2. Windows 7: CMD-Konsole öffnet bei Systemstart Farmaster.net
    Log-Analyse und Auswertung - 26.09.2014 (9)
  3. Windows 7 (64bit) Farmaster.net öffnet sich nach Systemstart
    Log-Analyse und Auswertung - 25.09.2014 (11)
  4. Windows 8.1 öffnet nach Start farmaster.net
    Log-Analyse und Auswertung - 24.09.2014 (21)
  5. Windows 7: CMD-Konsole öffnet bei Systemstart Farmaster.net
    Log-Analyse und Auswertung - 21.09.2014 (12)
  6. Bei jedem Rechner-Start öffnet sich automatisch Firefox mit Farmaster.Net-Seite
    Log-Analyse und Auswertung - 21.09.2014 (11)
  7. Windows 8 - Farmaster.net
    Log-Analyse und Auswertung - 18.09.2014 (10)
  8. Windows 8.1 - cmd öffnet beim booten farmaster.net in Chrome
    Log-Analyse und Auswertung - 13.09.2014 (7)
  9. windows 7 Firefox: My search öffnet sich als Fenster
    Log-Analyse und Auswertung - 09.09.2014 (7)
  10. Windows 7: booten dauert sehr lange, Firefox öffnet Werbung/Fenster
    Log-Analyse und Auswertung - 30.08.2014 (13)
  11. Windows 7: Chrome öffnet weiße Popup Fenster
    Log-Analyse und Auswertung - 20.12.2013 (5)
  12. Windows 7 - Internet Explorer bzw. Firefox öffnet selbständig viele leere Fenster
    Log-Analyse und Auswertung - 14.12.2013 (9)
  13. Windows 7, bei Firefox öffnet sich ab und an graues Fenster und bei geschlossenem browser kommt die website von Survey Monkey Powered Online
    Log-Analyse und Auswertung - 21.11.2013 (9)
  14. Windows XP/Mozilla Firefox: Habe mir Dropper? JVL.LibPack.net eingefangen.Bei fast jedem klick öffnet sich Fenster mit JVL LIBPACK.NET
    Log-Analyse und Auswertung - 09.08.2013 (17)
  15. Windows XP/Mozilla Firefox: Habe mir Dropper? JVL.LibPack.net eingefangen.Bei fast jedem klick öffnet sich Fenster mit JVL LIBPACK.NET
    Mülltonne - 05.08.2013 (0)
  16. Windows friert ein, Firefox öffnet willkürlich Fenster ( in Flensburg)
    Plagegeister aller Art und deren Bekämpfung - 16.08.2010 (97)
  17. IE Fenster öffnet sich bei Windows Start / Windows stürzt ab
    Log-Analyse und Auswertung - 28.09.2009 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 8.0 : Windows öffnet cmd-Fenster und Farmaster in Nightly (Firefox) - Hallo liebes Trojaner Team, seit einigen Tagen habe ich das Problem, dass bei jedem Start vom PC direkt für den Bruchteil einer Sekunde ein cmd-fenster erscheint und hinterher direkt Farmaster - Windows 8.0 : Windows öffnet cmd-Fenster und Farmaster in Nightly (Firefox)...
Archiv
Du betrachtest: Windows 8.0 : Windows öffnet cmd-Fenster und Farmaster in Nightly (Firefox) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131