Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   APPL/BrowseFox.gen (https://www.trojaner-board.de/158115-appl-browsefox-gen.html)

Aikigunnar 29.08.2014 22:08
APPL/BrowseFox.gen
 
APPL/BrowseFox.gen

Habe diese Malware bei mir gefunden - Avira schafft keine Beseitigung - mehrmalige Löschversuche (auch mit vorheriger Quaranäne) - ohne Erfolg.
Was kann ich tun?
Vielen Dank im Voraus

M-K-D-B 29.08.2014 22:16
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!






Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST.

Aikigunnar 01.09.2014 12:19
Hallo Matthias,

erst mal vielen Dank, dafür das Du Dich meinem Problem widmest.
Hier die angeforderten LogDateien - habe allerdings den Suchlauf von ADWCleaner zweimal durchgeführt, weil er mir beim ersten Mal einen blauen Bildschirm gezeigt hat - als Laie würde ich sagen, das jetzt wieder alles rein ist. Stimmst Du dem zu?AdwCleaner Logfile:
Code:
# AdwCleaner v2.304 - Datei am 10/07/2013 um 22:26:38 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Aikigunnar - GAMEMONSTER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Aikigunnar\Downloads\adwcleaner (1).exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Video downloader Updater
Gestoppt & Gelöscht : Yontoo Desktop Updater

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Windows\Tasks\AmiUpdXp.job
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\DVDvideoSoft_2.0
Ordner Gelöscht : C:\Program Files\DomaIQ Uninstaller
Ordner Gelöscht : C:\Program Files\Video Downloader
Ordner Gelöscht : C:\Users\Aikigunnar\AppData\LocalLow\DVDvideoSoft_2.0
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\SearchProtect

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDvideoSoft_2.0
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{17667902-A1A2-4DC4-8C42-CB1B60BF2202}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Schlüssel Gelöscht : HKLM\Software\DVDvideoSoft_2.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17667902-A1A2-4DC4-8C42-CB1B60BF2202}
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{17667902-A1A2-4DC4-8C42-CB1B60BF2202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A939776-814B-41D5-817F-7B274462594B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96FC45F7-DD83-4768-9867-A46BEA489732}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDvideoSoft_2.0 Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{04A8DD1A-4754-48FE-A703-99846646EF04}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{04A8DD1A-4754-48FE-A703-99846646EF04}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{04A8DD1A-4754-48FE-A703-99846646EF04}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{04A8DD1A-4754-48FE-A703-99846646EF04}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3279453&octid=CT3279453&SearchSource=61&CUI=UN11040021708045292&UM=2&UP=SP1CAF8F90-D16D-473E-B8CD-EF074B7CCA1C --> hxxp://www.google.com

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [9998 octets] - [10/07/2013 22:23:12]
AdwCleaner[S1].txt - [10005 octets] - [10/07/2013 22:26:38]

########## EOF - C:\AdwCleaner[S1].txt - [10066 octets] ##########
--- --- ---




------------------------------------------------------------------------------------------------------AdwCleaner Logfile:
Code:
# AdwCleaner v2.304 - Datei am 10/07/2013 um 22:23:12 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Aikigunnar - GAMEMONSTER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Aikigunnar\Downloads\adwcleaner (1).exe
# Option [Suche]


**** [Dienste] ****

Gefunden : Video downloader Updater
Gefunden : Yontoo Desktop Updater

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Windows\Tasks\AmiUpdXp.job
Ordner Gefunden : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gefunden : C:\Program Files (x86)\DVDvideoSoft_2.0
Ordner Gefunden : C:\Program Files\DomaIQ Uninstaller
Ordner Gefunden : C:\Program Files\Video Downloader
Ordner Gefunden : C:\Users\Aikigunnar\AppData\LocalLow\DVDvideoSoft_2.0
Ordner Gefunden : C:\Users\Gast\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Gast\AppData\Roaming\SearchProtect

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DVDvideoSoft_2.0
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{17667902-A1A2-4DC4-8C42-CB1B60BF2202}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\SearchProtect
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Schlüssel Gefunden : HKLM\Software\DVDvideoSoft_2.0
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{17667902-A1A2-4DC4-8C42-CB1B60BF2202}
Schlüssel Gefunden : HKLM\Software\SearchProtect
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{17667902-A1A2-4DC4-8C42-CB1B60BF2202}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A939776-814B-41D5-817F-7B274462594B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96FC45F7-DD83-4768-9867-A46BEA489732}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04A8DD1A-4754-48FE-A703-99846646EF04}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDvideoSoft_2.0 Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Tarma Installer
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{04A8DD1A-4754-48FE-A703-99846646EF04}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{04A8DD1A-4754-48FE-A703-99846646EF04}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{04A8DD1A-4754-48FE-A703-99846646EF04}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{04A8DD1A-4754-48FE-A703-99846646EF04}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3279453&octid=CT3279453&SearchSource=61&CUI=UN11040021708045292&UM=2&UP=SP1CAF8F90-D16D-473E-B8CD-EF074B7CCA1C

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [9885 octets] - [10/07/2013 22:23:12]

########## EOF - C:\AdwCleaner[R1].txt - [9945 octets] ##########
--- --- ---


------------------------------------------------------------------------------------------------------


Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 30.08.2014
Suchlauf-Zeit: 23:05:32
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.30.06
Rootkit Datenbank: v2014.08.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Aikigunnar

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 372492
Verstrichene Zeit: 18 Min, 47 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)



------------------------------------------------------------------------------------------------------



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Aikigunnar on 31.08.2014 at 2:51:37,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-258546526-3460438922-237754320-1000\Software\video downloader



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.08.2014 at 2:55:26,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





------------------------------------------------------------------------------------------------------


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by Aikigunnar at 2014-09-01 13:15:10
Running from C:\Users\Aikigunnar\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version: - )
AuthenTec TrueSuite (HKLM\...\{C76FAAED-E66D-488A-9E15-6082B527814A}) (Version: 5.2.0.642 - AuthenTec, Inc.)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
calibre 64bit (HKLM\...\{2737D16B-D96A-48B6-A6D9-BDD22333CD3D}) (Version: 1.37.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: - )
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
NVIDIA 3D Vision Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Grafiktreiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.4.0 - Synaptics Incorporated)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.10.1.1735 - 1&1 Mail & Media GmbH)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-258546526-3460438922-237754320-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-258546526-3460438922-237754320-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-258546526-3460438922-237754320-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-258546526-3460438922-237754320-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-258546526-3460438922-237754320-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {054851DE-DF23-46AC-8F63-EBB8CA6A7DC4} - \LyriXeeker-1-codedownloader No Task File <==== ATTENTION
Task: {08F8EEFB-CC58-41E3-93BA-1E1C6B0D6D75} - \LyriXeeker-1-chromeinstaller No Task File <==== ATTENTION
Task: {16C8D941-F0AA-43EF-A4AC-CCE5A5C47B86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {271E6C6B-4757-4575-B69E-5A38803D2820} - System32\Tasks\Games\UpdateCheck_S-1-5-21-258546526-3460438922-237754320-1000
Task: {50F51B5B-B16B-4D1E-A50B-B3C71DFC46A2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => D:\Programme\Spybot\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {5A5A83AA-92A1-4B3F-9EF1-ED0AE9A62E65} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => D:\Programme\Spybot\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {61347F49-2269-4646-8DCD-8CE810946810} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => D:\Programme\Spybot\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {655E9E0E-84FB-4A1C-B847-9860F231E7A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28] (Google Inc.)
Task: {8075AFD1-0D5B-4EC5-9A90-8040F5C560B5} - \LyriXeeker-1-enabler No Task File <==== ATTENTION
Task: {877A0FD7-A37D-49F1-891F-60F79A9E3789} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-258546526-3460438922-237754320-1000Core => C:\Users\Aikigunnar\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-07] (Facebook Inc.)
Task: {B6D3D0A5-0B83-4022-8D2D-54BFAEB6FAFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28] (Google Inc.)
Task: {CC0411AA-0BB9-447C-AA9E-CE5579086232} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {E77C11FA-284C-41C2-89AC-357171DE639C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-258546526-3460438922-237754320-1000UA => C:\Users\Aikigunnar\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-07] (Facebook Inc.)
Task: {F97C104D-4C11-4B3F-8856-DCEF45D17009} - \LyriXeeker-1-updater No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-258546526-3460438922-237754320-1000Core.job => C:\Users\Aikigunnar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-258546526-3460438922-237754320-1000UA.job => C:\Users\Aikigunnar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-28 21:15 - 2013-03-15 06:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-05-22 17:50 - 2012-05-22 17:50 - 00035328 _____ () C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
2011-11-03 04:09 - 2011-11-03 04:09 - 00087880 _____ () C:\Program Files\AuthenTec TrueSuite\ssutil.dll
2011-11-03 04:08 - 2011-11-03 04:08 - 00556360 _____ () C:\Program Files\AuthenTec TrueSuite\DataManager.dll
2013-03-28 22:15 - 2010-06-08 14:23 - 00236544 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2012-07-26 05:09 - 2012-07-26 05:09 - 04730880 _____ () C:\Program Files (x86)\Hotkey\Hotkey.exe
2013-07-08 21:04 - 2013-05-16 10:55 - 00113496 _____ () D:\Programme\Spybot\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-07-08 21:04 - 2013-05-16 10:55 - 00416600 _____ () D:\Programme\Spybot\Spybot - Search & Destroy 2\DEC150.bpl
2013-07-08 21:04 - 2013-05-16 10:55 - 00161112 _____ () D:\Programme\Spybot\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-07-08 21:04 - 2012-08-23 10:38 - 00574840 _____ () D:\Programme\Spybot\Spybot - Search & Destroy 2\sqlite3.dll
2013-07-08 21:04 - 2012-04-03 17:06 - 00565640 _____ () D:\Programme\Spybot\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2009-06-06 15:50 - 2009-06-06 15:50 - 00019968 _____ () C:\Program Files (x86)\Hotkey\Audiodll.dll
2013-03-28 22:15 - 2009-12-29 17:50 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2013-03-28 22:15 - 2010-06-08 14:22 - 00181760 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-08-14 22:32 - 2014-08-04 14:20 - 00052472 ____N () C:\Users\Aikigunnar\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-01 13:02 - 2014-09-01 13:02 - 00098816 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\win32api.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00110080 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\pywintypes27.dll
2014-09-01 13:02 - 2014-09-01 13:02 - 00364544 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\pythoncom27.dll
2014-09-01 13:02 - 2014-09-01 13:02 - 00045568 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\_socket.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 01160704 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\_ssl.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00320512 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\win32com.shell.shell.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00713216 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\_hashlib.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 01175040 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\wx._core_.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00805888 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\wx._gdi_.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00811008 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\wx._windows_.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 01062400 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\wx._controls_.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00735232 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\wx._misc_.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00128512 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\_elementtree.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00127488 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\pyexpat.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00557056 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\pysqlite2._sqlite.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00007168 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\hashobjs_ext.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00087552 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\_ctypes.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00119808 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\win32file.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00108544 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\win32security.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00018432 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\win32event.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00038912 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\win32inet.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00070656 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\wx._html2.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00167936 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\win32gui.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00011264 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\win32crypt.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00027136 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\_multiprocessing.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00686080 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\unicodedata.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00122368 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\wx._wizard.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00010240 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\select.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00024064 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\win32pipe.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00025600 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\win32pdh.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00525640 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\windows._lib_cacheinvalidation.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00035840 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\win32process.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00017408 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\win32profile.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00022528 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\win32ts.pyd
2014-09-01 13:02 - 2014-09-01 13:02 - 00078336 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI48802\wx._animate.pyd
2013-03-28 21:10 - 2012-05-10 09:03 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-10-28 19:57 - 2014-08-04 13:49 - 03800688 _____ () D:\Programme\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Malwarebytes Anti-Malware => D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
MSCONFIG\startupreg: SDTray => "D:\Programme\Spybot\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Spybot-S&D Cleaning => "D:\Programme\Spybot\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: THX Audio Control Panel => "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" /r

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/01/2014 01:01:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/01/2014 01:04:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (09/01/2014 01:04:06 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (09/01/2014 01:01:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 44%
Total physical RAM: 4056.3 MB
Available physical RAM: 2263.22 MB
Total Pagefile: 8110.78 MB
Available Pagefile: 5661.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.5 GB) (Free:9.32 GB) NTFS
Drive d: () (Fixed) (Total:117.19 GB) (Free:16.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9F3096AE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=117.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================






------------------------------------------------------------------------------------------------------



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Aikigunnar (administrator) on GAMEMONSTER on 01-09-2014 13:13:54
Running from C:\Users\Aikigunnar\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) D:\Programme\Spybot\Spybot - Search & Destroy 2\SDFSSvc.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Safer-Networking Ltd.) D:\Programme\Spybot\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) D:\Programme\Spybot\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Authentec) C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Microsoft Corporation) C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) D:\Programme\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\ipmgui.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) D:\Programme\firefox.exe
(Safer-Networking Ltd.) D:\Programme\Spybot\Spybot - Search & Destroy 2\SDScan.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-21] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2905912 2012-06-28] (Synaptics Incorporated)
HKLM\...\Run: [KeepSafe] => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe [38728 2011-10-21] (Authentec)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [avgnt] => D:\Programme\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => D:\Programme\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-258546526-3460438922-237754320-1000\...\Run: [Facebook Update] => C:\Users\Aikigunnar\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-07] (Facebook Inc.)
HKU\S-1-5-21-258546526-3460438922-237754320-1000\...\Run: [SkyDrive] => C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-08-08] (Microsoft Corporation)
HKU\S-1-5-21-258546526-3460438922-237754320-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-258546526-3460438922-237754320-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6185240 2013-06-19] (Piriform Ltd)
HKU\S-1-5-21-258546526-3460438922-237754320-1000\...\Run: [ADrive] => "D:\Daten\Adrivesinc\Desktop\ADrive.exe"
HKU\S-1-5-21-258546526-3460438922-237754320-1000\...\RunOnce: [Uninstall C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
HKU\S-1-5-21-258546526-3460438922-237754320-1000\...\RunOnce: [Uninstall C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
HKU\S-1-5-21-258546526-3460438922-237754320-1000\...\MountPoints2: {25a11c2e-e7d2-11e2-bdab-d7fb8c8cd97c} - G:\setup\rsrc\Autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
ShellIconOverlayIdentifiers: UEAFOverlay -> {BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll (Authentec)
ShellIconOverlayIdentifiers: UEAFOverlayOpen -> {93BB455E-3D52-4fba-9733-E5103B30FC12} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll (Authentec)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Programme\bin\ssv.dll (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Programme\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> D:\Programme\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Aikigunnar\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\searchplugins\webde-suche.xml
FF Extension: Avira Browser Safety - C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\Extensions\abs@avira.com [2014-08-28]
FF Extension: Fasterfox Lite - C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\Extensions\FasterFox_Lite@BigRedBrent [2013-10-28]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\Extensions\ich@maltegoetz.de [2013-12-24]
FF Extension: WEB.DE MailCheck - C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\Extensions\toolbar@web.de [2014-07-10]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-10-28]
FF Extension: NoScript - C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-28]
FF Extension: Adblock Plus - C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-28]
FF Extension: Adblock Edge - C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-10-28]
FF StartMenuInternet: FIREFOX.EXE - D:\Programme\firefox.exe

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-08-25]
CHR Extension: (chessmail ~ Schach) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkgfhmdidjkcoflclddnmgacgeaahkk [2014-08-25]
CHR Extension: (Google Drive) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-26]
CHR Extension: (Weather (extension)) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc [2014-08-25]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-25]
CHR Extension: (Send to Kindle for Google Chrome™) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2014-08-25]
CHR Extension: (Search All) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk [2014-08-25]
CHR Extension: (Website Logon) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\eioaimhbaiomogmbefipmnbpjmefhhoc [2014-08-16]
CHR Extension: (Web Lab) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgacgeibpdjllcjckbmgecpahipdjabe [2014-08-25]
CHR Extension: (Avira Browser Safety) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-16]
CHR Extension: (AdBlock) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-25]
CHR Extension: (Anatomy Skills - Bones) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hceicicieekfooimifknlpmgdokmdajn [2014-08-25]
CHR Extension: (Gestures for Google Chrome™) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk [2014-08-25]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2014-08-25]
CHR Extension: (Google Maps) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-08-25]
CHR Extension: (Google Wallet) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Blue Space Sunset Chrome Theme) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndfdjfoclbidmgpmbelcieibgjjfdog [2014-08-25]
CHR Extension: (No Name) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf [2014-08-16]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\AIKIGU~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-25]
CHR HKLM-x32\...\Chrome\Extension: [eioaimhbaiomogmbefipmnbpjmefhhoc] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx [2011-09-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; D:\Programme\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Programme\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; D:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-03-28] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-03-28] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [294912 2010-12-28] (Creative Technology Ltd) [File not signed]
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [299848 2011-11-03] (AuthenTec, Inc)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-15] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35328 2012-05-22] () [File not signed]
R2 SDScannerService; D:\Programme\Spybot\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; D:\Programme\Spybot\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; D:\Programme\Spybot\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-12] (Avira Operations GmbH & Co. KG)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 13:13 - 2014-09-01 13:13 - 00000000 ____D () C:\Users\Aikigunnar\Desktop\FRST-OlderVersion
2014-08-31 02:55 - 2014-08-31 02:55 - 00000827 _____ () C:\Users\Aikigunnar\Desktop\JRT.txt
2014-08-31 02:42 - 2014-08-31 02:42 - 00001164 _____ () C:\Users\Aikigunnar\Desktop\mbam.txt
2014-08-30 00:41 - 2014-08-30 23:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-30 00:41 - 2014-08-30 23:04 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-30 00:41 - 2014-08-30 23:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-30 00:41 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-30 00:41 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-30 00:41 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-30 00:37 - 2014-08-30 00:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aikigunnar\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-30 00:37 - 2014-08-30 00:36 - 01364531 _____ () C:\Users\Aikigunnar\Desktop\adwcleaner_3.308.exe
2014-08-30 00:37 - 2014-08-30 00:36 - 01016261 _____ (Thisisu) C:\Users\Aikigunnar\Desktop\JRT.exe
2014-08-30 00:34 - 2014-08-30 00:34 - 00002229 _____ () C:\Users\Aikigunnar\Downloads\Neues Textdokument.txt
2014-08-29 22:56 - 2014-08-29 22:56 - 00021570 _____ () C:\Users\Aikigunnar\Desktop\Gmer.txt
2014-08-29 22:37 - 2014-09-01 13:14 - 00022240 _____ () C:\Users\Aikigunnar\Desktop\FRST.txt
2014-08-29 22:36 - 2014-09-01 13:13 - 02104832 _____ (Farbar) C:\Users\Aikigunnar\Desktop\FRST64.exe
2014-08-29 22:36 - 2014-08-29 22:36 - 00000604 _____ () C:\Users\Aikigunnar\Desktop\defogger_disable.log
2014-08-29 22:36 - 2014-08-29 22:36 - 00000148 _____ () C:\Users\Aikigunnar\defogger_reenable
2014-08-29 22:35 - 2014-08-29 22:35 - 00050477 _____ () C:\Users\Aikigunnar\Desktop\Defogger.exe
2014-08-29 22:33 - 2014-08-29 22:33 - 00380416 _____ () C:\Users\Aikigunnar\Desktop\ymsriggm.exe
2014-08-29 00:33 - 2014-08-29 00:33 - 770117621 _____ () C:\Users\Aikigunnar\Downloads\Tekken 6.7z
2014-08-29 00:08 - 2014-08-30 00:57 - 00000000 ____D () C:\Program Files (x86)\ClearThink
2014-08-27 20:13 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:13 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 20:13 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 02:15 - 2014-08-25 23:10 - 00000000 ____D () C:\Users\Aikigunnar\Desktop\Neuer Ordner
2014-08-25 01:23 - 2014-08-25 01:23 - 00000000 ____D () C:\Users\Aikigunnar\Documents\1.Seminar
2014-08-24 13:46 - 2014-08-24 13:46 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-24 13:46 - 2014-08-24 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-24 13:46 - 2014-08-24 13:46 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-15 03:02 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 03:02 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 03:02 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 03:02 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 03:02 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 03:02 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 03:01 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 03:01 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 23:05 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 23:05 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 23:04 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 23:04 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 23:04 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 23:04 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 23:04 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 23:04 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 23:04 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 23:04 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 23:04 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 23:04 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 23:04 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 23:04 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 23:04 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 23:04 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 23:04 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 23:04 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 23:04 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 23:04 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 23:04 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 23:04 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 23:03 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 23:03 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 23:03 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 23:03 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 23:03 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 23:03 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 23:03 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 23:03 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 23:03 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 23:03 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 23:03 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 23:03 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 23:03 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 23:03 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 23:03 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 23:03 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 23:03 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 23:03 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 23:03 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 23:03 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 23:03 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 23:03 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 23:03 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 23:03 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 23:03 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 23:03 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 23:03 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 23:03 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 23:03 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 23:03 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 23:03 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 23:03 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 23:03 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 23:03 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 23:03 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 23:03 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 23:03 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 23:03 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 23:03 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 23:03 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 23:03 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 23:03 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 23:03 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 23:03 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 23:03 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 23:03 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 23:03 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 23:03 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 23:03 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 23:03 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 23:03 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 23:03 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 23:03 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 23:03 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 23:03 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 23:03 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 23:03 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 23:03 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 23:00 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 23:00 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 23:00 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 23:00 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 22:32 - 2014-08-24 13:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-14 22:22 - 2014-08-18 00:54 - 00000299 _____ () C:\Users\Aikigunnar\.JavaPowUpload.properties
2014-08-14 22:14 - 2014-08-14 22:14 - 00000000 ____D () C:\Users\Aikigunnar\AppData\Roaming\ADrive
2014-08-14 22:13 - 2014-08-14 22:13 - 00000000 ____D () C:\Users\Aikigunnar\AppData\Local\ADrive
2014-08-09 20:08 - 2014-09-01 13:05 - 01013812 _____ () C:\Windows\WindowsUpdate.log
2014-08-08 20:04 - 2014-08-08 20:04 - 00002212 _____ () C:\Users\Aikigunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-08-06 22:04 - 2014-08-06 22:04 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-06 22:04 - 2014-08-06 22:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-06 22:04 - 2014-08-06 22:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-06 22:04 - 2014-08-06 22:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-06 22:04 - 2014-08-06 22:04 - 00000000 ____D () C:\Program Files (x86)\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 13:14 - 2014-08-29 22:37 - 00022240 _____ () C:\Users\Aikigunnar\Desktop\FRST.txt
2014-09-01 13:13 - 2014-09-01 13:13 - 00000000 ____D () C:\Users\Aikigunnar\Desktop\FRST-OlderVersion
2014-09-01 13:13 - 2014-08-29 22:36 - 02104832 _____ (Farbar) C:\Users\Aikigunnar\Desktop\FRST64.exe
2014-09-01 13:13 - 2013-07-10 22:35 - 00000000 ____D () C:\FRST
2014-09-01 13:11 - 2013-05-28 21:37 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2B920A6E-2182-47B6-8744-629079671822}
2014-09-01 13:10 - 2009-07-14 06:45 - 00032304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 13:10 - 2009-07-14 06:45 - 00032304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-01 13:05 - 2014-08-09 20:08 - 01013812 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 13:01 - 2013-03-28 23:58 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-01 13:01 - 2013-03-28 21:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-01 13:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-31 03:01 - 2013-07-08 02:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-31 02:56 - 2013-03-28 23:58 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-31 02:55 - 2014-08-31 02:55 - 00000827 _____ () C:\Users\Aikigunnar\Desktop\JRT.txt
2014-08-31 02:42 - 2014-08-31 02:42 - 00001164 _____ () C:\Users\Aikigunnar\Desktop\mbam.txt
2014-08-31 02:36 - 2013-10-07 23:31 - 00000948 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-258546526-3460438922-237754320-1000UA.job
2014-08-30 23:36 - 2013-10-07 23:31 - 00000926 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-258546526-3460438922-237754320-1000Core.job
2014-08-30 23:04 - 2014-08-30 00:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-30 23:04 - 2014-08-30 00:41 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-30 23:04 - 2014-08-30 00:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-30 22:58 - 2014-05-18 21:21 - 00000000 ____D () C:\AdwCleaner
2014-08-30 22:35 - 2014-02-19 21:06 - 00000000 ____D () C:\Windows\Minidump
2014-08-30 00:57 - 2014-08-29 00:08 - 00000000 ____D () C:\Program Files (x86)\ClearThink
2014-08-30 00:44 - 2013-04-03 18:58 - 00000000 ____D () C:\Users\Aikigunnar\AppData\Local\CRE
2014-08-30 00:41 - 2013-07-10 23:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-30 00:36 - 2014-08-30 00:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aikigunnar\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-30 00:36 - 2014-08-30 00:37 - 01364531 _____ () C:\Users\Aikigunnar\Desktop\adwcleaner_3.308.exe
2014-08-30 00:36 - 2014-08-30 00:37 - 01016261 _____ (Thisisu) C:\Users\Aikigunnar\Desktop\JRT.exe
2014-08-30 00:34 - 2014-08-30 00:34 - 00002229 _____ () C:\Users\Aikigunnar\Downloads\Neues Textdokument.txt
2014-08-29 22:56 - 2014-08-29 22:56 - 00021570 _____ () C:\Users\Aikigunnar\Desktop\Gmer.txt
2014-08-29 22:36 - 2014-08-29 22:36 - 00000604 _____ () C:\Users\Aikigunnar\Desktop\defogger_disable.log
2014-08-29 22:36 - 2014-08-29 22:36 - 00000148 _____ () C:\Users\Aikigunnar\defogger_reenable
2014-08-29 22:36 - 2013-03-28 20:57 - 00000000 ____D () C:\Users\Aikigunnar
2014-08-29 22:35 - 2014-08-29 22:35 - 00050477 _____ () C:\Users\Aikigunnar\Desktop\Defogger.exe
2014-08-29 22:33 - 2014-08-29 22:33 - 00380416 _____ () C:\Users\Aikigunnar\Desktop\ymsriggm.exe
2014-08-29 22:24 - 2013-04-03 17:46 - 00000000 ____D () C:\Users\Aikigunnar\AppData\Roaming\Winamp
2014-08-29 22:20 - 2009-07-14 04:34 - 00000821 _____ () C:\Windows\win.ini
2014-08-29 22:15 - 2009-07-14 06:45 - 00294640 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 00:33 - 2014-08-29 00:33 - 770117621 _____ () C:\Users\Aikigunnar\Downloads\Tekken 6.7z
2014-08-25 23:10 - 2014-08-25 02:15 - 00000000 ____D () C:\Users\Aikigunnar\Desktop\Neuer Ordner
2014-08-25 01:23 - 2014-08-25 01:23 - 00000000 ____D () C:\Users\Aikigunnar\Documents\1.Seminar
2014-08-24 13:47 - 2014-08-14 22:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-24 13:46 - 2014-08-24 13:46 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-24 13:46 - 2014-08-24 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-24 13:46 - 2014-08-24 13:46 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-23 04:07 - 2014-08-27 20:13 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-27 20:13 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-27 20:13 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-18 21:42 - 2013-03-29 12:31 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-08-18 21:42 - 2013-03-29 12:31 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-08-18 21:42 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-18 00:54 - 2014-08-14 22:22 - 00000299 _____ () C:\Users\Aikigunnar\.JavaPowUpload.properties
2014-08-16 03:57 - 2014-05-25 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-15 04:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-15 03:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 03:21 - 2013-07-13 16:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 03:12 - 2013-04-01 14:02 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 03:01 - 2014-05-01 21:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 22:32 - 2013-03-28 21:53 - 00000000 ____D () C:\ProgramData\Avira
2014-08-14 22:14 - 2014-08-14 22:14 - 00000000 ____D () C:\Users\Aikigunnar\AppData\Roaming\ADrive
2014-08-14 22:13 - 2014-08-14 22:13 - 00000000 ____D () C:\Users\Aikigunnar\AppData\Local\ADrive
2014-08-08 20:04 - 2014-08-08 20:04 - 00002212 _____ () C:\Users\Aikigunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-08-07 04:06 - 2014-08-14 23:00 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-14 23:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 22:05 - 2014-07-08 20:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 22:04 - 2014-08-06 22:04 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-06 22:04 - 2014-08-06 22:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-06 22:04 - 2014-08-06 22:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-06 22:04 - 2014-08-06 22:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-06 22:04 - 2014-08-06 22:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-06 21:58 - 2014-05-29 23:40 - 00001017 _____ () C:\Users\Aikigunnar\Desktop\Skripten.lnk
2014-08-05 09:20 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-02 23:42 - 2014-03-10 18:54 - 00000000 ____D () C:\Users\Aikigunnar\Desktop\Bilder von Handy

Some content of TEMP:
====================
C:\Users\Aikigunnar\AppData\Local\Temp\avgnt.exe
C:\Users\Gast\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-08 22:04

==================== End Of Log ============================
--- --- ---






------------------------------------------------------------------------------------------------------





So weit - so gut - was würdest Du sagen?


Ist der Schleppi jetzt wieder rein?

M-K-D-B 01.09.2014 12:39
Zitat:
Zitat von Aikigunnar (Beitrag 1352517)
So weit - so gut - was würdest Du sagen?
Du hast eine veraltete Version (2.304) von AdwCleaner ausgeführt, was ich ehrlich gesagt nicht verstehen kann, da unsere Links immer zu den aktuellsten Versionen zeigen... bei AdwCleaner ist momentan die Version 3.308 aktuell...

Daher muss ich annehmen, dass du AdwCleaner von "irgendwo" heruntergeladen hast... auf jeden Fall nicht von dem Ort, von dem ich geschrieben habe...

Ich verstehe auch nicht, was an der Anleitung schwierig sein soll...


Daher bitte jetzt AdwCleaner nochmal in der aktuellsten Version ausführen und dann nochmal FRST ausführen:



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.

Aikigunnar 01.09.2014 13:21
ich bin in der Anleitung Deinem Link gefolgt

werde jetzt die Schritte nochmals ausführen

AdwCleaner Logfile:
Code:
# AdwCleaner v3.308 - Bericht erstellt am 01/09/2014 um 14:07:53
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Aikigunnar - GAMEMONSTER
# Gestartet von : C:\Users\Aikigunnar\Downloads\adwcleaner_3.308.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\foxydeal.sqlite

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\prefs.js ]


[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\koqs1e3o.default\prefs.js ]


-\\ Google Chrome v36.0.1985.143

[ Datei : C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [14894 octets] - [18/05/2014 21:22:12]
AdwCleaner[R1].txt - [6812 octets] - [30/08/2014 00:39:34]
AdwCleaner[R2].txt - [1549 octets] - [30/08/2014 22:57:10]
AdwCleaner[R3].txt - [1654 octets] - [01/09/2014 14:06:24]
AdwCleaner[S0].txt - [12493 octets] - [18/05/2014 21:23:38]
AdwCleaner[S1].txt - [6717 octets] - [30/08/2014 00:44:11]
AdwCleaner[S2].txt - [1610 octets] - [30/08/2014 22:58:04]
AdwCleaner[S3].txt - [1575 octets] - [01/09/2014 14:07:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1635 octets] ##########
--- --- ---



------------------------------------------------------------------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by Aikigunnar at 2014-09-01 14:19:37
Running from C:\Users\Aikigunnar\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version: - )
AuthenTec TrueSuite (HKLM\...\{C76FAAED-E66D-488A-9E15-6082B527814A}) (Version: 5.2.0.642 - AuthenTec, Inc.)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
calibre 64bit (HKLM\...\{2737D16B-D96A-48B6-A6D9-BDD22333CD3D}) (Version: 1.37.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: - )
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
NVIDIA 3D Vision Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Grafiktreiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.4.0 - Synaptics Incorporated)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.10.1.1735 - 1&1 Mail & Media GmbH)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-258546526-3460438922-237754320-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-258546526-3460438922-237754320-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-258546526-3460438922-237754320-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-258546526-3460438922-237754320-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-258546526-3460438922-237754320-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

01-09-2014 11:51:41 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {054851DE-DF23-46AC-8F63-EBB8CA6A7DC4} - \LyriXeeker-1-codedownloader No Task File <==== ATTENTION
Task: {08F8EEFB-CC58-41E3-93BA-1E1C6B0D6D75} - \LyriXeeker-1-chromeinstaller No Task File <==== ATTENTION
Task: {16C8D941-F0AA-43EF-A4AC-CCE5A5C47B86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {50F51B5B-B16B-4D1E-A50B-B3C71DFC46A2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => D:\Programme\Spybot\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {5A5A83AA-92A1-4B3F-9EF1-ED0AE9A62E65} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => D:\Programme\Spybot\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {61347F49-2269-4646-8DCD-8CE810946810} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => D:\Programme\Spybot\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {655E9E0E-84FB-4A1C-B847-9860F231E7A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28] (Google Inc.)
Task: {8075AFD1-0D5B-4EC5-9A90-8040F5C560B5} - \LyriXeeker-1-enabler No Task File <==== ATTENTION
Task: {877A0FD7-A37D-49F1-891F-60F79A9E3789} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-258546526-3460438922-237754320-1000Core => C:\Users\Aikigunnar\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-07] (Facebook Inc.)
Task: {B6D3D0A5-0B83-4022-8D2D-54BFAEB6FAFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28] (Google Inc.)
Task: {CC0411AA-0BB9-447C-AA9E-CE5579086232} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {E77C11FA-284C-41C2-89AC-357171DE639C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-258546526-3460438922-237754320-1000UA => C:\Users\Aikigunnar\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-07] (Facebook Inc.)
Task: {F97C104D-4C11-4B3F-8856-DCEF45D17009} - \LyriXeeker-1-updater No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-258546526-3460438922-237754320-1000Core.job => C:\Users\Aikigunnar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-258546526-3460438922-237754320-1000UA.job => C:\Users\Aikigunnar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-28 21:15 - 2013-03-15 06:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-05-22 17:50 - 2012-05-22 17:50 - 00035328 _____ () C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
2011-11-03 04:09 - 2011-11-03 04:09 - 00087880 _____ () C:\Program Files\AuthenTec TrueSuite\ssutil.dll
2011-11-03 04:08 - 2011-11-03 04:08 - 00556360 _____ () C:\Program Files\AuthenTec TrueSuite\DataManager.dll
2013-03-28 22:15 - 2010-06-08 14:23 - 00236544 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2012-07-26 05:09 - 2012-07-26 05:09 - 04730880 _____ () C:\Program Files (x86)\Hotkey\Hotkey.exe
2013-07-08 21:04 - 2013-05-16 10:55 - 00113496 _____ () D:\Programme\Spybot\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-07-08 21:04 - 2013-05-16 10:55 - 00416600 _____ () D:\Programme\Spybot\Spybot - Search & Destroy 2\DEC150.bpl
2013-07-08 21:04 - 2013-05-16 10:55 - 00161112 _____ () D:\Programme\Spybot\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-07-08 21:04 - 2012-08-23 10:38 - 00574840 _____ () D:\Programme\Spybot\Spybot - Search & Destroy 2\sqlite3.dll
2013-07-08 21:04 - 2012-04-03 17:06 - 00565640 _____ () D:\Programme\Spybot\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2013-03-28 22:15 - 2009-12-29 17:50 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2013-03-28 22:15 - 2010-06-08 14:22 - 00181760 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2009-06-06 15:50 - 2009-06-06 15:50 - 00019968 _____ () C:\Program Files (x86)\Hotkey\Audiodll.dll
2014-08-14 22:32 - 2014-08-04 14:20 - 00052472 ____N () C:\Users\Aikigunnar\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-01 14:12 - 2014-09-01 14:12 - 00098816 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\win32api.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00110080 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\pywintypes27.dll
2014-09-01 14:12 - 2014-09-01 14:12 - 00364544 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\pythoncom27.dll
2014-09-01 14:12 - 2014-09-01 14:12 - 00045568 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\_socket.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 01160704 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\_ssl.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00320512 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\win32com.shell.shell.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00713216 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\_hashlib.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 01175040 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\wx._core_.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00805888 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\wx._gdi_.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00811008 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\wx._windows_.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 01062400 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\wx._controls_.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00735232 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\wx._misc_.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00128512 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\_elementtree.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00127488 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\pyexpat.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00557056 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\pysqlite2._sqlite.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00007168 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\hashobjs_ext.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00087552 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\_ctypes.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00119808 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\win32file.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00108544 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\win32security.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00018432 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\win32event.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00038912 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\win32inet.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00070656 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\wx._html2.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00167936 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\win32gui.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00011264 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\win32crypt.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00027136 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\_multiprocessing.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00686080 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\unicodedata.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00122368 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\wx._wizard.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00010240 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\select.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00024064 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\win32pipe.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00025600 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\win32pdh.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00525640 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\windows._lib_cacheinvalidation.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00035840 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\win32process.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00017408 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\win32profile.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00022528 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\win32ts.pyd
2014-09-01 14:12 - 2014-09-01 14:12 - 00078336 _____ () C:\Users\Aikigunnar\AppData\Local\Temp\_MEI47522\wx._animate.pyd
2013-03-28 21:10 - 2012-05-10 09:03 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-10-28 19:57 - 2014-08-04 13:49 - 03800688 _____ () D:\Programme\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Malwarebytes Anti-Malware => D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
MSCONFIG\startupreg: SDTray => "D:\Programme\Spybot\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Spybot-S&D Cleaning => "D:\Programme\Spybot\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: THX Audio Control Panel => "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" /r

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/01/2014 02:12:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2014 01:01:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/01/2014 02:14:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (09/01/2014 02:14:24 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (09/01/2014 01:04:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (09/01/2014 01:04:06 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (09/01/2014 02:12:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2014 01:01:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 56%
Total physical RAM: 4056.3 MB
Available physical RAM: 1748.32 MB
Total Pagefile: 8110.78 MB
Available Pagefile: 5549.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.5 GB) (Free:9.02 GB) NTFS
Drive d: () (Fixed) (Total:117.19 GB) (Free:16.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9F3096AE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=117.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================





------------------------------------------------------------------------------------------------------



FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Aikigunnar (administrator) on GAMEMONSTER on 01-09-2014 14:18:35
Running from C:\Users\Aikigunnar\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avshadow.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) D:\Programme\Spybot\Spybot - Search & Destroy 2\SDFSSvc.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Safer-Networking Ltd.) D:\Programme\Spybot\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) D:\Programme\Spybot\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Authentec) C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Microsoft Corporation) C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) D:\Programme\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) D:\Programme\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-21] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2905912 2012-06-28] (Synaptics Incorporated)
HKLM\...\Run: [KeepSafe] => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe [38728 2011-10-21] (Authentec)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [avgnt] => D:\Programme\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => D:\Programme\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-258546526-3460438922-237754320-1000\...\Run: [Facebook Update] => C:\Users\Aikigunnar\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-07] (Facebook Inc.)
HKU\S-1-5-21-258546526-3460438922-237754320-1000\...\Run: [SkyDrive] => C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-08-08] (Microsoft Corporation)
HKU\S-1-5-21-258546526-3460438922-237754320-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-258546526-3460438922-237754320-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6185240 2013-06-19] (Piriform Ltd)
HKU\S-1-5-21-258546526-3460438922-237754320-1000\...\Run: [ADrive] => "D:\Daten\Adrivesinc\Desktop\ADrive.exe"
HKU\S-1-5-21-258546526-3460438922-237754320-1000\...\RunOnce: [Uninstall C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
HKU\S-1-5-21-258546526-3460438922-237754320-1000\...\RunOnce: [Uninstall C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aikigunnar\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
HKU\S-1-5-21-258546526-3460438922-237754320-1000\...\MountPoints2: {25a11c2e-e7d2-11e2-bdab-d7fb8c8cd97c} - G:\setup\rsrc\Autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
ShellIconOverlayIdentifiers: UEAFOverlay -> {BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll (Authentec)
ShellIconOverlayIdentifiers: UEAFOverlayOpen -> {93BB455E-3D52-4fba-9733-E5103B30FC12} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll (Authentec)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Programme\bin\ssv.dll (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Programme\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> D:\Programme\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Aikigunnar\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\searchplugins\webde-suche.xml
FF Extension: Avira Browser Safety - C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\Extensions\abs@avira.com [2014-08-28]
FF Extension: Fasterfox Lite - C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\Extensions\FasterFox_Lite@BigRedBrent [2013-10-28]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\Extensions\ich@maltegoetz.de [2013-12-24]
FF Extension: WEB.DE MailCheck - C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\Extensions\toolbar@web.de [2014-07-10]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-10-28]
FF Extension: NoScript - C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-28]
FF Extension: Adblock Plus - C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-28]
FF Extension: Adblock Edge - C:\Users\Aikigunnar\AppData\Roaming\Mozilla\Firefox\Profiles\z4wcymtc.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-10-28]
FF StartMenuInternet: FIREFOX.EXE - D:\Programme\firefox.exe

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-08-25]
CHR Extension: (chessmail ~ Schach) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkgfhmdidjkcoflclddnmgacgeaahkk [2014-08-25]
CHR Extension: (Google Drive) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-26]
CHR Extension: (Weather (extension)) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc [2014-08-25]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-25]
CHR Extension: (Send to Kindle for Google Chrome™) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2014-08-25]
CHR Extension: (Search All) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk [2014-08-25]
CHR Extension: (Website Logon) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\eioaimhbaiomogmbefipmnbpjmefhhoc [2014-08-16]
CHR Extension: (Web Lab) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgacgeibpdjllcjckbmgecpahipdjabe [2014-08-25]
CHR Extension: (Avira Browser Safety) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-16]
CHR Extension: (AdBlock) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-25]
CHR Extension: (Anatomy Skills - Bones) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hceicicieekfooimifknlpmgdokmdajn [2014-08-25]
CHR Extension: (Gestures for Google Chrome™) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk [2014-08-25]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2014-08-25]
CHR Extension: (Google Maps) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-08-25]
CHR Extension: (Google Wallet) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Blue Space Sunset Chrome Theme) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndfdjfoclbidmgpmbelcieibgjjfdog [2014-08-25]
CHR Extension: (No Name) - C:\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf [2014-08-16]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\AIKIGU~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-25]
CHR HKLM-x32\...\Chrome\Extension: [eioaimhbaiomogmbefipmnbpjmefhhoc] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx [2011-09-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; D:\Programme\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Programme\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; D:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-03-28] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-03-28] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [294912 2010-12-28] (Creative Technology Ltd) [File not signed]
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [299848 2011-11-03] (AuthenTec, Inc)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-15] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35328 2012-05-22] () [File not signed]
R2 SDScannerService; D:\Programme\Spybot\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; D:\Programme\Spybot\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; D:\Programme\Spybot\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-12] (Avira Operations GmbH & Co. KG)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 14:05 - 2014-09-01 14:05 - 01364531 _____ () C:\Users\Aikigunnar\Downloads\adwcleaner_3.308.exe
2014-09-01 13:15 - 2014-09-01 13:15 - 00022102 _____ () C:\Users\Aikigunnar\Desktop\Addition.txt
2014-09-01 13:13 - 2014-09-01 13:13 - 00000000 ____D () C:\Users\Aikigunnar\Desktop\FRST-OlderVersion
2014-08-31 02:55 - 2014-08-31 02:55 - 00000827 _____ () C:\Users\Aikigunnar\Desktop\JRT.txt
2014-08-31 02:42 - 2014-08-31 02:42 - 00001164 _____ () C:\Users\Aikigunnar\Desktop\mbam.txt
2014-08-30 00:41 - 2014-08-30 23:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-30 00:41 - 2014-08-30 23:04 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-30 00:41 - 2014-08-30 23:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-30 00:41 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-30 00:41 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-30 00:41 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-30 00:37 - 2014-08-30 00:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aikigunnar\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-30 00:37 - 2014-08-30 00:36 - 01364531 _____ () C:\Users\Aikigunnar\Desktop\adwcleaner_3.308.exe
2014-08-30 00:37 - 2014-08-30 00:36 - 01016261 _____ (Thisisu) C:\Users\Aikigunnar\Desktop\JRT.exe
2014-08-30 00:34 - 2014-08-30 00:34 - 00002229 _____ () C:\Users\Aikigunnar\Downloads\Neues Textdokument.txt
2014-08-29 22:56 - 2014-08-29 22:56 - 00021570 _____ () C:\Users\Aikigunnar\Desktop\Gmer.txt
2014-08-29 22:37 - 2014-09-01 14:19 - 00022190 _____ () C:\Users\Aikigunnar\Desktop\FRST.txt
2014-08-29 22:36 - 2014-09-01 13:13 - 02104832 _____ (Farbar) C:\Users\Aikigunnar\Desktop\FRST64.exe
2014-08-29 22:36 - 2014-08-29 22:36 - 00000604 _____ () C:\Users\Aikigunnar\Desktop\defogger_disable.log
2014-08-29 22:36 - 2014-08-29 22:36 - 00000148 _____ () C:\Users\Aikigunnar\defogger_reenable
2014-08-29 22:35 - 2014-08-29 22:35 - 00050477 _____ () C:\Users\Aikigunnar\Desktop\Defogger.exe
2014-08-29 22:33 - 2014-08-29 22:33 - 00380416 _____ () C:\Users\Aikigunnar\Desktop\ymsriggm.exe
2014-08-29 00:33 - 2014-08-29 00:33 - 770117621 _____ () C:\Users\Aikigunnar\Downloads\Tekken 6.7z
2014-08-29 00:08 - 2014-08-30 00:57 - 00000000 ____D () C:\Program Files (x86)\ClearThink
2014-08-27 20:13 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:13 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 20:13 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 02:15 - 2014-08-25 23:10 - 00000000 ____D () C:\Users\Aikigunnar\Desktop\Neuer Ordner
2014-08-25 01:23 - 2014-08-25 01:23 - 00000000 ____D () C:\Users\Aikigunnar\Documents\1.Seminar
2014-08-24 13:46 - 2014-08-24 13:46 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-24 13:46 - 2014-08-24 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-24 13:46 - 2014-08-24 13:46 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-15 03:02 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 03:02 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 03:02 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 03:02 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 03:02 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 03:02 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 03:01 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 03:01 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 23:05 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 23:05 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 23:04 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 23:04 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 23:04 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 23:04 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 23:04 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 23:04 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 23:04 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 23:04 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 23:04 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 23:04 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 23:04 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 23:04 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 23:04 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 23:04 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 23:04 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 23:04 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 23:04 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 23:04 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 23:04 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 23:04 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 23:03 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 23:03 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 23:03 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 23:03 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 23:03 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 23:03 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 23:03 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 23:03 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 23:03 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 23:03 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 23:03 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 23:03 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 23:03 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 23:03 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 23:03 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 23:03 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 23:03 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 23:03 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 23:03 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 23:03 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 23:03 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 23:03 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 23:03 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 23:03 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 23:03 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 23:03 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 23:03 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 23:03 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 23:03 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 23:03 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 23:03 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 23:03 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 23:03 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 23:03 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 23:03 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 23:03 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 23:03 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 23:03 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 23:03 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 23:03 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 23:03 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 23:03 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 23:03 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 23:03 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 23:03 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 23:03 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 23:03 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 23:03 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 23:03 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 23:03 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 23:03 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 23:03 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 23:03 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 23:03 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 23:03 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 23:03 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 23:03 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 23:03 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 23:00 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 23:00 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 23:00 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 23:00 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 22:32 - 2014-08-24 13:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-14 22:22 - 2014-08-18 00:54 - 00000299 _____ () C:\Users\Aikigunnar\.JavaPowUpload.properties
2014-08-14 22:14 - 2014-08-14 22:14 - 00000000 ____D () C:\Users\Aikigunnar\AppData\Roaming\ADrive
2014-08-14 22:13 - 2014-08-14 22:13 - 00000000 ____D () C:\Users\Aikigunnar\AppData\Local\ADrive
2014-08-09 20:08 - 2014-09-01 14:15 - 01020343 _____ () C:\Windows\WindowsUpdate.log
2014-08-08 20:04 - 2014-08-08 20:04 - 00002212 _____ () C:\Users\Aikigunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-08-06 22:04 - 2014-08-06 22:04 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-06 22:04 - 2014-08-06 22:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-06 22:04 - 2014-08-06 22:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-06 22:04 - 2014-08-06 22:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-06 22:04 - 2014-08-06 22:04 - 00000000 ____D () C:\Program Files (x86)\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 14:19 - 2014-08-29 22:37 - 00022190 _____ () C:\Users\Aikigunnar\Desktop\FRST.txt
2014-09-01 14:18 - 2013-07-10 22:35 - 00000000 ____D () C:\FRST
2014-09-01 14:15 - 2014-08-09 20:08 - 01020343 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 14:12 - 2013-03-28 23:58 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-01 14:11 - 2013-03-28 21:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-01 14:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 14:07 - 2014-05-18 21:21 - 00000000 ____D () C:\AdwCleaner
2014-09-01 14:05 - 2014-09-01 14:05 - 01364531 _____ () C:\Users\Aikigunnar\Downloads\adwcleaner_3.308.exe
2014-09-01 14:01 - 2013-07-08 02:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-01 13:56 - 2013-03-28 23:58 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 13:51 - 2013-03-29 23:37 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-09-01 13:15 - 2014-09-01 13:15 - 00022102 _____ () C:\Users\Aikigunnar\Desktop\Addition.txt
2014-09-01 13:13 - 2014-09-01 13:13 - 00000000 ____D () C:\Users\Aikigunnar\Desktop\FRST-OlderVersion
2014-09-01 13:13 - 2014-08-29 22:36 - 02104832 _____ (Farbar) C:\Users\Aikigunnar\Desktop\FRST64.exe
2014-09-01 13:11 - 2013-05-28 21:37 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2B920A6E-2182-47B6-8744-629079671822}
2014-09-01 13:10 - 2009-07-14 06:45 - 00032304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 13:10 - 2009-07-14 06:45 - 00032304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-31 02:55 - 2014-08-31 02:55 - 00000827 _____ () C:\Users\Aikigunnar\Desktop\JRT.txt
2014-08-31 02:42 - 2014-08-31 02:42 - 00001164 _____ () C:\Users\Aikigunnar\Desktop\mbam.txt
2014-08-31 02:36 - 2013-10-07 23:31 - 00000948 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-258546526-3460438922-237754320-1000UA.job
2014-08-30 23:36 - 2013-10-07 23:31 - 00000926 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-258546526-3460438922-237754320-1000Core.job
2014-08-30 23:04 - 2014-08-30 00:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-30 23:04 - 2014-08-30 00:41 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-30 23:04 - 2014-08-30 00:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-30 22:35 - 2014-02-19 21:06 - 00000000 ____D () C:\Windows\Minidump
2014-08-30 00:57 - 2014-08-29 00:08 - 00000000 ____D () C:\Program Files (x86)\ClearThink
2014-08-30 00:44 - 2013-04-03 18:58 - 00000000 ____D () C:\Users\Aikigunnar\AppData\Local\CRE
2014-08-30 00:41 - 2013-07-10 23:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-30 00:36 - 2014-08-30 00:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aikigunnar\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-30 00:36 - 2014-08-30 00:37 - 01364531 _____ () C:\Users\Aikigunnar\Desktop\adwcleaner_3.308.exe
2014-08-30 00:36 - 2014-08-30 00:37 - 01016261 _____ (Thisisu) C:\Users\Aikigunnar\Desktop\JRT.exe
2014-08-30 00:34 - 2014-08-30 00:34 - 00002229 _____ () C:\Users\Aikigunnar\Downloads\Neues Textdokument.txt
2014-08-29 22:56 - 2014-08-29 22:56 - 00021570 _____ () C:\Users\Aikigunnar\Desktop\Gmer.txt
2014-08-29 22:36 - 2014-08-29 22:36 - 00000604 _____ () C:\Users\Aikigunnar\Desktop\defogger_disable.log
2014-08-29 22:36 - 2014-08-29 22:36 - 00000148 _____ () C:\Users\Aikigunnar\defogger_reenable
2014-08-29 22:36 - 2013-03-28 20:57 - 00000000 ____D () C:\Users\Aikigunnar
2014-08-29 22:35 - 2014-08-29 22:35 - 00050477 _____ () C:\Users\Aikigunnar\Desktop\Defogger.exe
2014-08-29 22:33 - 2014-08-29 22:33 - 00380416 _____ () C:\Users\Aikigunnar\Desktop\ymsriggm.exe
2014-08-29 22:24 - 2013-04-03 17:46 - 00000000 ____D () C:\Users\Aikigunnar\AppData\Roaming\Winamp
2014-08-29 22:20 - 2009-07-14 04:34 - 00000821 _____ () C:\Windows\win.ini
2014-08-29 22:15 - 2009-07-14 06:45 - 00294640 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 00:33 - 2014-08-29 00:33 - 770117621 _____ () C:\Users\Aikigunnar\Downloads\Tekken 6.7z
2014-08-25 23:10 - 2014-08-25 02:15 - 00000000 ____D () C:\Users\Aikigunnar\Desktop\Neuer Ordner
2014-08-25 01:23 - 2014-08-25 01:23 - 00000000 ____D () C:\Users\Aikigunnar\Documents\1.Seminar
2014-08-24 13:47 - 2014-08-14 22:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-24 13:46 - 2014-08-24 13:46 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-24 13:46 - 2014-08-24 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-24 13:46 - 2014-08-24 13:46 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-23 04:07 - 2014-08-27 20:13 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-27 20:13 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-27 20:13 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-18 21:42 - 2013-03-29 12:31 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-08-18 21:42 - 2013-03-29 12:31 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-08-18 21:42 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-18 00:54 - 2014-08-14 22:22 - 00000299 _____ () C:\Users\Aikigunnar\.JavaPowUpload.properties
2014-08-16 03:57 - 2014-05-25 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-15 04:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-15 03:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 03:21 - 2013-07-13 16:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 03:12 - 2013-04-01 14:02 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 03:01 - 2014-05-01 21:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 22:32 - 2013-03-28 21:53 - 00000000 ____D () C:\ProgramData\Avira
2014-08-14 22:14 - 2014-08-14 22:14 - 00000000 ____D () C:\Users\Aikigunnar\AppData\Roaming\ADrive
2014-08-14 22:13 - 2014-08-14 22:13 - 00000000 ____D () C:\Users\Aikigunnar\AppData\Local\ADrive
2014-08-08 20:04 - 2014-08-08 20:04 - 00002212 _____ () C:\Users\Aikigunnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-08-07 04:06 - 2014-08-14 23:00 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-14 23:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 22:05 - 2014-07-08 20:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 22:04 - 2014-08-06 22:04 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-06 22:04 - 2014-08-06 22:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-06 22:04 - 2014-08-06 22:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-06 22:04 - 2014-08-06 22:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-06 22:04 - 2014-08-06 22:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-06 21:58 - 2014-05-29 23:40 - 00001017 _____ () C:\Users\Aikigunnar\Desktop\Skripten.lnk
2014-08-05 09:20 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-02 23:42 - 2014-03-10 18:54 - 00000000 ____D () C:\Users\Aikigunnar\Desktop\Bilder von Handy

Some content of TEMP:
====================
C:\Users\Aikigunnar\AppData\Local\Temp\avgnt.exe
C:\Users\Aikigunnar\AppData\Local\Temp\Quarantine.exe
C:\Users\Gast\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-01 13:44

==================== End Of Log ============================
--- --- ---

--- --- ---





Ist doch noch was zu bereinigen?



Erst mal vielen Dank

M-K-D-B 01.09.2014 18:06
Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
Task: {054851DE-DF23-46AC-8F63-EBB8CA6A7DC4} - \LyriXeeker-1-codedownloader No Task File <==== ATTENTION
Task: {08F8EEFB-CC58-41E3-93BA-1E1C6B0D6D75} - \LyriXeeker-1-chromeinstaller No Task File <==== ATTENTION
Task: {8075AFD1-0D5B-4EC5-9A90-8040F5C560B5} - \LyriXeeker-1-enabler No Task File <==== ATTENTION
Task: {F97C104D-4C11-4B3F-8856-DCEF45D17009} - \LyriXeeker-1-updater No Task File <==== ATTENTION
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
C:\Program Files (x86)\ClearThink
S2 Update ClearThink; "C:\Program Files (x86)\ClearThink\updateClearThink.exe" [X]
S2 Util ClearThink; "C:\Program Files (x86)\ClearThink\bin\utilClearThink.exe" [X]
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Aikigunnar 02.09.2014 00:29
O.k. hier die Logs

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by Aikigunnar at 2014-09-01 22:31:06 Run:3
Running from C:\Users\Aikigunnar\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Task: {054851DE-DF23-46AC-8F63-EBB8CA6A7DC4} - \LyriXeeker-1-codedownloader No Task File <==== ATTENTION
Task: {08F8EEFB-CC58-41E3-93BA-1E1C6B0D6D75} - \LyriXeeker-1-chromeinstaller No Task File <==== ATTENTION
Task: {8075AFD1-0D5B-4EC5-9A90-8040F5C560B5} - \LyriXeeker-1-enabler No Task File <==== ATTENTION
Task: {F97C104D-4C11-4B3F-8856-DCEF45D17009} - \LyriXeeker-1-updater No Task File <==== ATTENTION
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
C:\Program Files (x86)\ClearThink
S2 Update ClearThink; "C:\Program Files (x86)\ClearThink\updateClearThink.exe" [X]
S2 Util ClearThink; "C:\Program Files (x86)\ClearThink\bin\utilClearThink.exe" [X]
EmptyTemp:
end
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{054851DE-DF23-46AC-8F63-EBB8CA6A7DC4}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyriXeeker-1-codedownloader" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08F8EEFB-CC58-41E3-93BA-1E1C6B0D6D75}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyriXeeker-1-chromeinstaller" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8075AFD1-0D5B-4EC5-9A90-8040F5C560B5}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyriXeeker-1-enabler" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F97C104D-4C11-4B3F-8856-DCEF45D17009}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyriXeeker-1-updater" => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
"C:\Program Files (x86)\ClearThink" => File/Directory not found.
Update ClearThink => Service not found.
Util ClearThink => Service not found.
EmptyTemp: => Removed 23.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====


------------------------------------------------------------------------------------------------------




ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=46fdbbf41e9ac44e960aa31a50246ddc
# engine=19948
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-01 10:23:37
# local_time=2014-09-02 12:23:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 6839 43898191 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 266014 161240067 0 0
# scanned=189776
# found=41
# cleaned=0
# scan_time=5651
sh=2A416A43F8EB5116EFB233887C941DF189CE0C75 ft=1 fh=daa76af88cd1b75c vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\FiddlerCore.dll.vir"
sh=9DD63B6D68BD8B093C0ED5BEAA88C1619F8917B1 ft=1 fh=ab577506ac7d6580 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\HtmlAgilityPack.dll.vir"
sh=6FCCF4AB44582F9167D3900A3B0E3247DFC1F6EA ft=1 fh=42992d87708b49a6 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Newtonsoft.Json.dll.vir"
sh=C7C39A73408243BCB6EE0CC76DE347DD19113DA4 ft=1 fh=3966826d47bc5a39 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-bho64.dll.vir"
sh=71E2F9D64D3FF023BD84948A4A415796F6DF3657 ft=1 fh=4374af28a4922a52 vn="Win32/Packed.ScrambleWrapper.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\utils.exe.vir"
sh=B31BF653BC72F2FF09E2D0E4E61A33443D415D18 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\CRE\oolkekjjhnaeaahibbnfebmogackofpf.crx.vir"
sh=0E7EF78031BACDEDEF5E878B0C1960A4E50BB4E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.26.43_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf\10.31.4.510_0\APISupport\APISupport.dll.vir"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir"
sh=2A416A43F8EB5116EFB233887C941DF189CE0C75 ft=1 fh=daa76af88cd1b75c vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\LPT\FiddlerCore.dll.vir"
sh=9DD63B6D68BD8B093C0ED5BEAA88C1619F8917B1 ft=1 fh=ab577506ac7d6580 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\LPT\HtmlAgilityPack.dll.vir"
sh=6FCCF4AB44582F9167D3900A3B0E3247DFC1F6EA ft=1 fh=42992d87708b49a6 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\LPT\Newtonsoft.Json.dll.vir"
sh=2A416A43F8EB5116EFB233887C941DF189CE0C75 ft=1 fh=daa76af88cd1b75c vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\Smartbar\Application\FiddlerCore.dll.vir"
sh=9DD63B6D68BD8B093C0ED5BEAA88C1619F8917B1 ft=1 fh=ab577506ac7d6580 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\Smartbar\Application\HtmlAgilityPack.dll.vir"
sh=9FECAE9F6FDFB68196595EB904EB1B37229C827B ft=1 fh=6f5efe7ecfef6af1 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\Smartbar\Application\Interop.SHDocVw.dll.vir"
sh=65C971218691D54873AA9F12898E966A43EB8F7F ft=1 fh=7f7b8b27db681215 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\Smartbar\Application\lrcnt.dll.vir"
sh=BE0E41D4852C15C8F10D35432BCA925EC7BCE3FD ft=1 fh=9bc184c54558c02a vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\Smartbar\Application\MouseKeyboardActivityMonitor.dll.vir"
sh=9E368A9332527BA508F56A7B26F3C72D7E0C3F25 ft=1 fh=5e33fe3b913f98f2 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\Smartbar\Application\NDde.dll.vir"
sh=6FCCF4AB44582F9167D3900A3B0E3247DFC1F6EA ft=1 fh=42992d87708b49a6 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\Smartbar\Application\Newtonsoft.Json.dll.vir"
sh=C937938172B3D62B401704BB4B1F5C3587EABA72 ft=1 fh=3a6e270b56071dd4 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\Smartbar\Application\sipb.dll.vir"
sh=FFA29462419BB5F68627B32D0223CB91A0D7AADD ft=1 fh=f37a614dc756caa9 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=BA8871127FB23B24A8963B6A5992DED58259E590 ft=1 fh=65df87dcc97c6ea8 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_24.d ll.vir"
sh=C88DAF3FB5D3FEC090233FF251F7F0CFC73EF4CD ft=1 fh=b74c7f4df627386b vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.d ll.vir"
sh=4B9D59EFA89F628628CE74083961743D56E460C7 ft=1 fh=8e9074b2b2075a48 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.d ll.vir"
sh=7290509DD9B7F8DCFA781334EBEFF3E5D4C58C5C ft=1 fh=0aae782d31fb93bd vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.d ll.vir"
sh=32602D4077332EE0F75304C87434755510F768FD ft=1 fh=4d22cbd3b33f2e9e vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.d ll.vir"
sh=A5517659524BFD05ABEF457FE26F1D0E80D3EF85 ft=1 fh=af4585d56f4a69b5 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.d ll.vir"
sh=31CE21FE36C11E107A6E315EFE1875743809B4CC ft=1 fh=48abcfa6ce4a4014 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=475F248095D35E333ADF2F38B02424DEBEE83F04 ft=1 fh=62a3e0d8b40d4617 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Aikigunnar\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=00798879F7149146DA4414D905747783648E89AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.26.44_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=3823C862C561D0CAEE9529E3D219F279E3F94FD6 ft=1 fh=b645ea40dd7eb557 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=1CEC34A233EF9481A573B2C9651A4B3DAFC2028C ft=1 fh=c7d61388cf56bbd2 vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Aikigunnar\AppData\Local\nsqBAD1.tmp"
sh=9FECAE9F6FDFB68196595EB904EB1B37229C827B ft=1 fh=6f5efe7ecfef6af1 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
sh=B394968C15377A0E77803E17955DC377B0AE2B7A ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Windows\Installer\bacc914.msi"
sh=30EF281C81897B394B1B7EC2F2DEC8BD0F79C867 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\cb6ac.msi"
sh=E9F61CF96A7A4FE6BCB212DC6A333CDF08DFE040 ft=1 fh=ef4ca9028c6a1da1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="D:\Firefox\toolbar@ask.com\plugins\npAviraCallingID.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="D:\Programme\Avira\AntiVir Desktop\apnstub.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="D:\Programme\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="D:\Programme\updated\Avira\AntiVir Desktop\apnstub.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="D:\Programme\updated\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"



------------------------------------------------------------------------------------------------------




Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 67
Mozilla Firefox (31.0)
Mozilla Thunderbird (24.6.0)
Google Chrome 36.0.1985.125
Google Chrome 36.0.1985.143
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

M-K-D-B 02.09.2014 08:22
Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
C:\Windows\Installer\bacc914.msi
C:\Windows\Installer\cb6ac.msi
D:\Firefox\toolbar@ask.com
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.








Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Ändere regelmäßig alle deine Passwörter, jetzt nach der Bereinigung ist ein idealer Zeitpunkt dafür!
  • Verwende für jede Anwendung und jeden Account ein anderes Passwort.
  • Ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist das sehr wichtig.
  • Speichere keine Passwörter auf deinem PC, gib diese nicht an Dritte weiter.
  • Ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen.
  • Benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster.
  • Verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name) haben.






Schritt 1
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 2
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
    Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwünschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

M-K-D-B 06.09.2014 10:57
Ich bin froh, dass wir helfen konnten :abklatsch:

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :)

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19