Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Fehlermeldung von Regsvr32 nach Virusentfernung (https://www.trojaner-board.de/157764-fehlermeldung-regsvr32-virusentfernung.html)

lukasmueller 18.08.2014 19:55
Fehlermeldung von Regsvr32 nach Virusentfernung
 
Ich habe mir gestern durch ein angebliches Update zu Adobe Flash Player scheinbar ein Virus eingefangen.
Avira gab zunächst an, dass mein PC mit "BOO/Cidox.B" infiziert sei.
Nachdem dieser sich mit Avira nicht entfernen ließ, versuchte ich es mit "Malwarebytes Anti-Rootkit". Dieser Scanner fand tatsächlich noch ein paar weitere infizierte Dateien, die Avira nicht erkennen konnte und bereinigte mein System vom oben genannten Virus.

Nun zeigt mein System beim Neustart neuerdings eine Fehlermeldung von Regsvr32 an.
Diese meldet, dass das Modul ' "" ' nicht geladen werden konnte.

Leider habe ich ab diesem Punkt schon versucht das Problem selbst in die Hand zu nehmen, und unter einer Anleitung von Youtube meine dll-Dateien über eine bat-Datei neu registriert.
Diese bat-Datei kam jedoch bei einer dll namens "nvoglv32.dll" nicht weiter, woraufhin ich sie beendete.

Die Fehlermeldung über ein Modul ohne Namen bleibt jedoch bestehen.

Heißt das, dass der Trojaner oder das Virus noch aktiv ist?
Wie kann ich das beheben?


Viele Grüße
Lukas Müller

schrauber 18.08.2014 20:33
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


lukasmueller 19.08.2014 13:41
Vielen Dank für die schnelle Antwort!
Im Anhang befinden sich die beiden Dateien vom Scan.
Wenn es nötig ist kann ich die bat-Datei, die ich in meinem ersten Post erwähnte, auch noch schicken.

Ich möchte außerdem meinen ersten Post noch einmal korrigieren.
"Malwarebytes Anti-Rootkit" war scheinbar nicht der Grund, wieso mein System bereinigt wurde.
Ich habe nach einer Anleitung danach nochmal mein System gestartet und im Boot-Menü "Computer reparieren" gewählt.
Nach der Anmeldung habe ich cmd.exe geöffnet und folgende Befehle eingegeben:

X:\windows\system32>bootrec /scanos
X:\windows\system32>bootrec /fixMbr
X:\windows\system32>Bootrec /FixBoot

Danach hab ich das System neugestartet und die Meldung, dass "BOO/Cidox.B" erkannt wurde, blieb verschwunden.

Viele Grüße
Lukas Müller

schrauber 20.08.2014 08:31
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

lukasmueller 20.08.2014 15:29
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Lukas Müller (administrator) on LUKASMÜLLER-PC on 19-08-2014 14:31:55
Running from C:\Users\Lukas Müller\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\ASGT.exe
() C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(WeGame.com, Inc.) C:\Program Files (x86)\WeGame\wgclientservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Lukas Müller\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2013-03-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AdaptecDirectCD] => C:\Program Files (x86)\Roxio\WinOnCD 5 PE\DirectCD\DirectCD.exe [655360 2001-10-10] (Roxio)
HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_15_Premium_Sonderedition\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl11] => C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe [237120 2013-03-01] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1935541172-1151020566-1174068504-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-1935541172-1151020566-1174068504-1000\...\Run: [Facebook Update] => C:\Users\Lukas Müller\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-03] (Facebook Inc.)
HKU\S-1-5-21-1935541172-1151020566-1174068504-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1935541172-1151020566-1174068504-1000\...\Run: [Spotify Web Helper] => C:\Users\Lukas Müller\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-18] (Spotify Ltd)
HKU\S-1-5-21-1935541172-1151020566-1174068504-1000\...\Run: [OjhuxFercu] => regsvr32.exe "
HKU\S-1-5-21-1935541172-1151020566-1174068504-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2870272 2011-02-26] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1935541172-1151020566-1174068504-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Lukas Müller\AppData\Local\{b27a93e9-67fa-cd94-2871-30cac4a5aa84}\n. ATTENTION! ====> ZeroAccess/Alureon?
HKU\S-1-5-21-1935541172-1151020566-1174068504-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-1935541172-1151020566-1174068504-1000\$b27a93e967facd94287130cac4a5aa84\n. ATTENTION! ====> ZeroAccess?
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
SSODL-x32: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6EA97C034F01CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - c:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - c:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.7601.17514_none_d1a4c8feac0dfcdb\urlmon.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531
FF Homepage: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.2.1 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.2.1 -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Lukas Müller\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: a2zLyrics-16 - C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\Extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com [2014-07-10]
FF Extension: DownloadHelper - C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-08]
FF Extension: ProxTube - C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-07-29]
FF Extension: Adblock Plus - C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-05-22]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [85568 2013-03-01] ()
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [77576 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [294664 2013-03-11] (CyberLink)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-29] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WeGameClientService; C:\Program Files (x86)\WeGame\WGClientService.exe [18472 2011-07-28] (WeGame.com, Inc.)
S2 70e6ca8c; "c:\progra~2\optimi~1\OptProCrash.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-11-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S1 Cdr4_XP; C:\Windows\SysWow64\Drivers\Cdr4_XP.sys [55216 2001-09-18] (Roxio) [File not signed]
S1 Cdralw2k; C:\Windows\SysWow64\Drivers\Cdralw2k.sys [23561 2001-09-18] (Roxio) [File not signed]
S1 cdudf_xp; C:\Windows\SysWow64\Drivers\cdudf_xp.sys [233600 2001-10-10] (Roxio) [File not signed]
S3 dvd_2K; C:\Windows\SysWow64\Drivers\dvd_2K.sys [17958 2001-09-10] (Roxio) [File not signed]
S3 hxctlflt; C:\Windows\System32\Drivers\hxctlflt.sys [111104 2009-02-08] (Guillemot Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-11-02] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-08-18] (Malwarebytes Corporation)
S3 mmc_2K; C:\Windows\SysWow64\Drivers\mmc_2K.sys [19158 2001-10-10] (Roxio) [File not signed]
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S1 pwd_2K; C:\Windows\SysWow64\Drivers\pwd_2K.sys [79414 2001-10-10] (Roxio) [File not signed]
S3 Secdrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [14368 1999-09-27] () [File not signed]
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3552384 2009-04-22] ()
S3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [419160 2011-04-28] (TASCAM)
S3 TASCAM_US122L_MK2_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [31576 2011-04-28] (TASCAM)
S3 TASCAM_US122L_MK2_WDM; C:\Windows\System32\drivers\tscusb2a.sys [53080 2011-04-28] (TASCAM)
R3 tbs5922vhid; C:\Windows\System32\drivers\tbs5922vhid.sys [23728 2014-03-07] (Windows (R) Win 7 DDK provider)
R2 TBS_TBS5922BDA; C:\Windows\System32\DRIVERS\tbs5922.sys [86064 2014-03-07] (TBS )
S1 UdfReadr_xp; C:\Windows\SysWow64\Drivers\UdfReadr_xp.sys [205440 2001-10-10] (Roxio) [File not signed]
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [130320 2013-03-11] (CyberLink Corp.)
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 14:31 - 2014-08-19 14:32 - 00019918 _____ () C:\Users\Lukas Müller\Downloads\FRST.txt
2014-08-19 14:28 - 2014-08-19 14:31 - 00000000 ____D () C:\FRST
2014-08-19 14:27 - 2014-08-19 14:27 - 02101760 _____ (Farbar) C:\Users\Lukas Müller\Downloads\FRST64.exe
2014-08-18 20:09 - 2014-08-18 20:09 - 03755599 _____ () C:\Users\Lukas Müller\Downloads\nvoglv32.zip
2014-08-18 19:33 - 2014-08-18 19:33 - 00000052 _____ () C:\Windows\avmcoins.log
2014-08-18 19:04 - 2014-08-18 19:04 - 00000000 ____D () C:\ProgramData\GroupPolicy
2014-08-18 18:48 - 2014-08-18 19:00 - 01016726 _____ () C:\Users\Lukas Müller\Desktop\re-regdll.bat
2014-08-18 18:48 - 2014-08-18 18:48 - 02350493 _____ () C:\re-regdll.bat
2014-08-18 18:12 - 2014-08-18 18:12 - 00000000 ____D () C:\Windows\pss
2014-08-18 16:47 - 2014-08-18 16:47 - 00282488 _____ () C:\Windows\Minidump\081814-35973-01.dmp
2014-08-18 15:41 - 2014-08-18 17:00 - 00000000 ____D () C:\ProgramData\IvhacVucqu
2014-08-18 15:17 - 2014-08-18 17:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-18 15:17 - 2014-08-18 16:49 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-18 15:15 - 2014-08-18 17:00 - 00000000 ____D () C:\Users\Lukas Müller\Desktop\mbar
2014-08-18 15:15 - 2014-08-18 16:26 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-18 15:05 - 2014-08-18 15:06 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Lukas Müller\Desktop\mbar-1.07.0.1012.exe
2014-08-18 02:18 - 2014-08-18 16:20 - 00000000 ____D () C:\ProgramData\AfivkArxum
2014-08-18 00:52 - 2014-08-18 00:55 - 00000000 ____D () C:\ProgramData\OjhuxFercu
2014-08-18 00:05 - 2014-08-18 16:10 - 00000000 ____D () C:\ProgramData\OjyisHanat
2014-08-18 00:05 - 2014-08-18 02:18 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-14 22:06 - 2014-08-17 20:37 - 00001482 _____ () C:\Users\Lukas Müller\AppData\Local\RecConfig.xml
2014-08-14 22:06 - 2014-08-14 22:06 - 00001042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-08-14 22:06 - 2014-08-14 22:06 - 00001030 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-08-14 22:02 - 2014-08-14 22:02 - 00001071 _____ () C:\Users\Lukas Müller\Desktop\No23 Recorder.lnk
2014-08-14 22:02 - 2014-08-14 22:02 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No23 Recorder
2014-08-14 22:02 - 2014-08-14 22:02 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Local\No23 Recorder
2014-08-14 22:01 - 2014-08-14 22:01 - 02497825 _____ (No23) C:\Users\Lukas Müller\Downloads\No23Recorder2103.exe
2014-08-10 16:12 - 2014-08-10 16:12 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Local\SKIDROW
2014-08-10 15:04 - 2014-08-10 15:28 - 00000000 ____D () C:\Users\Lukas Müller\Downloads\Tony Hawk's Pro Skater HD
2014-07-20 12:52 - 2014-07-20 12:59 - 148478264 _____ () C:\Users\Lukas Müller\Documents\PowerDVD_v5012_r85663_Ultra_DVD131220-03.exe
2014-07-20 12:51 - 2014-07-20 12:51 - 01029080 _____ (CyberLink) C:\Users\Lukas Müller\Downloads\CyberLink_PowerDVD_Downloader(1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 14:32 - 2014-08-19 14:31 - 00019918 _____ () C:\Users\Lukas Müller\Downloads\FRST.txt
2014-08-19 14:31 - 2014-08-19 14:28 - 00000000 ____D () C:\FRST
2014-08-19 14:27 - 2014-08-19 14:27 - 02101760 _____ (Farbar) C:\Users\Lukas Müller\Downloads\FRST64.exe
2014-08-19 14:25 - 2012-07-10 17:22 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Roaming\Skype
2014-08-19 14:06 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-19 14:06 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-19 14:03 - 2009-07-14 19:58 - 00719388 _____ () C:\Windows\system32\perfh007.dat
2014-08-19 14:03 - 2009-07-14 19:58 - 00159988 _____ () C:\Windows\system32\perfc007.dat
2014-08-19 14:03 - 2009-07-14 07:13 - 01712474 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-19 14:02 - 2011-11-02 15:18 - 02053771 _____ () C:\Windows\WindowsUpdate.log
2014-08-19 14:00 - 2012-10-31 19:28 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-19 13:59 - 2011-12-30 22:46 - 00000012 _____ () C:\ProgramData\DirectCDUserName.txt
2014-08-19 13:58 - 2011-11-02 15:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-19 13:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 13:58 - 2009-07-14 06:51 - 00211072 _____ () C:\Windows\setupact.log
2014-08-18 22:19 - 2013-01-03 20:14 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1935541172-1151020566-1174068504-1000UA.job
2014-08-18 20:09 - 2014-08-18 20:09 - 03755599 _____ () C:\Users\Lukas Müller\Downloads\nvoglv32.zip
2014-08-18 19:33 - 2014-08-18 19:33 - 00000052 _____ () C:\Windows\avmcoins.log
2014-08-18 19:19 - 2013-01-03 20:14 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1935541172-1151020566-1174068504-1000Core.job
2014-08-18 19:04 - 2014-08-18 19:04 - 00000000 ____D () C:\ProgramData\GroupPolicy
2014-08-18 19:02 - 2014-05-12 19:37 - 01611120 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-18 19:00 - 2014-08-18 18:48 - 01016726 _____ () C:\Users\Lukas Müller\Desktop\re-regdll.bat
2014-08-18 18:48 - 2014-08-18 18:48 - 02350493 _____ () C:\re-regdll.bat
2014-08-18 18:12 - 2014-08-18 18:12 - 00000000 ____D () C:\Windows\pss
2014-08-18 17:21 - 2014-08-18 15:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-18 17:21 - 2011-11-02 19:48 - 00421628 _____ () C:\Windows\PFRO.log
2014-08-18 17:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI
2014-08-18 17:00 - 2014-08-18 15:41 - 00000000 ____D () C:\ProgramData\IvhacVucqu
2014-08-18 17:00 - 2014-08-18 15:15 - 00000000 ____D () C:\Users\Lukas Müller\Desktop\mbar
2014-08-18 16:49 - 2014-08-18 15:17 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-18 16:47 - 2014-08-18 16:47 - 00282488 _____ () C:\Windows\Minidump\081814-35973-01.dmp
2014-08-18 16:47 - 2011-11-05 18:00 - 00000000 ____D () C:\Windows\Minidump
2014-08-18 16:26 - 2014-08-18 15:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-18 16:20 - 2014-08-18 02:18 - 00000000 ____D () C:\ProgramData\AfivkArxum
2014-08-18 16:10 - 2014-08-18 00:05 - 00000000 ____D () C:\ProgramData\OjyisHanat
2014-08-18 15:06 - 2014-08-18 15:05 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Lukas Müller\Desktop\mbar-1.07.0.1012.exe
2014-08-18 02:18 - 2014-08-18 00:05 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-18 00:55 - 2014-08-18 00:52 - 00000000 ____D () C:\ProgramData\OjhuxFercu
2014-08-17 20:51 - 2014-03-22 17:43 - 00000000 ____D () C:\Users\Lukas Müller\Desktop\Neuer Ordner
2014-08-17 20:37 - 2014-08-14 22:06 - 00001482 _____ () C:\Users\Lukas Müller\AppData\Local\RecConfig.xml
2014-08-17 20:29 - 2012-10-23 20:37 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Roaming\Spotify
2014-08-17 14:54 - 2011-12-25 16:50 - 00000000 ____D () C:\Users\Lukas Müller\Documents\DVDVideoSoft
2014-08-16 15:45 - 2013-11-23 20:23 - 00000000 ____D () C:\Users\Lukas Müller\Desktop\riffs
2014-08-15 23:00 - 2013-09-08 14:39 - 00001064 _____ () C:\Users\Lukas Müller\Desktop\Dropbox.lnk
2014-08-15 23:00 - 2013-09-08 14:35 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-15 23:00 - 2012-06-14 22:32 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Roaming\Dropbox
2014-08-15 20:36 - 2013-11-18 19:37 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Roaming\Audacity
2014-08-14 22:06 - 2014-08-14 22:06 - 00001042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-08-14 22:06 - 2014-08-14 22:06 - 00001030 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-08-14 22:06 - 2013-11-18 19:37 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-08-14 22:02 - 2014-08-14 22:02 - 00001071 _____ () C:\Users\Lukas Müller\Desktop\No23 Recorder.lnk
2014-08-14 22:02 - 2014-08-14 22:02 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No23 Recorder
2014-08-14 22:02 - 2014-08-14 22:02 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Local\No23 Recorder
2014-08-14 22:01 - 2014-08-14 22:01 - 02497825 _____ (No23) C:\Users\Lukas Müller\Downloads\No23Recorder2103.exe
2014-08-13 22:39 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-12 23:00 - 2012-01-15 16:31 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Roaming\uTorrent
2014-08-12 03:54 - 2012-10-23 20:38 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Local\Spotify
2014-08-11 14:19 - 2012-07-10 17:21 - 00000000 ____D () C:\ProgramData\Skype
2014-08-10 16:12 - 2014-08-10 16:12 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Local\SKIDROW
2014-08-10 16:12 - 2011-12-19 15:42 - 00000000 ____D () C:\Users\Lukas Müller\Documents\My Games
2014-08-10 15:28 - 2014-08-10 15:04 - 00000000 ____D () C:\Users\Lukas Müller\Downloads\Tony Hawk's Pro Skater HD
2014-08-08 22:35 - 2014-07-06 15:52 - 00001873 _____ () C:\Users\Lukas Müller\Desktop\virtual dj.txt
2014-08-01 00:16 - 2013-06-22 13:06 - 00000000 ____D () C:\Users\Lukas Müller\Documents\Flight Simulator X-Dateien
2014-07-30 17:10 - 2013-05-22 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 16:30 - 2013-03-07 23:13 - 00000132 _____ () C:\Users\Lukas Müller\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-07-20 12:59 - 2014-07-20 12:52 - 148478264 _____ () C:\Users\Lukas Müller\Documents\PowerDVD_v5012_r85663_Ultra_DVD131220-03.exe
2014-07-20 12:51 - 2014-07-20 12:51 - 01029080 _____ (CyberLink) C:\Users\Lukas Müller\Downloads\CyberLink_PowerDVD_Downloader(1).exe
2014-07-20 12:51 - 2011-11-02 16:52 - 00000000 ____D () C:\ProgramData\CyberLink

ZeroAccess:
C:\Users\Lukas Müller\AppData\Local\{b27a93e9-67fa-cd94-2871-30cac4a5aa84}
C:\Users\Lukas Müller\AppData\Local\{b27a93e9-67fa-cd94-2871-30cac4a5aa84}\@
C:\Users\Lukas Müller\AppData\Local\{b27a93e9-67fa-cd94-2871-30cac4a5aa84}\U\00000001.@
C:\Users\Lukas Müller\AppData\Local\{b27a93e9-67fa-cd94-2871-30cac4a5aa84}\U\800000cb.@

Files to move or delete:
====================
C:\Users\Lukas Müller\jagex_cl_runescape_LIVE.dat
C:\Users\Lukas Müller\random.dat
C:\Users\Lukas Müller\AppData\Roaming\skype.ini


Some content of TEMP:
====================
C:\Users\Lukas Müller\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-18 19:30

==================== End Of Log ============================
--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Lukas Müller at 2014-08-19 14:32:56
Running from C:\Users\Lukas Müller\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.0 - )
4K Video Downloader 3.4 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.4.0.1400 - Open Media LLC)
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.00.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
ArmA 2 Free Uninstall (HKLM-x32\...\ArmA 2) (Version:  - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Assassin's Creed III 1.01 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.01 - Ubisoft)
Assassin's Creed Revelations (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.01 - Ubisoft)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.9.2 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.4.9.2 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audio Converter (HKCU\...\Audio Converter) (Version:  - )
Audio Converter Packages (HKCU\...\Audio Converter Packages) (Version:  - ) <==== ATTENTION
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BattlEye (A2Free) Uninstall (HKLM-x32\...\BattlEye A2 Free) (Version:  - )
Blender (HKLM\...\Blender) (Version: 2.63-release - Blender Foundation)
BurnAware Free 5.5 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Crysis(R) (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.00.0000 - Electronic Arts)
Cubase 5 (HKLM\...\{51AC53CA-6D26-459A-9BDF-53BAEB3E11A3}) (Version: 5.1.2 - Steinberg)
CyberLink PowerDVD 11 (HKLM-x32\...\InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}) (Version: 11.0.3901.57 - CyberLink Corp.)
CyberLink PowerDVD 11 (x32 Version: 11.0.3901.57 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ Commander (HKLM-x32\...\{5B75991B-CCBA-4908-ACFF-3FF60A624D5E}) (Version: 0.92.83 - Dotjosh Studios)
DiRT 3 (x32 Version: 1.0.0003.130 - Codemasters) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FilesFrog Update Checker (HKLM-x32\...\FilesFrog Update Checker) (Version:  - ) <==== ATTENTION
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
Flight Simulator X (HKLM-x32\...\RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Audio Converter version 5.0.37.327 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.37.327 - DVDVideoSoft Ltd.)
Free Countdown Timer 2.7.2 (HKLM-x32\...\{404245D0-E836-4737-9C12-D4D0034540F5}_is1) (Version: 2.7 - Comfort Software Group)
Free MP4 Video Converter version 5.0.30.1029 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.30.1029 - DVDVideoSoft Ltd.)
Free Studio version 5.3.2 (HKLM-x32\...\Free Studio_is1) (Version:  - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 5.0.23.320 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.20.1230 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
GeForce Experience NvStream Client Components (Version: 0.1.87 - NVIDIA Corporation) Hidden
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Earth (HKLM-x32\...\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}) (Version: 6.1.0.5001 - Google)
Greenfoot 1.5.6 (HKLM-x32\...\Greenfoot_is1) (Version:  - Deakin University)
HyperCam 2 (HKLM\...\HyperCam 2) (Version: 2.25.01 - Hyperionics Technology LLC)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IsoBuster 2.8.5 (HKLM-x32\...\IsoBuster_is1) (Version: 2.8.5 - Smart Projects)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416025FF}) (Version: 6.0.250 - Oracle)
Java(TM) 7 Update 2 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417002FF}) (Version: 7.0.20 - Oracle)
Java(TM) SE Development Kit 6 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160250}) (Version: 1.6.0.250 - Oracle)
Java(TM) SE Development Kit 7 Update 2 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170020}) (Version: 1.7.0.20 - Oracle)
JavaFX 2.0.2 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.0.2 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
MAGIX 3D Maker (embeded) (HKLM-x32\...\MAGIX 3D Maker D) (Version: 6.0.0.8 - MAGIX AG)
MAGIX FunPix Maker 1.0.0.0 (D) (HKLM-x32\...\MAGIX FunPix Maker D) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Screenshare 4.3.6.1987 (D) (HKLM-x32\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Video deluxe 15 Premium Sonderedition 8.5.0.28 (D) (HKLM-x32\...\MAGIX Video deluxe 15 Premium Sonderedition D) (Version: 8.5.0.28 - MAGIX AG)
MAGIX Xtreme Foto Designer 6 6.0.27.0 (D) (HKLM-x32\...\MAGIX Xtreme Foto Designer 6 D) (Version: 6.0.27.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0 - Microsoft Game Studios) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Minecraft Cracked (HKLM-x32\...\Minecraft Cracked) (Version:  - )
Minecraft1.7.9 (HKLM-x32\...\Minecraft1.7.9) (Version:  - )
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mp3tag v2.54 (HKLM-x32\...\Mp3tag) (Version: v2.54 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS (HKLM-x32\...\Native Instruments Massive v1.0.1.008 VSTi DXi RTAS) (Version:  - )
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version:  - )
NHL® 09 (HKLM-x32\...\{F2B5A2A7-2DF9-4361-8BD5-362714528B51}) (Version: 2.0.1.0 - Electronic Arts)
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
NVIDIA 3D Vision Controller-Treiber 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.6.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.6.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.902 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA Update 8.3.14 (Version: 8.3.14 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 8.3.14 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.5 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 2.4 r1678 - )
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Real Environment Xtreme 2.0 (HKLM-x32\...\{F32F502E-4398-4159-B3C9-3336AEDE6FEB}) (Version: 2.0.2010.0130 - Real Environment Simulations)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
RightMark 3DSound 2.3 (HKLM-x32\...\RightMark 3DSound 2.3) (Version:  - )
RollerCoaster Tycoon 3 (HKLM-x32\...\RollerCoaster Tycoon 3_is1) (Version:  - Atari)
Roxio WinOnCD 5 Power Edition (HKLM-x32\...\{DC88820C-64CB-40E9-AA77-E2ECC34368B3}) (Version: 5.0 - Roxio)
SHIELD Streaming (Version: 1.05.28 - NVIDIA Corporation) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spicy Guitar 1.2.0.1 (HKLM-x32\...\KeolabSpicyGuitar_is1) (Version: 1.2.0.1 - Keolab)
Split/Second (HKLM-x32\...\{28526951-55EF-4901-A0CA-B9AC966D1DD1}) (Version: 1.00.0000 - Disney Interactive Studios)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
Tag - IGF Professional 2008 (HKLM-x32\...\{1446A30C-6DAF-461E-96B1-31C554870082}_is1) (Version:  - DigiPen Institute of Technology)
TBS 5922SE DVBS/S2 USB 1.0.0.0 for windows (HKLM\...\TBS 5922SE DVBS/S2 USB driver  for windows_is1) (Version:  - TBS Technologies)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.16447 - TeamViewer)
TI-Nspire CAS Student Software (HKLM-x32\...\TI-Nspire CAS Student Software) (Version: 3.1.0.392 - Texas Instruments)
TmUnitedForever (HKLM-x32\...\TmUnitedForever_is1) (Version:  - Nadeo)
Tom Clancy's H.A.W.X. 2 (HKLM-x32\...\{76A232AF-B7D6-41A4-B795-6B355E6D32B1}) (Version: 1.0.1 - Ubisoft)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Ulead GIF Animator Lite Edition 1.0 (HKLM-x32\...\Ulead GIF Animator Lite Edition 1.0) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5DB2894C-2DA4-4DEF-A051-795AE799964A}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9832AED0-6A0C-4311-9227-FC9CB54F87DD}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
US-122 MKII / US-144 MKII (HKLM\...\USB_AUDIO_DEusb-audio.deTascam) (Version:  - )
VirtualDJ PRO Full (HKLM-x32\...\{4769E972-2E92-49C5-B6F9-465EFD0C4D94}) (Version: 7.0.5 - Atomix Productions)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WeGame Client 2.4.3.0 (HKLM-x32\...\12345_is1) (Version: 2.4.3.0 - WeGame.com, Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows-Treiberpaket - TBS (tbs5922vhid) HIDClass  (03/07/2014 1.0.0.0) (HKLM\...\C8B8FAC46669B83D6513418B6EC2FA8A4EBD1547) (Version: 03/07/2014 1.0.0.0 - TBS)
Windows-Treiberpaket - TBS DTV (TBS_TBS5922BDA) Media  (03/07/2014 1.0.0.0) (HKLM\...\42E78B30686DE2C55A82CE32A5119F0300B63C5A) (Version: 03/07/2014 1.0.0.0 - TBS DTV)
WinRAR 4.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1935541172-1151020566-1174068504-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935541172-1151020566-1174068504-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Users\Lukas Müller\AppData\Local\{b27a93e9-67fa-cd94-2871-30cac4a5aa84}\n. No File
CustomCLSID: HKU\S-1-5-21-1935541172-1151020566-1174068504-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-1935541172-1151020566-1174068504-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935541172-1151020566-1174068504-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935541172-1151020566-1174068504-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935541172-1151020566-1174068504-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935541172-1151020566-1174068504-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935541172-1151020566-1174068504-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935541172-1151020566-1174068504-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935541172-1151020566-1174068504-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935541172-1151020566-1174068504-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1192C561-DAB5-478D-AE5C-3497C57483F3} - \a2zLyrics-16-chromeinstaller No Task File <==== ATTENTION
Task: {3939E2A1-2E08-4C61-A9BE-9D5D1ED5F45F} - \a2zLyrics-16-firefoxinstaller No Task File <==== ATTENTION
Task: {4E50B265-8F0D-45A6-9D29-3A063FE57A4A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-24] (Piriform Ltd)
Task: {5AD4470A-7245-48A9-A773-DB8C66253A16} - \a2zLyrics-16-enabler No Task File <==== ATTENTION
Task: {63AB81A9-5ADA-498F-99E3-C5BB7A13EE97} - \Express FilesUpdate No Task File <==== ATTENTION
Task: {83879B61-AFBD-4DD3-9F09-B5ADA81BA4F1} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8BC6722A-9249-46CD-9704-7A6CEF66CB35} - \a2zLyrics-16-codedownloader No Task File <==== ATTENTION
Task: {998FE008-0596-468B-B61A-DD2AE9A7E000} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1935541172-1151020566-1174068504-1000Core => C:\Users\Lukas Müller\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-03] (Facebook Inc.)
Task: {ACA29750-B0CD-44F2-B46A-22DF9B9333AA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1935541172-1151020566-1174068504-1000UA => C:\Users\Lukas Müller\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-03] (Facebook Inc.)
Task: {AFA5C1DA-DEC2-4577-8FB0-DD707F7C761D} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {B09BD5F5-B9A0-4CDE-970E-04931E701B2D} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {E6FA9A55-A7AE-4F6A-B60C-B3ED4C612837} - \a2zLyrics-16-updater No Task File <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1935541172-1151020566-1174068504-1000Core.job => C:\Users\Lukas Müller\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1935541172-1151020566-1174068504-1000UA.job => C:\Users\Lukas Müller\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-11-02 16:02 - 2013-09-12 09:25 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2013-03-22 22:47 - 2013-03-01 09:26 - 00085568 _____ () C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
2011-11-29 16:28 - 2014-06-29 23:20 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-05-26 19:39 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2013-03-22 22:48 - 2011-11-04 09:28 - 00260096 _____ () C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\sqlite3.dll
2013-05-22 21:29 - 2014-07-30 17:10 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-04 17:01 - 2014-05-04 17:01 - 16351920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Lukas Müller^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TCPSVCS.lnk => C:\Windows\pss\TCPSVCS.lnk.Startup
MSCONFIG\startupreg: Cepuawqyab => "C:\Users\Lukas Müller\AppData\Roaming\Evake\itdy.exe"

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2014 07:31:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: regsvr32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bcdd6
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16930, Zeitstempel: 0x4eeb01e3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000067ccf
ID des fehlerhaften Prozesses: 0x418
Startzeit der fehlerhaften Anwendung: 0xregsvr32.exe0
Pfad der fehlerhaften Anwendung: regsvr32.exe1
Pfad des fehlerhaften Moduls: regsvr32.exe2
Berichtskennung: regsvr32.exe3

Error: (08/18/2014 07:02:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: regsvr32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bcdd6
Name des fehlerhaften Moduls: FileTracker.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4ba23988
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fefaa9476c
ID des fehlerhaften Prozesses: 0xac8
Startzeit der fehlerhaften Anwendung: 0xregsvr32.exe0
Pfad der fehlerhaften Anwendung: regsvr32.exe1
Pfad des fehlerhaften Moduls: regsvr32.exe2
Berichtskennung: regsvr32.exe3

Error: (08/18/2014 05:24:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Monitor.exe, Version: 1.3.2.0, Zeitstempel: 0x525df4b2
Name des fehlerhaften Moduls: Monitor.exe, Version: 1.3.2.0, Zeitstempel: 0x525df4b2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00005b54
ID des fehlerhaften Prozesses: 0x894
Startzeit der fehlerhaften Anwendung: 0xMonitor.exe0
Pfad der fehlerhaften Anwendung: Monitor.exe1
Pfad des fehlerhaften Moduls: Monitor.exe2
Berichtskennung: Monitor.exe3

Error: (08/18/2014 04:44:56 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{c12c7fd2-0554-11e1-88a2-806e6f6e6963} - 0000000000000120,0x0053c06c,000000000049C200,0,00000000004961F0,4096,[0])". hr = 0x8007045d, Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
.


Vorgang:
  Ein Vergleichsbereichvolume wird automatisch ausgewählt
  EndPrepareSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (08/18/2014 04:44:49 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Users\Lukas Müller\Desktop\mbar\mbar.exe Müller\Desktop\mbar\mbar.exe" ; Beschreibung = Malwarebytes Anti-Rootkit Restore Point; Fehler = 0x80042306).

Error: (08/18/2014 04:44:44 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{c12c7fd2-0554-11e1-88a2-806e6f6e6963} - 0000000000000144,0x0053c06c,000000000049C200,0,00000000004961F0,4096,[0])". hr = 0x8007045d, Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
.


Vorgang:
  Ein Vergleichsbereichvolume wird automatisch ausgewählt
  EndPrepareSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (08/18/2014 04:44:31 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{c12c7fd2-0554-11e1-88a2-806e6f6e6963} - 0000000000000120,0x0053c06c,000000000049C200,0,00000000004961F0,4096,[0])". hr = 0x8007045d, Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
.


Vorgang:
  Ein Vergleichsbereichvolume wird automatisch ausgewählt
  EndPrepareSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (08/18/2014 04:44:19 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{c12c7fd2-0554-11e1-88a2-806e6f6e6963} - 0000000000000120,0x0053c06c,000000000049A200,0,00000000004961F0,4096,[0])". hr = 0x8007045d, Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
.


Vorgang:
  Ein Vergleichsbereichvolume wird automatisch ausgewählt
  EndPrepareSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (08/18/2014 04:44:07 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{c12c7fd2-0554-11e1-88a2-806e6f6e6963} - 0000000000000120,0x0053c06c,0000000000497200,0,00000000004961F0,4096,[0])". hr = 0x8007045d, Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
.


Vorgang:
  Ein Vergleichsbereichvolume wird automatisch ausgewählt
  EndPrepareSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider

Error: (08/18/2014 04:43:55 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{c12c7fd2-0554-11e1-88a2-806e6f6e6963} - 0000000000000120,0x0053c06c,00000000004921F0,0,00000000002DECC0,4096,[0])". hr = 0x8007045d, Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
.


Vorgang:
  Ein Vergleichsbereichvolume wird automatisch ausgewählt
  EndPrepareSnapshots wird verarbeitet

Kontext:
  Ausführungskontext: System Provider


System errors:
=============
Error: (08/19/2014 02:04:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (08/19/2014 01:59:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Cdr4_XP
Cdralw2k
cdudf_xp
UdfReadr_xp

Error: (08/19/2014 01:58:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\Cdralw2k.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/19/2014 01:58:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\Cdr4_XP.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/19/2014 01:58:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\Cdralw2k.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/19/2014 01:58:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\Cdr4_XP.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/19/2014 01:58:29 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\UdfReadr_xp.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/19/2014 01:58:29 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdudf_xp.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/19/2014 01:58:28 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\pwd_2K.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/19/2014 01:58:28 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\Cdralw2k.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2012-01-22 14:33:12.215
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Users\LUKASM~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-01-22 14:33:12.192
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Users\LUKASM~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-01-22 14:33:11.887
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-01-22 14:33:11.863
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 48%
Total physical RAM: 4094.49 MB
Available physical RAM: 2112.02 MB
Total Pagefile: 8187.13 MB
Available Pagefile: 5994.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Lokaler Datenträger) (Fixed) (Total:244.14 GB) (Free:6.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Fotos + ISOs) (Fixed) (Total:221.61 GB) (Free:156.41 GB) NTFS
Drive f: (Musik) (Fixed) (Total:244.04 GB) (Free:36.06 GB) NTFS
Drive g: (Volume) (Fixed) (Total:244.14 GB) (Free:192.79 GB) NTFS
Drive h: (Volume) (Fixed) (Total:443.23 GB) (Free:154.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 11CF11CF)
Partition 1: (Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.6 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 37004364)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

schrauber 21.08.2014 16:58
Adware & Co. deinstallieren



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-1935541172-1151020566-1174068504-1000\...\Run: [OjhuxFercu] => regsvr32.exe "
HKU\S-1-5-21-1935541172-1151020566-1174068504-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2870272 2011-02-26] (Microsoft Corporation) <==== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

lukasmueller 21.08.2014 23:37
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by Lukas Müller at 2014-08-21 22:47:50 Run:1
Running from C:\Users\Lukas Müller\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1935541172-1151020566-1174068504-1000\...\Run: [OjhuxFercu] => regsvr32.exe "
HKU\S-1-5-21-1935541172-1151020566-1174068504-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2870272 2011-02-26] (Microsoft Corporation) <==== ATTENTION
       
*****************

HKU\S-1-5-21-1935541172-1151020566-1174068504-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OjhuxFercu => value deleted successfully.
HKU\S-1-5-21-1935541172-1151020566-1174068504-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.

==== End of Fixlog ====
Code:

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 21.08.2014
Suchlauf-Zeit: 23:30:45
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.21.07
Rootkit Datenbank: v2014.08.16.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: Lukas Müller

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 381138
Verstrichene Zeit: 15 Min, 9 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 2
PUP.Optional.FilesFrog.A, HKU\S-1-5-21-1935541172-1151020566-1174068504-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BI, Löschen bei Neustart, [a19a44852b5064d201ec6bc4010330d0],
PUP.Optional.Somoto.A, HKU\S-1-5-21-1935541172-1151020566-1174068504-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOMOTO\SDP, Löschen bei Neustart, [8ab1c108c8b3c27428f8210ecc38837d],

Registrierungswerte: 2
PUP.Optional.FilesFrog.A, HKU\S-1-5-21-1935541172-1151020566-1174068504-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BI|ui_path_filesfrog, HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker, Löschen bei Neustart, [a19a44852b5064d201ec6bc4010330d0]
PUP.Optional.Somoto.A, HKU\S-1-5-21-1935541172-1151020566-1174068504-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOMOTO\SDP|affid, mcpatcherpro, Löschen bei Neustart, [8ab1c108c8b3c27428f8210ecc38837d]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 13
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\api, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\defaults, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\defaults\preferences, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\userCode, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\locale, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\locale\en-US, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\skin, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],

Dateien: 108
PUP.Optional.Somoto, C:\$Recycle.Bin\S-1-5-21-1935541172-1151020566-1174068504-1000\$R61HZKC\uninstall.exe, In Quarantäne, [65d67752c8b3999d938fa483d32ddd23],
PUP.Optional.ExpressFiles.A, C:\Users\Lukas Müller\Downloads\Majesty_-_Hellforces_2006_(320k)_Power_Metal_downloader_de_99138.exe, In Quarantäne, [56e509c04932ef47007fd65254ac39c7],
Trojan.Miner.RCD, C:\Users\Lukas Müller\Downloads\Ti_nspire_Cas_1_crack.zip, In Quarantäne, [14278f3acdae350195df74ef5da4ce32],
PUP.Optional.YourFileDownloader, C:\Users\Lukas Müller\Downloads\Bodyjar_how_it_works_rar_downloader_de_98842.exe, In Quarantäne, [68d332972358ea4cb684928c837d8d73],
PUP.Optional.Softonic.A, C:\Users\Lukas Müller\Downloads\SoftonicDownloader_fuer_audiosurf.exe, In Quarantäne, [f942e5e4a4d739fdba5a39f305fc47b9],
PUP.Optional.Softonic.A, C:\Users\Lukas Müller\Downloads\SoftonicDownloader_fuer_camstudio.exe, In Quarantäne, [83b8ddecd2a939fd3dd7ca627e8330d0],
PUP.Optional.Softonic.A, C:\Users\Lukas Müller\Downloads\SoftonicDownloader_fuer_doodle-jump.exe, In Quarantäne, [c07b43862754b5810b0981ab54ad0df3],
PUP.Optional.Softonic.A, C:\Users\Lukas Müller\Downloads\SoftonicDownloader_fuer_java-development-kit.exe, In Quarantäne, [d566dfea8dee171f070d03291de47f81],
PUP.Optional.Bandoo, C:\Users\Lukas Müller\Downloads\iLividSetup(1).exe, In Quarantäne, [b88374557803e4522f87987d0001a65a],
PUP.Optional.Bandoo, C:\Users\Lukas Müller\Downloads\iLividSetup(2).exe, In Quarantäne, [112a02c74536a3930babdf361ae752ae],
PUP.Optional.Bandoo, C:\Users\Lukas Müller\Downloads\iLividSetup-r484-n-bf.exe, In Quarantäne, [93a8725797e455e14a6c5abb728f8f71],
PUP.Optional.Bandoo, C:\Users\Lukas Müller\Downloads\iLividSetup.exe, In Quarantäne, [57e411b891ea8da9714563b24ab75da3],
PUP.WirelessKeyView, C:\Users\Lukas Müller\Downloads\WirelessKeyView_1.60.zip, In Quarantäne, [4dee7d4cdd9edb5b80f316d325dfe51b],
PUP.Optional.Softonic.A, C:\Users\Lukas Müller\Downloads\SoftonicDownloader_fuer_soundtap.exe, In Quarantäne, [81ba8742a2d989adfa1ab37970919a66],
PUP.Optional.Bandoo, C:\Users\Lukas Müller\Videos\iLividSetup-r484-n-bu.exe, In Quarantäne, [76c5329785f6310551655eb7778a37c9],
PUP.Optional.YourfileDownloader.A, C:\Windows\System32\Tasks\YourFile DownloaderUpdate, In Quarantäne, [1f1ce2e718635fd7ff6bd91882805da3],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome.manifest, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\install.rdf, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\7286b3b0acacccb9ea4445eb928e9780.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\background.html, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\bb33c928eb89bc3d38c6b1151ffbe95d.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\browser.xul, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\d1345267ebef3a0b9af069875d62e22c.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\dialog.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\e200cc4abcf177c6638453f25f7c64a5.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\e907a53f114218c4148594c0d15527ce.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\ffCoreFilesIndex.txt, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\options.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\options.xul, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\search_dialog.xul, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\api\501e6a74db6cb33ab1446636037b1cf7.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\api\02384ec02515c324d0f19b97364b7ed2.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\api\0885bb076f68d65554b95bb8ce871e2f.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\api\121e8880c8dfef3239babe31ea4274ea.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\api\1749bf9901dd04d1cf1409cd5aaaa6d7.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\api\2a5b5baed4a0d7b84c1dff3d7fca1c8d.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\api\311afd1becc097fd9940b05927cfcb7f.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\api\3dc919fc0bbfd18654c8bfe20803f2ff.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\api\484222622463eecf4e9165805e713473.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\api\5b4ac9bfdcb5c3918fdc94006cdc5c7c.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\api\659ad50d1ab607b7d92459338960c5ea.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\api\a0f1f3603f3ecf88ac769c8ddb9680da.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\api\cf52b31b1a68f9cfc7644c563a55832e.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\api\d0adf8d1b61d07b00d0cc4af4e03078e.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\api\e3d5b2af97f0b3173b24d322178bc48f.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\api\fc4751c9d16202fabe1a817f96694c25.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core\92532e8bfc023a78c67960f2d18ea09b.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core\0a1a8a8217189bc35b94847d7c7e4fc2.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core\13e04401904329a7508eb54d5f3195c4.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core\2f0ff050f671097d96d94c104434c0dd.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core\393e90d3cc4e9bd2ebdf3e9ef27e19e7.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core\401aacb951d5f0e04ee05d8bd6144981.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core\45d3975e4671aa1b7867695d5f47e093.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core\55e2e84bc427d2740a975b37aa338ef1.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core\59265d7e8be8a5a2992c2fa57454dddb.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core\6a53e349b7c27d41cb41ea797e5d780b.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core\7350f1336e15019c682d77b797d5a1b5.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core\7a879cf14e3aaeda6be27deba65bb91d.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core\81858a5966c621b9979109274d6825c9.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core\82fbb97348b59cfd5215ba199e1a9abb.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core\b9502e04b3e78535c0613467c48e66a9.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core\b9eaa48c0517938aeb807f350a8f76c4.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core\e32db7705875df3b715c3c93831eaf75.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core\e3d79593491ed8eea84141c9e6e5873a.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core\e6f7587ab1ceee85f2698443c28ffe6e.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core\f23c233bf6741c2eed06086118968353.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\chrome\content\core\installer.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\defaults\preferences\prefs.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\manifest.xml, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins.json, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins\1.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins\13.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins\14.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins\16.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins\17.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins\177.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins\182.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins\183.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins\207.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins\21.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins\22.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins\246.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins\268.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins\28.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins\4.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins\47.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins\64.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins\72.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins\78.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins\91.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\plugins\98.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\userCode\background.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\extensionData\userCode\extension.js, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\locale\en-US\translations.dtd, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\skin\button1.png, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\skin\button2.png, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\skin\button3.png, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\skin\button4.png, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\skin\button5.png, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\skin\crossrider_statusbar.png, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\skin\icon128.png, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\skin\icon16.png, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\skin\icon24.png, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\skin\icon48.png, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\skin\panelarrow-up.png, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\skin\popup.html, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\skin\skin.css, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],
PUP.Optional.CrossRider.A, C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\extensions\2f86d471-1122-4c15-901a-d7fd67316cd9@ca42b8d2-0eb6-47be-84a2-6d95abe186e8.com\skin\update.css, In Quarantäne, [102b2c9d1764dd595a91962b887ab749],

Physische Sektoren: 0
(No malicious items detected)


(end)
AdwCleaner Logfile:
Code:
# AdwCleaner v3.308 - Bericht erstellt am 22/08/2014 um 00:02:49
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzername : Lukas Müller - LUKASMÜLLER-PC
# Gestartet von : C:\Users\Lukas Müller\Downloads\adwcleaner_3.308.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : 70e6ca8c

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Datei Gelöscht : C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\foxydeal.sqlite

***** [ Tasks ] *****

Task Gelöscht : Express FilesUpdate
Task Gelöscht : YourFile DownloaderUpdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412268}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412268}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Somoto
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7600.17115


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ Datei : C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [15735 octets] - [03/11/2013 17:06:53]
AdwCleaner[R1].txt - [1386 octets] - [03/11/2013 18:13:50]
AdwCleaner[R2].txt - [2696 octets] - [22/08/2014 00:01:07]
AdwCleaner[S0].txt - [14823 octets] - [03/11/2013 17:07:35]
AdwCleaner[S1].txt - [1345 octets] - [03/11/2013 18:15:40]
AdwCleaner[S2].txt - [2338 octets] - [22/08/2014 00:02:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2398 octets] ##########
--- --- ---

[/CODE]

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Lukas Mller on 22.08.2014 at  0:14:22,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1935541172-1151020566-1174068504-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181110}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181110}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181110}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup(2)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup(2)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r484-n-bf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r484-n-bf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\a2zLyrics-16-chromeinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\a2zLyrics-16-chromeinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\a2zLyrics-16-codedownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\a2zLyrics-16-codedownloader_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\a2zLyrics-16-updater_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\a2zLyrics-16-updater_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup(2)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup(2)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r484-n-bf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r484-n-bf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\a2zLyrics-16-chromeinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\a2zLyrics-16-chromeinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\a2zLyrics-16-codedownloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\a2zLyrics-16-codedownloader_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\a2zLyrics-16-updater_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\a2zLyrics-16-updater_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Lukas Mller\appdata\local\{b27a93e9-67fa-cd94-2871-30cac4a5aa84}



~~~ FireFox

Emptied folder: C:\Users\Lukas Mller\AppData\Roaming\mozilla\firefox\profiles\r9rwaggt.default-1369339540531\minidumps [441 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.08.2014 at  0:19:30,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Lukas Müller (administrator) on LUKASMÜLLER-PC on 22-08-2014 00:34:49
Running from C:\Users\Lukas Müller\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\ASGT.exe
() C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(WeGame.com, Inc.) C:\Program Files (x86)\WeGame\wgclientservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Lukas Müller\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2013-03-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AdaptecDirectCD] => C:\Program Files (x86)\Roxio\WinOnCD 5 PE\DirectCD\DirectCD.exe [655360 2001-10-10] (Roxio)
HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_15_Premium_Sonderedition\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl11] => C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe [237120 2013-03-01] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1935541172-1151020566-1174068504-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-1935541172-1151020566-1174068504-1000\...\Run: [Facebook Update] => C:\Users\Lukas Müller\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-03] (Facebook Inc.)
HKU\S-1-5-21-1935541172-1151020566-1174068504-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1935541172-1151020566-1174068504-1000\...\Run: [Spotify Web Helper] => C:\Users\Lukas Müller\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-18] (Spotify Ltd)
HKU\S-1-5-21-1935541172-1151020566-1174068504-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2870272 2011-02-26] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1935541172-1151020566-1174068504-1000\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Lukas Müller\AppData\Local\{b27a93e9-67fa-cd94-2871-30cac4a5aa84}\n. ATTENTION! ====> ZeroAccess/Alureon?
HKU\S-1-5-21-1935541172-1151020566-1174068504-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-1935541172-1151020566-1174068504-1000\$b27a93e967facd94287130cac4a5aa84\n. ATTENTION! ====> ZeroAccess?
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
SSODL-x32: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lukas Müller\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6EA97C034F01CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - c:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - c:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.7601.17514_none_d1a4c8feac0dfcdb\urlmon.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.2.1 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.2.1 -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Lukas Müller\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-08]
FF Extension: ProxTube - C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-07-29]
FF Extension: Adblock Plus - C:\Users\Lukas Müller\AppData\Roaming\Mozilla\Firefox\Profiles\r9rwaggt.default-1369339540531\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-05-22]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [85568 2013-03-01] ()
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [77576 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [294664 2013-03-11] (CyberLink)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-29] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WeGameClientService; C:\Program Files (x86)\WeGame\WGClientService.exe [18472 2011-07-28] (WeGame.com, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-11-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S1 Cdr4_XP; C:\Windows\SysWow64\Drivers\Cdr4_XP.sys [55216 2001-09-18] (Roxio) [File not signed]
S1 Cdralw2k; C:\Windows\SysWow64\Drivers\Cdralw2k.sys [23561 2001-09-18] (Roxio) [File not signed]
S1 cdudf_xp; C:\Windows\SysWow64\Drivers\cdudf_xp.sys [233600 2001-10-10] (Roxio) [File not signed]
S3 dvd_2K; C:\Windows\SysWow64\Drivers\dvd_2K.sys [17958 2001-09-10] (Roxio) [File not signed]
S3 hxctlflt; C:\Windows\System32\Drivers\hxctlflt.sys [111104 2009-02-08] (Guillemot Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-11-02] ()
S3 mmc_2K; C:\Windows\SysWow64\Drivers\mmc_2K.sys [19158 2001-10-10] (Roxio) [File not signed]
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S1 pwd_2K; C:\Windows\SysWow64\Drivers\pwd_2K.sys [79414 2001-10-10] (Roxio) [File not signed]
S3 Secdrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [14368 1999-09-27] () [File not signed]
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3552384 2009-04-22] ()
S3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [419160 2011-04-28] (TASCAM)
S3 TASCAM_US122L_MK2_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [31576 2011-04-28] (TASCAM)
S3 TASCAM_US122L_MK2_WDM; C:\Windows\System32\drivers\tscusb2a.sys [53080 2011-04-28] (TASCAM)
R3 tbs5922vhid; C:\Windows\System32\drivers\tbs5922vhid.sys [23728 2014-03-07] (Windows (R) Win 7 DDK provider)
R2 TBS_TBS5922BDA; C:\Windows\System32\DRIVERS\tbs5922.sys [86064 2014-03-07] (TBS )
S1 UdfReadr_xp; C:\Windows\SysWow64\Drivers\UdfReadr_xp.sys [205440 2001-10-10] (Roxio) [File not signed]
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [130320 2013-03-11] (CyberLink Corp.)
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-22 00:34 - 2014-08-22 00:34 - 00019031 _____ () C:\Users\Lukas Müller\Desktop\FRST.txt
2014-08-22 00:14 - 2014-08-22 00:14 - 01016261 _____ (Thisisu) C:\Users\Lukas Müller\Downloads\JRT.exe
2014-08-22 00:14 - 2014-08-22 00:14 - 00000000 ____D () C:\Windows\ERUNT
2014-08-22 00:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-22 00:00 - 2014-08-22 00:00 - 01364531 _____ () C:\Users\Lukas Müller\Downloads\adwcleaner_3.308.exe
2014-08-21 23:28 - 2014-08-21 23:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 23:28 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-21 23:27 - 2014-08-21 23:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lukas Müller\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-21 22:31 - 2014-08-21 22:31 - 00001287 _____ () C:\Users\Lukas Müller\Desktop\Revo Uninstaller.lnk
2014-08-21 22:31 - 2014-08-21 22:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-21 22:30 - 2014-08-21 22:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Lukas Müller\Downloads\revosetup95.exe
2014-08-19 14:32 - 2014-08-19 14:33 - 00043783 _____ () C:\Users\Lukas Müller\Desktop\Addition.txt
2014-08-19 14:28 - 2014-08-22 00:34 - 00000000 ____D () C:\FRST
2014-08-19 14:27 - 2014-08-19 14:27 - 02101760 _____ (Farbar) C:\Users\Lukas Müller\Desktop\FRST64.exe
2014-08-18 20:09 - 2014-08-18 20:09 - 03755599 _____ () C:\Users\Lukas Müller\Downloads\nvoglv32.zip
2014-08-18 19:33 - 2014-08-18 19:33 - 00000052 _____ () C:\Windows\avmcoins.log
2014-08-18 19:04 - 2014-08-18 19:04 - 00000000 ____D () C:\ProgramData\GroupPolicy
2014-08-18 18:48 - 2014-08-18 18:48 - 02350493 _____ () C:\re-regdll.bat
2014-08-18 18:12 - 2014-08-18 18:12 - 00000000 ____D () C:\Windows\pss
2014-08-18 16:47 - 2014-08-18 16:47 - 00282488 _____ () C:\Windows\Minidump\081814-35973-01.dmp
2014-08-18 15:41 - 2014-08-18 17:00 - 00000000 ____D () C:\ProgramData\IvhacVucqu
2014-08-18 15:17 - 2014-08-21 23:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-18 15:17 - 2014-08-18 17:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-18 15:15 - 2014-08-18 17:00 - 00000000 ____D () C:\Users\Lukas Müller\Desktop\mbar
2014-08-18 15:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-18 15:05 - 2014-08-18 15:06 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Lukas Müller\Desktop\mbar-1.07.0.1012.exe
2014-08-18 02:18 - 2014-08-18 16:20 - 00000000 ____D () C:\ProgramData\AfivkArxum
2014-08-18 00:52 - 2014-08-18 00:55 - 00000000 ____D () C:\ProgramData\OjhuxFercu
2014-08-18 00:05 - 2014-08-18 16:10 - 00000000 ____D () C:\ProgramData\OjyisHanat
2014-08-18 00:05 - 2014-08-18 02:18 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-14 22:06 - 2014-08-17 20:37 - 00001482 _____ () C:\Users\Lukas Müller\AppData\Local\RecConfig.xml
2014-08-14 22:06 - 2014-08-14 22:06 - 00001042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-08-14 22:06 - 2014-08-14 22:06 - 00001030 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-08-14 22:02 - 2014-08-14 22:02 - 00001071 _____ () C:\Users\Lukas Müller\Desktop\No23 Recorder.lnk
2014-08-14 22:02 - 2014-08-14 22:02 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No23 Recorder
2014-08-14 22:02 - 2014-08-14 22:02 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Local\No23 Recorder
2014-08-14 22:01 - 2014-08-14 22:01 - 02497825 _____ (No23) C:\Users\Lukas Müller\Downloads\No23Recorder2103.exe
2014-08-10 16:12 - 2014-08-10 16:12 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Local\SKIDROW
2014-08-10 15:04 - 2014-08-10 15:28 - 00000000 ____D () C:\Users\Lukas Müller\Downloads\Tony Hawk's Pro Skater HD

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-22 00:35 - 2014-08-22 00:34 - 00019031 _____ () C:\Users\Lukas Müller\Desktop\FRST.txt
2014-08-22 00:34 - 2014-08-19 14:28 - 00000000 ____D () C:\FRST
2014-08-22 00:23 - 2013-11-23 20:23 - 00000000 ____D () C:\Users\Lukas Müller\Desktop\riffs
2014-08-22 00:14 - 2014-08-22 00:14 - 01016261 _____ (Thisisu) C:\Users\Lukas Müller\Downloads\JRT.exe
2014-08-22 00:14 - 2014-08-22 00:14 - 00000000 ____D () C:\Windows\ERUNT
2014-08-22 00:12 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-22 00:12 - 2009-07-14 06:45 - 00014608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-22 00:08 - 2009-07-14 19:58 - 00719388 _____ () C:\Windows\system32\perfh007.dat
2014-08-22 00:08 - 2009-07-14 19:58 - 00159988 _____ () C:\Windows\system32\perfc007.dat
2014-08-22 00:08 - 2009-07-14 07:13 - 01712474 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-22 00:05 - 2012-10-31 19:28 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-22 00:04 - 2011-12-30 22:46 - 00000012 _____ () C:\ProgramData\DirectCDUserName.txt
2014-08-22 00:04 - 2011-11-02 19:48 - 00432136 _____ () C:\Windows\PFRO.log
2014-08-22 00:04 - 2011-11-02 15:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-22 00:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-22 00:04 - 2009-07-14 06:51 - 00211744 _____ () C:\Windows\setupact.log
2014-08-22 00:03 - 2011-11-02 15:18 - 02066760 _____ () C:\Windows\WindowsUpdate.log
2014-08-22 00:02 - 2013-11-03 17:06 - 00000000 ____D () C:\AdwCleaner
2014-08-22 00:00 - 2014-08-22 00:00 - 01364531 _____ () C:\Users\Lukas Müller\Downloads\adwcleaner_3.308.exe
2014-08-21 23:52 - 2014-08-18 15:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 23:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security
2014-08-21 23:28 - 2014-08-21 23:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 23:28 - 2014-08-21 23:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lukas Müller\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-21 23:28 - 2013-11-03 17:21 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-21 23:28 - 2013-11-03 17:21 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Roaming\Malwarebytes
2014-08-21 23:28 - 2013-11-03 17:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 22:42 - 2011-12-25 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-21 22:31 - 2014-08-21 22:31 - 00001287 _____ () C:\Users\Lukas Müller\Desktop\Revo Uninstaller.lnk
2014-08-21 22:31 - 2014-08-21 22:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-21 22:30 - 2014-08-21 22:30 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Lukas Müller\Downloads\revosetup95.exe
2014-08-21 22:19 - 2013-01-03 20:14 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1935541172-1151020566-1174068504-1000UA.job
2014-08-21 19:19 - 2013-01-03 20:14 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1935541172-1151020566-1174068504-1000Core.job
2014-08-19 15:19 - 2012-07-10 17:22 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Roaming\Skype
2014-08-19 14:33 - 2014-08-19 14:32 - 00043783 _____ () C:\Users\Lukas Müller\Desktop\Addition.txt
2014-08-19 14:27 - 2014-08-19 14:27 - 02101760 _____ (Farbar) C:\Users\Lukas Müller\Desktop\FRST64.exe
2014-08-18 20:09 - 2014-08-18 20:09 - 03755599 _____ () C:\Users\Lukas Müller\Downloads\nvoglv32.zip
2014-08-18 19:33 - 2014-08-18 19:33 - 00000052 _____ () C:\Windows\avmcoins.log
2014-08-18 19:04 - 2014-08-18 19:04 - 00000000 ____D () C:\ProgramData\GroupPolicy
2014-08-18 19:02 - 2014-05-12 19:37 - 01611120 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-18 18:48 - 2014-08-18 18:48 - 02350493 _____ () C:\re-regdll.bat
2014-08-18 18:12 - 2014-08-18 18:12 - 00000000 ____D () C:\Windows\pss
2014-08-18 17:21 - 2014-08-18 15:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-18 17:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI
2014-08-18 17:00 - 2014-08-18 15:41 - 00000000 ____D () C:\ProgramData\IvhacVucqu
2014-08-18 17:00 - 2014-08-18 15:15 - 00000000 ____D () C:\Users\Lukas Müller\Desktop\mbar
2014-08-18 16:47 - 2014-08-18 16:47 - 00282488 _____ () C:\Windows\Minidump\081814-35973-01.dmp
2014-08-18 16:47 - 2011-11-05 18:00 - 00000000 ____D () C:\Windows\Minidump
2014-08-18 16:20 - 2014-08-18 02:18 - 00000000 ____D () C:\ProgramData\AfivkArxum
2014-08-18 16:10 - 2014-08-18 00:05 - 00000000 ____D () C:\ProgramData\OjyisHanat
2014-08-18 15:06 - 2014-08-18 15:05 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Lukas Müller\Desktop\mbar-1.07.0.1012.exe
2014-08-18 02:18 - 2014-08-18 00:05 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-18 00:55 - 2014-08-18 00:52 - 00000000 ____D () C:\ProgramData\OjhuxFercu
2014-08-17 20:51 - 2014-03-22 17:43 - 00000000 ____D () C:\Users\Lukas Müller\Desktop\Neuer Ordner
2014-08-17 20:37 - 2014-08-14 22:06 - 00001482 _____ () C:\Users\Lukas Müller\AppData\Local\RecConfig.xml
2014-08-17 20:29 - 2012-10-23 20:37 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Roaming\Spotify
2014-08-17 14:54 - 2011-12-25 16:50 - 00000000 ____D () C:\Users\Lukas Müller\Documents\DVDVideoSoft
2014-08-15 23:00 - 2013-09-08 14:39 - 00001064 _____ () C:\Users\Lukas Müller\Desktop\Dropbox.lnk
2014-08-15 23:00 - 2013-09-08 14:35 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-15 23:00 - 2012-06-14 22:32 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Roaming\Dropbox
2014-08-15 20:36 - 2013-11-18 19:37 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Roaming\Audacity
2014-08-14 22:06 - 2014-08-14 22:06 - 00001042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-08-14 22:06 - 2014-08-14 22:06 - 00001030 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-08-14 22:06 - 2013-11-18 19:37 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-08-14 22:02 - 2014-08-14 22:02 - 00001071 _____ () C:\Users\Lukas Müller\Desktop\No23 Recorder.lnk
2014-08-14 22:02 - 2014-08-14 22:02 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No23 Recorder
2014-08-14 22:02 - 2014-08-14 22:02 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Local\No23 Recorder
2014-08-14 22:01 - 2014-08-14 22:01 - 02497825 _____ (No23) C:\Users\Lukas Müller\Downloads\No23Recorder2103.exe
2014-08-13 22:39 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-12 23:00 - 2012-01-15 16:31 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Roaming\uTorrent
2014-08-12 03:54 - 2012-10-23 20:38 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Local\Spotify
2014-08-11 14:19 - 2012-07-10 17:21 - 00000000 ____D () C:\ProgramData\Skype
2014-08-10 16:12 - 2014-08-10 16:12 - 00000000 ____D () C:\Users\Lukas Müller\AppData\Local\SKIDROW
2014-08-10 16:12 - 2011-12-19 15:42 - 00000000 ____D () C:\Users\Lukas Müller\Documents\My Games
2014-08-10 15:28 - 2014-08-10 15:04 - 00000000 ____D () C:\Users\Lukas Müller\Downloads\Tony Hawk's Pro Skater HD
2014-08-08 22:35 - 2014-07-06 15:52 - 00001873 _____ () C:\Users\Lukas Müller\Desktop\virtual dj.txt
2014-08-01 00:16 - 2013-06-22 13:06 - 00000000 ____D () C:\Users\Lukas Müller\Documents\Flight Simulator X-Dateien
2014-07-30 17:10 - 2013-05-22 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

ZeroAccess:
C:\Users\Lukas Müller\AppData\Local\{b27a93e9-67fa-cd94-2871-30cac4a5aa84}
C:\Users\Lukas Müller\AppData\Local\{b27a93e9-67fa-cd94-2871-30cac4a5aa84}\@
C:\Users\Lukas Müller\AppData\Local\{b27a93e9-67fa-cd94-2871-30cac4a5aa84}\U\00000001.@
C:\Users\Lukas Müller\AppData\Local\{b27a93e9-67fa-cd94-2871-30cac4a5aa84}\U\800000cb.@

Files to move or delete:
====================
C:\Users\Lukas Müller\jagex_cl_runescape_LIVE.dat
C:\Users\Lukas Müller\random.dat
C:\Users\Lukas Müller\AppData\Roaming\skype.ini


Some content of TEMP:
====================
C:\Users\Lukas Müller\AppData\Local\Temp\avgnt.exe
C:\Users\Lukas Müller\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-18 19:30

==================== End Of Log ============================
--- --- ---

--- --- ---

[/CODE]

schrauber 22.08.2014 19:22

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

lukasmueller 23.08.2014 00:01
Code:

Results of screen317's Security Check version 0.99.87 
 Windows 7  x64 (UAC is enabled) 
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 21 
 Java version out of Date!
  Adobe Flash Player 13.0.0.206 Flash Player out of Date! 
 Adobe Reader 10.1.9 Adobe Reader out of Date! 
 Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Die Fehlermeldung ist seit der Idee mit der Fixlist spurlos verschwunden.
Auch andere Probleme, wie z.B. das ungewohnt langsame Internet, sowie die langen Ladezeiten von Dateien, treten nun nicht mehr auf.
Sollte mein System jetzt tatsächlich bereinigt sein, kann ich mich nur herzlichst für den effektiven und schnellen Support vom Board bedanken.

Viele Grüße
Lukas Müller

schrauber 23.08.2014 20:41
da fehlt aber noch der Rest obiger Anweisungen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:46 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131