| Samyujas | 15.08.2014 13:43 |
Spyhunter 4 löschen
Als ich gestern meinen Browser(Firefox) gestartet habe, nachdem ich das Programm "JDownloader 2" runtergeladen und installiert habe, ist mir aufgefallen, dass irgendein Programm nervige Anzeigen auf meinen Bildschirm setzt.
Nach näherer Betrachtung steckte das Programm "ClearThink" dahinter.
Laut einer Internetseite, sollte ich dies mit der Software "Spyhunter 4" entfernen. Als ich diese dann gedownloadet hatte konnte sie mir allerdings nicht bei meinem Problem helfen, weshalb ich dann den "adwcleaner", welchen ich zuvor vergessen hatte, verwendete, um "ClearThink" zu entfernen.
Nachdem ich das Programm "Spyhunter 4" nun über die Systemsteuerung deinstalliert hatte, stellte ich fest, dass es immer noch auf meinem Computer drauf war.
Ich befolgte dann also die Schritte, welche ich auf einer Internetseite fand, um das Programm zu entfernen, doch brachte dies nichts. Laut der Seite sollte ich auch nur einen Suchlauf mit MBAM durchführen und dann wärs das gewesen, da ich das dann hätte entfernen können... Schön wär's gewesen...
Daraufhin ließ ich dann den Quick Scan von "Oldtimer" ausführen, welcher mir persönlich allerdings keine allzu genaue Info gab.
Ich hoffe, dass mir jemand bei diesem Problem helfen kann und bedanke mich schonmal im Vorraus für die Zeit, welche aufgewandt wird.
MBAM-LOG Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 15.08.2014
Suchlauf-Zeit: 11:43:21
Logdatei: Mbam-LOG2.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.08.15.03
Rootkit Datenbank: v2014.08.04.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Lukas
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 289080
Verstrichene Zeit: 7 Min, 32 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 0
(No malicious items detected)
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 0
(No malicious items detected)
Dateien: 1
PUP.Optional.ClearThink.A, C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\3cfhwcgk.default\extensions\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}.xpi, In Quarantäne, [9946ac1af08b171f13d8a833f210827e],
Physische Sektoren: 0
(No malicious items detected)
(end)
MBAM-LOG-2 Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 15.08.2014
Suchlauf-Zeit: 11:51:38
Logdatei: Mbam-LOG.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.08.15.03
Rootkit Datenbank: v2014.08.04.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Lukas
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 289243
Verstrichene Zeit: 11 Min, 19 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 0
(No malicious items detected)
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 0
(No malicious items detected)
Dateien: 0
(No malicious items detected)
Physische Sektoren: 0
(No malicious items detected)
(end)
OTL
OTL Logfile: Code:
OTL logfile created on: 15.08.2014 12:53:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lukas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,97 Gb Total Physical Memory | 5,49 Gb Available Physical Memory | 68,92% Memory free
15,93 Gb Paging File | 12,81 Gb Available in Paging File | 80,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,17 Gb Total Space | 845,48 Gb Free Space | 90,80% Space Free | Partition Type: NTFS
Drive E: | 2794,25 Gb Total Space | 2792,86 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
Computer Name: LUKAS-PC | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014.08.15 12:53:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Downloads\OTL.exe
PRC - [2014.08.06 13:10:40 | 003,600,728 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2014.08.05 10:57:58 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014.08.05 10:57:43 | 000,751,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014.08.05 10:57:43 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014.07.24 11:50:06 | 000,190,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014.07.24 11:50:04 | 000,141,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014.07.23 01:34:39 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014.05.07 14:44:30 | 000,511,872 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.10.29 13:43:38 | 000,248,832 | ---- | M] () -- C:\Program Files (x86)\Drakonia Configurator\hid.exe
PRC - [2012.12.11 11:14:50 | 000,240,640 | ---- | M] () -- C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
PRC - [2012.06.07 11:22:00 | 001,803,264 | ---- | M] (Game Inc.) -- C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe
PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.07.12 16:14:26 | 000,331,776 | ---- | M] (VIA Technologies, Inc.) -- C:\Programme\VIA XHCI UASP Utility\usb3Monitor.exe
========== Modules (No Company Name) ==========
MOD - [2014.08.06 13:10:39 | 000,962,560 | ---- | M] () -- C:\Program Files (x86)\Origin\platforms\qwindows.dll
MOD - [2014.08.06 13:10:39 | 000,302,592 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtiff.dll
MOD - [2014.08.06 13:10:39 | 000,261,632 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qmng.dll
MOD - [2014.08.06 13:10:39 | 000,217,088 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
MOD - [2014.08.06 13:10:39 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qico.dll
MOD - [2014.08.06 13:10:39 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qgif.dll
MOD - [2014.08.06 13:10:39 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtga.dll
MOD - [2014.08.06 13:10:39 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
MOD - [2014.07.24 11:50:04 | 000,137,296 | ---- | M] () -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
MOD - [2014.07.24 11:50:00 | 000,049,744 | ---- | M] () -- C:\Users\Lukas\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
MOD - [2014.07.23 01:34:38 | 003,800,688 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014.04.22 19:45:30 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll
MOD - [2014.04.22 19:45:05 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014.04.22 19:45:02 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014.04.22 19:44:53 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014.04.22 19:44:50 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014.04.22 19:44:47 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
MOD - [2014.04.22 19:44:35 | 002,542,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\7e73e63cf4b8efdf41900b9576489e61\System.Data.Linq.ni.dll
MOD - [2014.04.22 19:44:17 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014.04.22 19:44:14 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014.04.22 19:44:13 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\af02d03484578dbc357d1df8d1b6fd01\PresentationFramework-SystemData.ni.dll
MOD - [2014.03.13 17:01:02 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014.03.13 17:00:58 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014.03.13 17:00:58 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014.03.13 17:00:56 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014.03.13 17:00:51 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll
MOD - [2014.03.13 17:00:49 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014.03.13 17:00:47 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014.03.13 17:00:45 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014.03.13 17:00:44 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014.03.13 17:00:43 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014.03.13 17:00:41 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014.03.13 17:00:39 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014.03.13 17:00:37 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014.03.13 17:00:32 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013.11.05 16:31:40 | 000,249,856 | ---- | M] () -- C:\Program Files (x86)\Drakonia Configurator\language.dll
MOD - [2013.10.29 13:43:38 | 000,248,832 | ---- | M] () -- C:\Program Files (x86)\Drakonia Configurator\hid.exe
MOD - [2013.01.15 17:06:32 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
MOD - [2012.12.11 11:14:50 | 000,240,640 | ---- | M] () -- C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
========== Services (SafeList) ==========
SRV:64bit: - [2014.07.25 15:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013.09.12 03:46:52 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013.09.11 21:57:02 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2014.08.05 10:57:58 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014.08.05 10:57:43 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014.07.24 11:50:04 | 000,141,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014.07.23 01:34:38 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.07.08 22:57:00 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.05.29 19:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014.03.21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.09.11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014.06.24 12:51:43 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014.05.22 11:54:55 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014.02.25 11:41:04 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.10.28 10:02:48 | 000,022,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2013.10.24 17:29:06 | 000,022,240 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\UsbCharger.sys -- (UsbCharger)
DRV:64bit: - [2013.10.02 04:22:44 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013.10.02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013.09.24 16:53:50 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013.09.12 04:39:56 | 012,760,576 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.09.12 03:13:58 | 000,619,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.08.12 11:13:16 | 000,225,792 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2013.08.12 11:13:10 | 000,295,424 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv)
DRV:64bit: - [2013.06.27 17:50:46 | 000,042,304 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2013.06.27 17:50:44 | 000,082,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013.01.21 12:57:14 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012.08.28 14:27:24 | 000,058,536 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012.08.23 16:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.06.05 07:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2012.05.11 15:24:32 | 000,027,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GameKB.sys -- (GameKB)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011.09.29 11:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.09.15 08:46:14 | 000,060,288 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MHIKEY10x64.sys -- (MHIKEY10)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2013.07.31 13:26:24 | 000,042,240 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2.0)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{A81FFC7C-8ACB-4A7D-B6EA-BC221481DC3B}: "URL" = hxxp://www.sm.de/?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-234909537-4166200705-3081485305-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-234909537-4166200705-3081485305-1002\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-234909537-4166200705-3081485305-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-234909537-4166200705-3081485305-1002\..\SearchScopes\{A81FFC7C-8ACB-4A7D-B6EA-BC221481DC3B}: "URL" = hxxp://www.sm.de/?q={searchTerms}
IE - HKU\S-1-5-21-234909537-4166200705-3081485305-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.order.1: "SuchMaschine"
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lukas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2014.04.22 21:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions
[2014.08.15 12:45:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\3cfhwcgk.default\extensions
[2014.07.23 21:57:18 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\3cfhwcgk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.05.09 21:45:30 | 000,001,793 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\3cfhwcgk.default\searchplugins\search_engine.xml
[2014.07.23 01:34:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.07.23 01:34:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Reg Error: Value error.) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [VIAxHCUtl] C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [GamingKeyboard] C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe (Game Inc.)
O4 - HKLM..\Run: [GamingMouse] C:\Program Files (x86)\Drakonia Configurator\hid.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-234909537-4166200705-3081485305-1002..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-234909537-4166200705-3081485305-1002\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-234909537-4166200705-3081485305-1002\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62C9C01B-628A-487B-A544-B2B31FFFF7E3}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014.08.15 10:58:11 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d2f01a2f-ca43-11e3-b928-74d4359988e1}\Shell - "" = AutoRun
O33 - MountPoints2\{d2f01a2f-ca43-11e3-b928-74d4359988e1}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014.08.15 11:42:57 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.08.15 11:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014.08.15 11:41:55 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.08.15 11:41:55 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.08.15 11:41:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014.08.15 11:39:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014.08.15 11:33:46 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.08.15 10:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014.08.15 10:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014.08.14 23:46:33 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
[2014.08.14 23:45:28 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\JDownloader v2.0
[2014.08.09 23:57:48 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\RenPy
[2014.08.09 22:52:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Katawa Shoujo
[2014.08.08 01:21:09 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Unity
[2014.08.08 01:03:43 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Unity
[2014.08.06 21:46:53 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Blizzard
[2014.08.06 21:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
[2014.08.06 21:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hearthstone
[2014.08.06 21:32:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
[2014.08.06 21:32:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battle.net
[2014.07.24 23:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Riot Games
[2014.07.24 02:16:46 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\dvdcss
[2014.07.24 02:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2014.07.24 02:08:00 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Canneverbe Limited
[2014.07.24 02:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2014.07.24 01:23:01 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Training
[2014.07.23 22:19:09 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Programmieren
[2014.07.23 01:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.07.21 14:57:12 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Mathe
[2011.03.30 11:40:32 | 000,095,576 | ---- | C] (Microsoft Corporation) -- C:\Users\Lukas\DSETUP.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014.08.15 12:35:58 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.08.15 12:35:58 | 000,698,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.08.15 12:35:58 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.08.15 12:35:58 | 000,148,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.08.15 12:35:58 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.08.15 11:56:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.08.15 11:44:10 | 000,028,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.08.15 11:44:10 | 000,028,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.08.15 11:43:15 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.08.15 11:41:58 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.08.15 11:36:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.08.15 11:36:14 | 2119,675,903 | -HS- | M] () -- C:\hiberfil.sys
[2014.08.15 10:58:11 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014.08.15 10:47:45 | 000,283,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.08.14 23:46:33 | 000,002,082 | ---- | M] () -- C:\Users\Lukas\Desktop\JDownloader 2.lnk
[2014.08.11 15:58:46 | 000,006,550 | ---- | M] () -- C:\Users\Lukas\Desktop\Mathe-Denis.rtf
[2014.08.09 22:53:34 | 000,001,107 | ---- | M] () -- C:\Users\Lukas\Desktop\Katawa Shoujo.lnk
[2014.08.06 21:37:43 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Hearthstone.lnk
[2014.08.06 21:32:36 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2014.08.05 17:26:05 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2014.08.03 18:30:28 | 000,008,561 | ---- | M] () -- C:\Users\Lukas\AppData\Local\recently-used.xbel
[2014.07.24 14:27:44 | 000,042,040 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2014.07.24 02:08:00 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014.08.15 10:58:11 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014.08.14 23:46:33 | 000,002,082 | ---- | C] () -- C:\Users\Lukas\Desktop\JDownloader 2.lnk
[2014.08.09 22:53:34 | 000,001,107 | ---- | C] () -- C:\Users\Lukas\Desktop\Katawa Shoujo.lnk
[2014.08.06 21:37:43 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Hearthstone.lnk
[2014.08.06 21:32:36 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Battle.net.lnk
[2014.08.06 00:57:33 | 000,006,550 | ---- | C] () -- C:\Users\Lukas\Desktop\Mathe-Denis.rtf
[2014.08.03 18:30:28 | 000,008,561 | ---- | C] () -- C:\Users\Lukas\AppData\Local\recently-used.xbel
[2014.07.24 02:08:00 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2014.07.24 02:08:00 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2014.04.22 19:29:54 | 001,192,533 | ---- | C] () -- C:\Windows\unins000.exe
[2014.04.22 19:29:54 | 000,017,946 | ---- | C] () -- C:\Windows\unins000.dat
[2014.04.17 10:28:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014.04.17 10:26:16 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2014.04.17 10:26:16 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2014.04.17 10:26:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2014.04.17 10:26:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2014.04.17 10:26:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2014.04.17 10:17:20 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2014.03.13 14:51:26 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.09.11 22:32:06 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.03.30 11:40:34 | 000,517,976 | ---- | C] () -- C:\Users\Lukas\DXSETUP.exe
[2011.03.30 11:40:32 | 001,566,040 | ---- | C] () -- C:\Users\Lukas\dsetup32.dll
[2011.03.30 11:40:32 | 000,097,152 | ---- | C] () -- C:\Users\Lukas\dxupdate.cab
[2011.03.30 11:40:32 | 000,044,624 | ---- | C] () -- C:\Users\Lukas\dxdllreg_x86.cab
[2010.06.02 05:22:54 | 001,412,902 | ---- | C] () -- C:\Users\Lukas\OCT2006_d3dx9_31_x64.cab
[2010.06.02 05:22:54 | 001,127,217 | ---- | C] () -- C:\Users\Lukas\OCT2006_d3dx9_31_x86.cab
[2010.06.02 05:22:54 | 000,273,960 | ---- | C] () -- C:\Users\Lukas\Nov2008_XAudio_x64.cab
[2010.06.02 05:22:54 | 000,272,611 | ---- | C] () -- C:\Users\Lukas\Nov2008_XAudio_x86.cab
[2010.06.02 05:22:54 | 000,182,361 | ---- | C] () -- C:\Users\Lukas\OCT2006_XACT_x64.cab
[2010.06.02 05:22:54 | 000,138,017 | ---- | C] () -- C:\Users\Lukas\OCT2006_XACT_x86.cab
[2010.06.02 05:22:54 | 000,086,037 | ---- | C] () -- C:\Users\Lukas\Oct2005_xinput_x64.cab
[2010.06.02 05:22:54 | 000,045,359 | ---- | C] () -- C:\Users\Lukas\Oct2005_xinput_x86.cab
[2010.06.02 05:22:52 | 001,906,878 | ---- | C] () -- C:\Users\Lukas\Nov2008_d3dx9_40_x64.cab
[2010.06.02 05:22:52 | 001,550,796 | ---- | C] () -- C:\Users\Lukas\Nov2008_d3dx9_40_x86.cab
[2010.06.02 05:22:52 | 000,965,421 | ---- | C] () -- C:\Users\Lukas\Nov2008_d3dx10_40_x86.cab
[2010.06.02 05:22:52 | 000,121,794 | ---- | C] () -- C:\Users\Lukas\Nov2008_XACT_x64.cab
[2010.06.02 05:22:52 | 000,092,684 | ---- | C] () -- C:\Users\Lukas\Nov2008_XACT_x86.cab
[2010.06.02 05:22:52 | 000,054,522 | ---- | C] () -- C:\Users\Lukas\Nov2008_X3DAudio_x64.cab
[2010.06.02 05:22:52 | 000,021,851 | ---- | C] () -- C:\Users\Lukas\Nov2008_X3DAudio_x86.cab
[2010.06.02 05:22:50 | 000,994,154 | ---- | C] () -- C:\Users\Lukas\Nov2008_d3dx10_40_x64.cab
[2010.06.02 05:22:50 | 000,196,762 | ---- | C] () -- C:\Users\Lukas\NOV2007_XACT_x64.cab
[2010.06.02 05:22:50 | 000,148,264 | ---- | C] () -- C:\Users\Lukas\NOV2007_XACT_x86.cab
[2010.06.02 05:22:50 | 000,046,144 | ---- | C] () -- C:\Users\Lukas\NOV2007_X3DAudio_x64.cab
[2010.06.02 05:22:50 | 000,018,496 | ---- | C] () -- C:\Users\Lukas\NOV2007_X3DAudio_x86.cab
[2010.06.02 05:22:48 | 001,802,058 | ---- | C] () -- C:\Users\Lukas\Nov2007_d3dx9_36_x64.cab
[2010.06.02 05:22:48 | 001,709,360 | ---- | C] () -- C:\Users\Lukas\Nov2007_d3dx9_36_x86.cab
[2010.06.02 05:22:48 | 000,864,600 | ---- | C] () -- C:\Users\Lukas\Nov2007_d3dx10_36_x64.cab
[2010.06.02 05:22:48 | 000,803,884 | ---- | C] () -- C:\Users\Lukas\Nov2007_d3dx10_36_x86.cab
[2010.06.02 05:22:48 | 000,273,018 | ---- | C] () -- C:\Users\Lukas\Mar2009_XAudio_x86.cab
[2010.06.02 05:22:46 | 000,275,044 | ---- | C] () -- C:\Users\Lukas\Mar2009_XAudio_x64.cab
[2010.06.02 05:22:46 | 000,121,506 | ---- | C] () -- C:\Users\Lukas\Mar2009_XACT_x64.cab
[2010.06.02 05:22:46 | 000,092,740 | ---- | C] () -- C:\Users\Lukas\Mar2009_XACT_x86.cab
[2010.06.02 05:22:38 | 000,054,600 | ---- | C] () -- C:\Users\Lukas\Mar2009_X3DAudio_x64.cab
[2010.06.02 05:22:38 | 000,021,298 | ---- | C] () -- C:\Users\Lukas\Mar2009_X3DAudio_x86.cab
[2010.06.02 05:22:36 | 001,973,702 | ---- | C] () -- C:\Users\Lukas\Mar2009_d3dx9_41_x64.cab
[2010.06.02 05:22:36 | 001,612,446 | ---- | C] () -- C:\Users\Lukas\Mar2009_d3dx9_41_x86.cab
[2010.06.02 05:22:36 | 001,067,160 | ---- | C] () -- C:\Users\Lukas\Mar2009_d3dx10_41_x64.cab
[2010.06.02 05:22:36 | 001,040,745 | ---- | C] () -- C:\Users\Lukas\Mar2009_d3dx10_41_x86.cab
[2010.06.02 05:22:36 | 000,251,194 | ---- | C] () -- C:\Users\Lukas\Mar2008_XAudio_x64.cab
[2010.06.02 05:22:36 | 000,226,250 | ---- | C] () -- C:\Users\Lukas\Mar2008_XAudio_x86.cab
[2010.06.02 05:22:36 | 000,122,336 | ---- | C] () -- C:\Users\Lukas\Mar2008_XACT_x64.cab
[2010.06.02 05:22:36 | 000,093,734 | ---- | C] () -- C:\Users\Lukas\Mar2008_XACT_x86.cab
[2010.06.02 05:22:34 | 001,769,862 | ---- | C] () -- C:\Users\Lukas\Mar2008_d3dx9_37_x64.cab
[2010.06.02 05:22:34 | 001,443,282 | ---- | C] () -- C:\Users\Lukas\Mar2008_d3dx9_37_x86.cab
[2010.06.02 05:22:34 | 000,818,260 | ---- | C] () -- C:\Users\Lukas\Mar2008_d3dx10_37_x86.cab
[2010.06.02 05:22:34 | 000,055,058 | ---- | C] () -- C:\Users\Lukas\Mar2008_X3DAudio_x64.cab
[2010.06.02 05:22:34 | 000,021,867 | ---- | C] () -- C:\Users\Lukas\Mar2008_X3DAudio_x86.cab
[2010.06.02 05:22:32 | 000,937,246 | ---- | C] () -- C:\Users\Lukas\Jun2010_d3dx9_43_x64.cab
[2010.06.02 05:22:32 | 000,844,884 | ---- | C] () -- C:\Users\Lukas\Mar2008_d3dx10_37_x64.cab
[2010.06.02 05:22:32 | 000,768,036 | ---- | C] () -- C:\Users\Lukas\Jun2010_d3dx9_43_x86.cab
[2010.06.02 05:22:32 | 000,278,060 | ---- | C] () -- C:\Users\Lukas\Jun2010_XAudio_x86.cab
[2010.06.02 05:22:32 | 000,277,338 | ---- | C] () -- C:\Users\Lukas\Jun2010_XAudio_x64.cab
[2010.06.02 05:22:32 | 000,124,596 | ---- | C] () -- C:\Users\Lukas\Jun2010_XACT_x64.cab
[2010.06.02 05:22:32 | 000,093,686 | ---- | C] () -- C:\Users\Lukas\Jun2010_XACT_x86.cab
[2010.06.02 05:22:30 | 000,762,188 | ---- | C] () -- C:\Users\Lukas\Jun2010_d3dcsx_43_x86.cab
[2010.06.02 05:22:30 | 000,235,955 | ---- | C] () -- C:\Users\Lukas\Jun2010_d3dx10_43_x64.cab
[2010.06.02 05:22:30 | 000,197,283 | ---- | C] () -- C:\Users\Lukas\Jun2010_d3dx10_43_x86.cab
[2010.06.02 05:22:30 | 000,138,205 | ---- | C] () -- C:\Users\Lukas\Jun2010_d3dx11_43_x64.cab
[2010.06.02 05:22:30 | 000,109,445 | ---- | C] () -- C:\Users\Lukas\Jun2010_d3dx11_43_x86.cab
[2010.06.02 05:22:28 | 000,944,460 | ---- | C] () -- C:\Users\Lukas\Jun2010_D3DCompiler_43_x64.cab
[2010.06.02 05:22:28 | 000,931,471 | ---- | C] () -- C:\Users\Lukas\Jun2010_D3DCompiler_43_x86.cab
[2010.06.02 05:22:28 | 000,752,783 | ---- | C] () -- C:\Users\Lukas\Jun2010_d3dcsx_43_x64.cab
[2010.06.02 05:22:20 | 000,269,024 | ---- | C] () -- C:\Users\Lukas\JUN2008_XAudio_x86.cab
[2010.06.02 05:22:18 | 001,792,608 | ---- | C] () -- C:\Users\Lukas\JUN2008_d3dx9_38_x64.cab
[2010.06.02 05:22:18 | 001,463,878 | ---- | C] () -- C:\Users\Lukas\JUN2008_d3dx9_38_x86.cab
[2010.06.02 05:22:18 | 000,867,828 | ---- | C] () -- C:\Users\Lukas\JUN2008_d3dx10_38_x64.cab
[2010.06.02 05:22:18 | 000,849,919 | ---- | C] () -- C:\Users\Lukas\JUN2008_d3dx10_38_x86.cab
[2010.06.02 05:22:18 | 000,269,628 | ---- | C] () -- C:\Users\Lukas\JUN2008_XAudio_x64.cab
[2010.06.02 05:22:18 | 000,152,909 | ---- | C] () -- C:\Users\Lukas\JUN2007_XACT_x86.cab
[2010.06.02 05:22:18 | 000,121,054 | ---- | C] () -- C:\Users\Lukas\JUN2008_XACT_x64.cab
[2010.06.02 05:22:18 | 000,093,128 | ---- | C] () -- C:\Users\Lukas\JUN2008_XACT_x86.cab
[2010.06.02 05:22:18 | 000,055,154 | ---- | C] () -- C:\Users\Lukas\JUN2008_X3DAudio_x64.cab
[2010.06.02 05:22:18 | 000,021,905 | ---- | C] () -- C:\Users\Lukas\JUN2008_X3DAudio_x86.cab
[2010.06.02 05:22:16 | 001,607,774 | ---- | C] () -- C:\Users\Lukas\JUN2007_d3dx9_34_x64.cab
[2010.06.02 05:22:16 | 001,607,286 | ---- | C] () -- C:\Users\Lukas\JUN2007_d3dx9_34_x86.cab
[2010.06.02 05:22:16 | 001,064,925 | ---- | C] () -- C:\Users\Lukas\Jun2005_d3dx9_26_x86.cab
[2010.06.02 05:22:16 | 000,699,044 | ---- | C] () -- C:\Users\Lukas\JUN2007_d3dx10_34_x64.cab
[2010.06.02 05:22:16 | 000,698,472 | ---- | C] () -- C:\Users\Lukas\JUN2007_d3dx10_34_x86.cab
[2010.06.02 05:22:16 | 000,197,122 | ---- | C] () -- C:\Users\Lukas\JUN2007_XACT_x64.cab
[2010.06.02 05:22:16 | 000,180,785 | ---- | C] () -- C:\Users\Lukas\JUN2006_XACT_x64.cab
[2010.06.02 05:22:16 | 000,133,671 | ---- | C] () -- C:\Users\Lukas\JUN2006_XACT_x86.cab
[2010.06.02 05:22:14 | 001,336,002 | ---- | C] () -- C:\Users\Lukas\Jun2005_d3dx9_26_x64.cab
[2010.06.02 05:22:14 | 000,277,191 | ---- | C] () -- C:\Users\Lukas\Feb2010_XAudio_x86.cab
[2010.06.02 05:22:14 | 000,276,960 | ---- | C] () -- C:\Users\Lukas\Feb2010_XAudio_x64.cab
[2010.06.02 05:22:14 | 000,122,446 | ---- | C] () -- C:\Users\Lukas\Feb2010_XACT_x64.cab
[2010.06.02 05:22:14 | 000,093,180 | ---- | C] () -- C:\Users\Lukas\Feb2010_XACT_x86.cab
[2010.06.02 05:22:12 | 000,194,675 | ---- | C] () -- C:\Users\Lukas\FEB2007_XACT_x64.cab
[2010.06.02 05:22:12 | 000,147,983 | ---- | C] () -- C:\Users\Lukas\FEB2007_XACT_x86.cab
[2010.06.02 05:22:12 | 000,054,678 | ---- | C] () -- C:\Users\Lukas\Feb2010_X3DAudio_x64.cab
[2010.06.02 05:22:12 | 000,020,713 | ---- | C] () -- C:\Users\Lukas\Feb2010_X3DAudio_x86.cab
[2010.06.02 05:22:10 | 000,178,359 | ---- | C] () -- C:\Users\Lukas\Feb2006_XACT_x64.cab
[2010.06.02 05:22:10 | 000,132,409 | ---- | C] () -- C:\Users\Lukas\Feb2006_XACT_x86.cab
[2010.06.02 05:22:04 | 001,084,720 | ---- | C] () -- C:\Users\Lukas\Feb2006_d3dx9_29_x86.cab
[2010.06.02 05:22:02 | 001,574,376 | ---- | C] () -- C:\Users\Lukas\DEC2006_d3dx9_32_x86.cab
[2010.06.02 05:22:02 | 001,362,796 | ---- | C] () -- C:\Users\Lukas\Feb2006_d3dx9_29_x64.cab
[2010.06.02 05:22:02 | 001,247,499 | ---- | C] () -- C:\Users\Lukas\Feb2005_d3dx9_24_x64.cab
[2010.06.02 05:22:02 | 001,013,225 | ---- | C] () -- C:\Users\Lukas\Feb2005_d3dx9_24_x86.cab
[2010.06.02 05:22:02 | 000,192,475 | ---- | C] () -- C:\Users\Lukas\DEC2006_XACT_x64.cab
[2010.06.02 05:22:02 | 000,145,599 | ---- | C] () -- C:\Users\Lukas\DEC2006_XACT_x86.cab
[2010.06.02 05:22:00 | 001,571,154 | ---- | C] () -- C:\Users\Lukas\DEC2006_d3dx9_32_x64.cab
[2010.06.02 05:22:00 | 001,357,976 | ---- | C] () -- C:\Users\Lukas\Dec2005_d3dx9_28_x64.cab
[2010.06.02 05:22:00 | 001,079,456 | ---- | C] () -- C:\Users\Lukas\Dec2005_d3dx9_28_x86.cab
[2010.06.02 05:22:00 | 000,273,264 | ---- | C] () -- C:\Users\Lukas\Aug2009_XAudio_x64.cab
[2010.06.02 05:22:00 | 000,272,642 | ---- | C] () -- C:\Users\Lukas\Aug2009_XAudio_x86.cab
[2010.06.02 05:22:00 | 000,212,807 | ---- | C] () -- C:\Users\Lukas\DEC2006_d3dx10_00_x64.cab
[2010.06.02 05:22:00 | 000,191,720 | ---- | C] () -- C:\Users\Lukas\DEC2006_d3dx10_00_x86.cab
[2010.06.02 05:22:00 | 000,122,408 | ---- | C] () -- C:\Users\Lukas\Aug2009_XACT_x64.cab
[2010.06.02 05:22:00 | 000,093,106 | ---- | C] () -- C:\Users\Lukas\Aug2009_XACT_x86.cab
[2010.06.02 05:21:58 | 000,930,116 | ---- | C] () -- C:\Users\Lukas\Aug2009_d3dx9_42_x64.cab
[2010.06.02 05:21:58 | 000,728,456 | ---- | C] () -- C:\Users\Lukas\Aug2009_d3dx9_42_x86.cab
[2010.06.02 05:21:58 | 000,232,635 | ---- | C] () -- C:\Users\Lukas\Aug2009_d3dx10_42_x64.cab
[2010.06.02 05:21:58 | 000,192,131 | ---- | C] () -- C:\Users\Lukas\Aug2009_d3dx10_42_x86.cab
[2010.06.02 05:21:58 | 000,136,301 | ---- | C] () -- C:\Users\Lukas\Aug2009_d3dx11_42_x64.cab
[2010.06.02 05:21:58 | 000,105,044 | ---- | C] () -- C:\Users\Lukas\Aug2009_d3dx11_42_x86.cab
[2010.06.02 05:21:56 | 003,319,740 | ---- | C] () -- C:\Users\Lukas\Aug2009_d3dcsx_42_x86.cab
[2010.06.02 05:21:56 | 003,112,111 | ---- | C] () -- C:\Users\Lukas\Aug2009_d3dcsx_42_x64.cab
[2010.06.02 05:21:56 | 000,900,598 | ---- | C] () -- C:\Users\Lukas\Aug2009_D3DCompiler_42_x86.cab
[2010.06.02 05:21:46 | 000,919,044 | ---- | C] () -- C:\Users\Lukas\Aug2009_D3DCompiler_42_x64.cab
[2010.06.02 05:21:46 | 000,271,412 | ---- | C] () -- C:\Users\Lukas\Aug2008_XAudio_x64.cab
[2010.06.02 05:21:46 | 000,271,038 | ---- | C] () -- C:\Users\Lukas\Aug2008_XAudio_x86.cab
[2010.06.02 05:21:44 | 001,794,084 | ---- | C] () -- C:\Users\Lukas\Aug2008_d3dx9_39_x64.cab
[2010.06.02 05:21:44 | 001,464,672 | ---- | C] () -- C:\Users\Lukas\Aug2008_d3dx9_39_x86.cab
[2010.06.02 05:21:44 | 000,849,167 | ---- | C] () -- C:\Users\Lukas\Aug2008_d3dx10_39_x86.cab
[2010.06.02 05:21:44 | 000,198,096 | ---- | C] () -- C:\Users\Lukas\AUG2007_XACT_x64.cab
[2010.06.02 05:21:44 | 000,153,012 | ---- | C] () -- C:\Users\Lukas\AUG2007_XACT_x86.cab
[2010.06.02 05:21:44 | 000,121,772 | ---- | C] () -- C:\Users\Lukas\Aug2008_XACT_x64.cab
[2010.06.02 05:21:44 | 000,092,996 | ---- | C] () -- C:\Users\Lukas\Aug2008_XACT_x86.cab
[2010.06.02 05:21:42 | 001,800,160 | ---- | C] () -- C:\Users\Lukas\AUG2007_d3dx9_35_x64.cab
[2010.06.02 05:21:42 | 001,708,152 | ---- | C] () -- C:\Users\Lukas\AUG2007_d3dx9_35_x86.cab
[2010.06.02 05:21:42 | 000,867,612 | ---- | C] () -- C:\Users\Lukas\Aug2008_d3dx10_39_x64.cab
[2010.06.02 05:21:42 | 000,852,286 | ---- | C] () -- C:\Users\Lukas\AUG2007_d3dx10_35_x64.cab
[2010.06.02 05:21:42 | 000,796,867 | ---- | C] () -- C:\Users\Lukas\AUG2007_d3dx10_35_x86.cab
[2010.06.02 05:21:40 | 001,350,542 | ---- | C] () -- C:\Users\Lukas\Aug2005_d3dx9_27_x64.cab
[2010.06.02 05:21:40 | 001,077,644 | ---- | C] () -- C:\Users\Lukas\Aug2005_d3dx9_27_x86.cab
[2010.06.02 05:21:40 | 000,182,903 | ---- | C] () -- C:\Users\Lukas\AUG2006_XACT_x64.cab
[2010.06.02 05:21:40 | 000,137,235 | ---- | C] () -- C:\Users\Lukas\AUG2006_XACT_x86.cab
[2010.06.02 05:21:40 | 000,087,142 | ---- | C] () -- C:\Users\Lukas\AUG2006_xinput_x64.cab
[2010.06.02 05:21:40 | 000,053,302 | ---- | C] () -- C:\Users\Lukas\APR2007_xinput_x86.cab
[2010.06.02 05:21:40 | 000,046,058 | ---- | C] () -- C:\Users\Lukas\AUG2006_xinput_x86.cab
[2010.06.02 05:21:38 | 001,606,039 | ---- | C] () -- C:\Users\Lukas\APR2007_d3dx9_33_x86.cab
[2010.06.02 05:21:38 | 000,195,766 | ---- | C] () -- C:\Users\Lukas\APR2007_XACT_x64.cab
[2010.06.02 05:21:38 | 000,151,225 | ---- | C] () -- C:\Users\Lukas\APR2007_XACT_x86.cab
[2010.06.02 05:21:38 | 000,096,817 | ---- | C] () -- C:\Users\Lukas\APR2007_xinput_x64.cab
[2010.06.02 05:21:36 | 001,607,358 | ---- | C] () -- C:\Users\Lukas\APR2007_d3dx9_33_x64.cab
[2010.06.02 05:21:36 | 000,698,612 | ---- | C] () -- C:\Users\Lukas\APR2007_d3dx10_33_x64.cab
[2010.06.02 05:21:36 | 000,695,865 | ---- | C] () -- C:\Users\Lukas\APR2007_d3dx10_33_x86.cab
[2010.06.02 05:21:34 | 000,046,010 | ---- | C] () -- C:\Users\Lukas\Apr2006_xinput_x86.cab
[2010.06.02 05:21:20 | 000,087,101 | ---- | C] () -- C:\Users\Lukas\Apr2006_xinput_x64.cab
[2010.06.02 05:21:18 | 004,162,630 | ---- | C] () -- C:\Users\Lukas\Apr2006_MDX1_x86_Archive.cab
[2010.06.02 05:21:18 | 000,916,430 | ---- | C] () -- C:\Users\Lukas\Apr2006_MDX1_x86.cab
[2010.06.02 05:21:18 | 000,179,133 | ---- | C] () -- C:\Users\Lukas\Apr2006_XACT_x64.cab
[2010.06.02 05:21:18 | 000,133,103 | ---- | C] () -- C:\Users\Lukas\Apr2006_XACT_x86.cab
[2010.06.02 05:21:16 | 001,397,830 | ---- | C] () -- C:\Users\Lukas\Apr2006_d3dx9_30_x64.cab
[2010.06.02 05:21:16 | 001,347,354 | ---- | C] () -- C:\Users\Lukas\Apr2005_d3dx9_25_x64.cab
[2010.06.02 05:21:16 | 001,115,221 | ---- | C] () -- C:\Users\Lukas\Apr2006_d3dx9_30_x86.cab
[2010.06.02 05:21:16 | 001,078,962 | ---- | C] () -- C:\Users\Lukas\Apr2005_d3dx9_25_x86.cab
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 04:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014.08.05 17:46:07 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\.minecraft
[2014.07.04 12:40:15 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Aegisub
[2014.08.06 21:37:25 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Battle.net
[2014.07.24 02:08:00 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Canneverbe Limited
[2014.05.11 17:00:59 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DVDVideoSoft
[2014.07.04 12:13:15 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\fontconfig
[2014.05.09 21:24:37 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\JavaEditor
[2014.04.26 01:37:08 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\LolClient
[2014.04.22 19:29:54 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\MingGuan
[2014.04.23 13:40:11 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Origin
[2014.08.09 23:57:48 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\RenPy
[2014.04.23 15:18:45 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Riot Games
[2014.05.06 21:58:48 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\TS3Client
[2014.08.08 01:21:09 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Unity
[2014.07.07 16:34:26 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\uTorrent
========== Purity Check ==========
< End of report >
--- --- ---
Und hier die LOG-Dateien, welche ich durch Bearbeitung dieser Seite erhalten habe:
FRST-Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2014
Ran by Lukas at 2014-08-15 13:52:14
Running from C:\Users\Lukas\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.31515 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Age of Mythology - The Titans Expansion (HKLM-x32\...\Age of Mythology Expansion Pack 1.0) (Version: - )
Age of Mythology (HKLM-x32\...\Age of Mythology 1.0) (Version: - )
AMD Accelerated Video Transcoding (Version: 13.20.100.30911 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0911.2154.37488 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{00957033-C081-5235-665A-A014A6E2FF7B}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0911.2154.37488 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.80911.2216 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Avira (HKLM-x32\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4954 - CDBurnerXP)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dragon's Prophet (HKLM-x32\...\{C31556D7-F2B9-4787-B223-F7A035067E89}_is1) (Version: 2.1.1381.25 - Infernum Productions AG)
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version: - )
Free YouTube to MP3 Converter version 3.12.34.430 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Greenfoot (HKLM-x32\...\{8C838B70-3A71-41E8-91A6-4ADCF2E483D0}) (Version: 2.3.0 - Greenfoot Team)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 51 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
Java-Editor 12.3, 2013.10.21 (HKLM-x32\...\{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1) (Version: - Gerhard Röhner)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version: - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Minecraft1.7.9 (HKLM-x32\...\Minecraft1.7.9) (Version: - )
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
SHARKOON Skiller (HKLM-x32\...\{91C25547-9534-41A5-823A-1E54BA16EA3F}) (Version: 1.00.0000 - )
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WinRAR 5.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
03-08-2014 11:54:46 Windows Update
10-08-2014 17:44:08 Geplanter Prüfpunkt
15-08-2014 00:01:58 Windows Update
15-08-2014 08:57:27 Installed SpyHunter
15-08-2014 09:37:44 Removed SpyHunter
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {9DF9727B-952E-4709-82B7-CAEDB248D6BF} - System32\Tasks\{5FE73067-047C-4420-A966-C817E5A69536} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.9.0.115.259&LastError=404
Task: {A82C1E08-FE64-48D1-9817-E34F712EF68C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {D2C9982F-26A9-4626-B960-33F6E34E79EE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-09-11 21:57 - 2013-09-11 21:57 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-09-11 21:57 - 2013-09-11 21:57 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-04-22 19:29 - 2013-10-29 13:43 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2014-04-22 19:29 - 2012-12-11 11:14 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
2013-09-11 21:57 - 2013-09-11 21:57 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-08-15 11:40 - 2014-08-15 11:40 - 00040448 ____N () C:\Users\Lukas\AppData\Local\Temp\proxy_vole2223955713841825662.dll
2014-08-15 11:40 - 2014-08-15 11:40 - 00566439 _____ () C:\Users\Lukas\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2014-08-15 11:40 - 2014-08-15 11:40 - 04078962 _____ () C:\Users\Lukas\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-24 11:49 - 2014-07-24 11:49 - 00065104 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-04-23 04:20 - 2014-08-06 13:10 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-04-23 04:20 - 2014-08-06 13:10 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-04-23 04:20 - 2014-08-06 13:10 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-04-23 04:20 - 2014-08-06 13:10 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-04-23 04:20 - 2014-08-06 13:10 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-04-23 04:20 - 2014-08-06 13:10 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-04-23 04:20 - 2014-08-06 13:10 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-04-23 04:20 - 2014-08-06 13:10 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-04-22 19:29 - 2013-01-15 17:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2014-04-22 21:15 - 2014-07-24 11:50 - 00049744 _____ () C:\Users\Lukas\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-04-22 19:29 - 2013-11-05 16:31 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll
2014-07-23 01:34 - 2014-07-23 01:34 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-08 22:56 - 2014-07-08 22:56 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/15/2014 11:38:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/15/2014 11:37:35 AM) (Source: MsiInstaller) (EventID: 1024) (User: Lukas-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (08/15/2014 10:49:30 AM) (Source: MsiInstaller) (EventID: 1024) (User: Lukas-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (08/15/2014 10:48:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/14/2014 11:45:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xf00
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (08/14/2014 09:56:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Skype.exe, Version 6.16.0.105 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 984
Startzeit: 01cfb7f85583e14a
Endzeit: 7
Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
Berichts-ID: 0dfa6031-23ed-11e4-bf2a-74d4359988e1
Error: (08/14/2014 09:47:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/14/2014 09:46:23 PM) (Source: MsiInstaller) (EventID: 1024) (User: Lukas-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (08/14/2014 00:28:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/14/2014 00:28:43 PM) (Source: MsiInstaller) (EventID: 1024) (User: Lukas-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
System errors:
=============
Error: (08/15/2014 11:37:02 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UsbCharger
Error: (08/15/2014 10:48:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UsbCharger
Error: (08/14/2014 09:45:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UsbCharger
Error: (08/14/2014 00:27:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UsbCharger
Error: (08/13/2014 09:06:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UsbCharger
Error: (08/13/2014 05:20:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UsbCharger
Error: (08/13/2014 01:02:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UsbCharger
Error: (08/12/2014 08:01:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UsbCharger
Error: (08/12/2014 00:41:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UsbCharger
Error: (08/11/2014 09:29:02 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UsbCharger
Microsoft Office Sessions:
=========================
Error: (08/15/2014 11:38:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/15/2014 11:37:35 AM) (Source: MsiInstaller) (EventID: 1024) (User: Lukas-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
Error: (08/15/2014 10:49:30 AM) (Source: MsiInstaller) (EventID: 1024) (User: Lukas-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
Error: (08/15/2014 10:48:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/14/2014 11:45:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141bf0001cfb7f9cdf770d4C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll564d01a0-23fc-11e4-bf2a-74d4359988e1
Error: (08/14/2014 09:56:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe6.16.0.10598401cfb7f85583e14a7C:\Program Files (x86)\Skype\Phone\Skype.exe0dfa6031-23ed-11e4-bf2a-74d4359988e1
Error: (08/14/2014 09:47:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/14/2014 09:46:23 PM) (Source: MsiInstaller) (EventID: 1024) (User: Lukas-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
Error: (08/14/2014 00:28:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/14/2014 00:28:43 PM) (Source: MsiInstaller) (EventID: 1024) (User: Lukas-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
==================== Memory info ===========================
Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 34%
Total physical RAM: 8156.64 MB
Available physical RAM: 5350.27 MB
Total Pagefile: 16311.47 MB
Available Pagefile: 12803.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.17 GB) (Free:845.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F3FEE113)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
==================== End Of Log ============================
GMER
GMER Logfile: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-15 14:10:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000061 ST1000DM rev.CC49 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Lukas\AppData\Local\Temp\kgloapow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003601000 76 bytes [00, 00, 18, 00, 77, 73, 69, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff8000360104f 7 bytes [00, 80, 20, AA, 09, 80, FA]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f61465 2 bytes [F6, 75]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f614bb 2 bytes [F6, 75]
.text ... * 2
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\kernel32.dll!CreateFileW 0000000076c93f1c 5 bytes JMP 00000001625a9740
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\USER32.dll!SetWindowPos 0000000077298e4e 5 bytes JMP 00000001625a8eb0
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000772a0dfb 5 bytes JMP 00000001625a8e30
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\USER32.dll!SetFocus 00000000772a2175 5 bytes JMP 00000001625a8e80
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\USER32.dll!SetActiveWindow 00000000772a3208 5 bytes JMP 00000001625a8f00
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\USER32.dll!BringWindowToTop 00000000772a7b3b 5 bytes JMP 00000001625a8d80
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 00000000772bf170 5 bytes JMP 00000001625a8d50
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\USER32.dll!SwitchToThisWindow 00000000772d90fc 5 bytes JMP 00000001625a8db0
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\USER32.dll!ShowWindowAsync 00000000772f7d97 5 bytes JMP 00000001625a8de0
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\ole32.dll!DoDragDrop 000000007758a827 5 bytes JMP 00000001625a8d30
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f61465 2 bytes [F6, 75]
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f614bb 2 bytes [F6, 75]
.text ... * 2
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2512] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075f61465 2 bytes [F6, 75]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2512] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075f614bb 2 bytes [F6, 75]
.text ... * 2
---- Processes - GMER 2.1 ----
Library C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [1860] 0000000140000000
Library C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [1860] 0000000180000000
Library C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [1860] 000007fef5d50000
Library C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [1860] 000007fef0c10000
Library C:\Program Files\Enigma Software Group\SpyHunter\Common.dll (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [1860] 00000000001e0000
---- EOF - GMER 2.1 ----
--- --- ---
GMER2 [Ich weiß nicht, ob dies notwendig ist, allerdings habe ich beim ersten Suchlauf vergessen mein Anti-Virenprogramm zu deaktivieren.
GMER Logfile: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-15 14:17:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000061 ST1000DM rev.CC49 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Lukas\AppData\Local\Temp\kgloapow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003601000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594 fffff80003601042 4 bytes [00, 00, 00, 00]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f61465 2 bytes [F6, 75]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f614bb 2 bytes [F6, 75]
.text ... * 2
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\kernel32.dll!CreateFileW 0000000076c93f1c 5 bytes JMP 00000001625a9740
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\USER32.dll!SetWindowPos 0000000077298e4e 5 bytes JMP 00000001625a8eb0
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000772a0dfb 5 bytes JMP 00000001625a8e30
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\USER32.dll!SetFocus 00000000772a2175 5 bytes JMP 00000001625a8e80
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\USER32.dll!SetActiveWindow 00000000772a3208 5 bytes JMP 00000001625a8f00
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\USER32.dll!BringWindowToTop 00000000772a7b3b 5 bytes JMP 00000001625a8d80
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 00000000772bf170 5 bytes JMP 00000001625a8d50
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\USER32.dll!SwitchToThisWindow 00000000772d90fc 5 bytes JMP 00000001625a8db0
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\USER32.dll!ShowWindowAsync 00000000772f7d97 5 bytes JMP 00000001625a8de0
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\ole32.dll!DoDragDrop 000000007758a827 5 bytes JMP 00000001625a8d30
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f61465 2 bytes [F6, 75]
.text C:\Program Files (x86)\Origin\Origin.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f614bb 2 bytes [F6, 75]
.text ... * 2
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2512] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075f61465 2 bytes [F6, 75]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2512] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075f614bb 2 bytes [F6, 75]
.text ... * 2
---- Processes - GMER 2.1 ----
Library C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [1860] 0000000140000000
Library C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [1860] 0000000180000000
Library C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [1860] 000007fef5d50000
Library C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [1860] 000007fef0c10000
Library C:\Program Files\Enigma Software Group\SpyHunter\Common.dll (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [1860] 00000000001e0000
---- EOF - GMER 2.1 ----
--- --- --- |
So funktioniert es:
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
