Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 7 nach Start Blackscreen, keine Taskleiste , kein desktop NUR Arbeitsplatz offen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.12.2014, 15:21   #1
Erdman
 
Windows 7 nach Start Blackscreen, keine Taskleiste , kein desktop NUR Arbeitsplatz offen - Standard

Windows 7 nach Start Blackscreen, keine Taskleiste , kein desktop NUR Arbeitsplatz offen



Guten Tag.
Ich habe exakt dasselbe Problem wie von User julyal.
der Bildschirm bleibt nach Hochfahren und Anmeldung des Benutzerkontos schwarz, es ist nur das Fenster "Computer" zu sehen.



Hier die Codes vom FRST:
Wenn ich die Addition Code posten soll, schreibt bitte unter diesem Beitrag. Kann nicht beide aufeinmal posten, weil sonst das Zeichenlimit erreicht ist. Und mir selber antworten sollte ich ja nicht laut Regeln.

FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014
Ran by Erdbeere (administrator) on ERDBEERE-PC on 02-12-2014 15:03:42
Running from C:\Users\Erdbeere\Downloads
Loaded Profile: Erdbeere (Available profiles: Erdbeere)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Englisch (USA)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Hama\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Hama\Common\RaRegistry64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [ae4b567fec6cfbd4311a53a00e00b8b9] => .. [0 2014-11-28] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [MFARestart] => C:\ProgramData\MFAData\pack\avgrunasx.exe [287792 2013-08-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RoccatIskuFX] => C:\Program Files (x86)\ROCCAT\Isku FX Keyboard\IskuFXMonitor.exe [540672 2013-10-30] (ROCCAT GmbH)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-11-03] (LogMeIn Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2013-07-14] ()
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\...\Run: [LiveSupport] => "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\...\Run: [ae4b567fec6cfbd4311a53a00e00b8b9] => [X]
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Erdbeere\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\...\Run: [Tiny download manager] => "C:\Users\Erdbeere\Downloads\TinyDM.exe" /M
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\...\Run: [Media Finder] => "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-09-27] (Electronic Arts)
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Erdbeere\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid c9fe24d4fd8447d0984d192946be015f-c145a24e16984e968738addfbcc1a3e0f29baa74 --CMPID 0913b
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [242688 2013-11-05] (SteelSeries ApS)
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22066272 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\...\Run: [Google Update] => C:\Users\Erdbeere\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-27] (Google Inc.)
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\...\MountPoints2: {25f915d2-3267-11e3-b1b8-00ac726d81ab} - G:\Startme.exe
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\...\MountPoints2: {700c5252-10c9-11e4-85c5-00ac726d81ab} - G:\HTC_Sync_Manager_PC.exe
AppInit_DLLs-x32: c:\progra~2\sprote~1\sprote~1.dll => "c:\progra~2\sprote~1\sprote~1.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~2\contin~1\sprote~1.dll => "c:\progra~2\contin~1\sprote~1.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~2\websea~1\sprote~1.dll => "c:\progra~2\websea~1\sprote~1.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
ShortcutTarget: Hama Wireless LAN Utility.lnk -> C:\Program Files (x86)\Hama\Common\RaUI.exe (Ralink Technology, Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOGO.lnk
ShortcutTarget: LOGO.lnk -> C:\Windows\Setup\scripts\LOGO.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Roccat Talk.lnk
ShortcutTarget: Roccat Talk.lnk -> C:\Windows\Installer\{605D671E-1D1E-4840-84D9-BFACE17F160D}\NewShortcut1_38373BA15BEE4DD08E16D3720C304537.exe (Flexera Software LLC)
Startup: C:\Users\Erdbeere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ae4b567fec6cfbd4311a53a00e00b8b9.exe ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.b1.org/?bsrc=hmior&chid=c167991
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7A2342981924CD01
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\Software\Microsoft\Internet Explorer\Main,Search Page Before = hxxp://search.b1.org/?bsrc=hmior&chid=c167991
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1400068948&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\Software\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://search.b1.org/?bsrc=hmior&chid=c167991
HKU\S-1-5-21-3635345910-3654688113-2807691085-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1400068948&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-3635345910-3654688113-2807691085-1000 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838&ts=1379423121
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.chatzum.com/?q={searchTerms}
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.lookforithere.info/?l=1&q={searchTerms}&pid=821&r=2013/05/17&hid=3246380916&lg=EN&cc=DE&unqvl=14
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3635345910-3654688113-2807691085-1000 -> DefaultScope {CD9DA5C1-DC84-473D-B960-F583AC699A46} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
SearchScopes: HKU\S-1-5-21-3635345910-3654688113-2807691085-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP7C1899F1-644B-4111-B7B3-DFFAE881DA39&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3635345910-3654688113-2807691085-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119498&babsrc=SP_ss&mntrId=7A0F00FF33A5552E
SearchScopes: HKU\S-1-5-21-3635345910-3654688113-2807691085-1000 -> {1F0453C4-2CA6-44F5-A992-EB2ECC4F2721} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3635345910-3654688113-2807691085-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400068948&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3635345910-3654688113-2807691085-1000 -> {66BF85C9-AF2E-4174-A695-C69F688999C2} URL = hxxp://search.chatzum.com/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3635345910-3654688113-2807691085-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={127F0C05-8922-4F41-89AF-4FD007D51200}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3635345910-3654688113-2807691085-1000 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://search.chatzum.com/?q={SearchTerms}
SearchScopes: HKU\S-1-5-21-3635345910-3654688113-2807691085-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
SearchScopes: HKU\S-1-5-21-3635345910-3654688113-2807691085-1000 -> {B3654491-59F6-4F93-A944-F6272A669367} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=kw&q={searchTerms}&locale=&apn_ptnrs=6F&apn_dtid=YYYYYYYYNL&apn_uid=ad326529-0b41-4b03-8b38-a992ea5a1488&apn_sauid=4EF30D98-64D8-43DE-BF97-00CE20CF6B4A
SearchScopes: HKU\S-1-5-21-3635345910-3654688113-2807691085-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.lookforithere.info/?l=1&q={searchTerms}&pid=821&r=2013/05/17&hid=3246380916&lg=EN&cc=DE&unqvl=14
SearchScopes: HKU\S-1-5-21-3635345910-3654688113-2807691085-1000 -> {CD9DA5C1-DC84-473D-B960-F583AC699A46} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
BHO-x32: DVDVideoSoftTB DE Toolbar -> {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} -> C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Avira Savings Advisor BHO -> {A18A516C-AA41-46A9-92DB-60208917E442} -> C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SearchNewTab -> {E490B22A-EDD4-3FAF-CFB3-850F77D90EA8} -> C:\ProgramData\SearchNewTab\5196ab9abd9bf.dll No File
BHO-x32: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
BHO-x32: coNtinuuetosave -> {FBD2D6F7-E486-91AD-2883-587466E43FCB} -> C:\ProgramData\coNtinuuetosave\5196ab8258f47.dll No File
BHO-x32: Yontoo -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - loadtbs - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Erdbeere\AppData\Roaming\loadtbs\toolbar.dll No File
Toolbar: HKLM-x32 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKU\S-1-5-21-3635345910-3654688113-2807691085-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKU\S-1-5-21-3635345910-3654688113-2807691085-1000 -> No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} -  No File
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default
FF NewTab: hxxp://www.sweet-page.com/newtab/?type=nt&ts=1400068948&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838
FF DefaultSearchEngine: sweet-page
FF DefaultSearchUrl: hxxp://websearch.lookforithere.info/?pid=821&r=2013/05/17&hid=3246380916&lg=EN&cc=DE&unqvl=14&l=1&q=
FF SearchEngineOrder.1: qvo6
FF SelectedSearchEngine: sweet-page
FF Homepage: hxxp://www.sweet-page.com/?type=hp&ts=1400068948&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&CUI=UN82797934730085087&UM=cor&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3635345910-3654688113-2807691085-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Erdbeere\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3635345910-3654688113-2807691085-1000: @talk.google.com/O1DPlugin -> C:\Users\Erdbeere\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3635345910-3654688113-2807691085-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Erdbeere\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3635345910-3654688113-2807691085-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Erdbeere\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3635345910-3654688113-2807691085-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Erdbeere\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3635345910-3654688113-2807691085-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Erdbeere\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Erdbeere\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml
FF SearchPlugin: C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF Extension: General Crawler - C:\Users\Erdbeere\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-06-09]
FF Extension: Avira Browser Safety - C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\Extensions\abs@avira.com [2014-11-13]
FF Extension: Amazon-Icon - C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\Extensions\amazon-icon@giga.de [2014-05-14]
FF Extension: Avira Savings Advisor - C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\Extensions\ciuvo-extension@avira.de [2014-03-23]
FF Extension: coNtinuuetosave - C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\Extensions\oeoemrg@y-.net [2013-05-29]
FF Extension: contoinuetosaivey - C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\Extensions\ojfv-d@rwvvl-.com [2013-06-23]
FF Extension: Quick Start - C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\Extensions\quick_start@gmail.com [2014-05-14]
FF Extension: loadtbs - C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\Extensions\software@loadtubes.com [2012-09-05]
FF Extension: SearchNewTab - C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\Extensions\spsc.ksc@kwz-lalyou.edu [2013-05-29]
FF Extension: No Name - C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\Extensions\trash [2013-09-28]
FF Extension: DVDVideoSoftTB DE  - C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\Extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} [2013-09-28]
FF Extension: Exif Viewer - C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2013-04-12]
FF Extension: Firebug - C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\Extensions\firebug@software.joehewitt.com.xpi [2013-01-11]
FF Extension: Online HD TV - C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\Extensions\onlinehdtv@onlinehd.tv.xpi [2012-10-13]
FF Extension: Yontoo - C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\Extensions\plugin@yontoo.com.xpi [2013-04-01]
FF Extension: Adblock Plus - C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-18]
FF Extension: DownThemAll! - C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-05-29]
FF Extension: Greasemonkey - C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-01-11]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2013-08-10]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Erdbeere\AppData\Roaming\Mozilla\Firefox\Profiles\wpqo16bk.default\extensions\quick_start@gmail.com

Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1400068948&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1400149966&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1400152717&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1400170018&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1400252733&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1400330749&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1400413118&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1400503243&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1400962695&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1400974707&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1400976521&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1401046570&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1401101579&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1401189215&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1401207411&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1401272029&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1401287569&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1401370872&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1401441156&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1401464782&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1401531521&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1401584446&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1401700187&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1401739618&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1401890872&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1401978581&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1402045192&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1402154847&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1402178490&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1402179335&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1402234476&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1402272466&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1402326103&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1402414529&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1402456571&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1402513674&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1402591833&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1402644227&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1402657704&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1402723818&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1402817326&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1402846208&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1402846473&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1402849901&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1402933195&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403018653&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403107713&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403121237&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403151526&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403236563&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403240797&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403283285&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403322506&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403367604&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403393032&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403455824&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403458731&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403513763&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403600138&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403640949&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403772664&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403865859&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403890927&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403892841&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403959834&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403970555&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403971682&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1403995696&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1404044351&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1404139581&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1404167120&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1404207641&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1404239230&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1404305355&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1404377745&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1404387727&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1404482943&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1404559319&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1404654631&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1404724249&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1404730295&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1404835836&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1404914856&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1404982572&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1405008407&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1405088382&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1405102376&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1405172427&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1405265180&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1405270778&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1405355737&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1405428651&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1405521729&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1405533590&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1405605751&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1405682571&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1405775626&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1405867652&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1405941848&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1406019911&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1406055619&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1406124716&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1406137878&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1406153300&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1406205392&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1406237068&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1406297307&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1406386410&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1406474603&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1406538231&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1406583992&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1406643309&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1406725828&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1406815938&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1406901592&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1406991340&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1407090771&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1407094260&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1407157568&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1407182917&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1407184686&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838", "hxxp://www.sweet-page.com/?type=hppp&ts=1407576497&from=wld&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUD74083840838"
CHR Profile: C:\Users\Erdbeere\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Erdbeere\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-29]
CHR Extension: (Avira Sparberater) - C:\Users\Erdbeere\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojnmaaohncijldefpkpkkakjonfmgeb [2014-03-23]
CHR Extension: (General Crawler) - C:\Users\Erdbeere\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel [2013-03-26]
CHR Extension: (Tampermonkey) - C:\Users\Erdbeere\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-11-23]
CHR Extension: (Avira Browserschutz) - C:\Users\Erdbeere\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-23]
CHR Extension: (AdBlock) - C:\Users\Erdbeere\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-23]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\Erdbeere\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2014-11-23]
CHR Extension: (Ashish Mishra) - C:\Users\Erdbeere\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2014-11-23]
CHR Extension: (Amazon-Icon) - C:\Users\Erdbeere\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-11-23]
CHR Extension: (Yontoo) - C:\Users\Erdbeere\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc [2014-11-23]
CHR Extension: (Google Wallet) - C:\Users\Erdbeere\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Erdbeere\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2012-06-09]
CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files (x86)\OnlineHD.TV\onhd10.crx [2012-06-09]
CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [2012-06-09]
CHR HKLM-x32\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Erdbeere\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [2012-06-09]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Erdbeere\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-05-14]
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx [2012-10-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [545576 2013-02-23] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-02-22] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [389928 2013-02-23] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 libusbd; C:\Windows\SysWOW64\libusbd-nt.exe [18944 2005-03-09] (hxxp://libusb-win32.sourceforge.net) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-10-21] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3953632 2012-03-05] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Hama\Common\RaRegistry.exe [193888 2010-06-01] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Hama\Common\RaRegistry64.exe [211296 2010-06-01] (Ralink Technology, Corp.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 CleanMyPCService; C:\Program Files\CleanMyPC\CleanMyPCService.exe [X]
S3 w7Svc; C:\Program Files (x86)\webcam 7\wService.exe /startedbyscm:5053B757-40E35B3B-webcam7SRV [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
S3 ASPI; C:\Windows\SysWOW64\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) [File not signed]
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2012-05-31] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-07] (DT Soft Ltd)
S3 hcwE5bda; C:\Windows\System32\drivers\hcwE5bda.sys [968792 2013-11-04] (Hauppauge Computer Work, Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46280 2013-02-22] (AnchorFree Inc.)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [33792 2005-03-09] () [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 Neo_xd; C:\Windows\System32\DRIVERS\Neo_0089.sys [29808 2012-11-12] (SoftEther Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19912 2009-11-04] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13264 2009-11-04] ()
R3 SaiK1705; C:\Windows\System32\DRIVERS\SaiK1705.sys [180584 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1705; C:\Windows\System32\DRIVERS\SaiU1705.sys [47208 2012-09-20] (Saitek)
S3 tap0901_openvpn_accl; C:\Windows\System32\DRIVERS\tap0901_openvpn_accl.sys [37912 2012-08-21] (The OpenVPN Project)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-22] (Anchorfree Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 EverestDriver; \??\C:\Users\Erdbeere\AppData\Local\Temp\EverestDriver.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\WNt500x64\Sandra.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 TEAM; system32\DRIVERS\RtTeam60.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-02 15:03 - 2014-12-02 15:04 - 00053103 _____ () C:\Users\Erdbeere\Downloads\FRST.txt
2014-12-02 15:03 - 2014-12-02 15:03 - 02117120 _____ (Farbar) C:\Users\Erdbeere\Downloads\FRST64.exe
2014-12-02 15:03 - 2014-12-02 15:03 - 00000000 ____D () C:\FRST
2014-12-02 15:00 - 2014-12-02 15:00 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Erdbeere\Downloads\revosetup95.exe
2014-12-02 15:00 - 2014-12-02 15:00 - 00001277 _____ () C:\Users\Erdbeere\Desktop\Revo Uninstaller.lnk
2014-12-02 15:00 - 2014-12-02 15:00 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-02 14:14 - 2014-12-02 14:18 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-02 14:14 - 2014-12-02 14:14 - 00001404 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-02 14:14 - 2014-12-02 14:14 - 00001392 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-12-02 14:14 - 2014-12-02 14:14 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-02 14:14 - 2014-12-02 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-02 14:14 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-12-02 14:13 - 2014-12-02 14:16 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-02 14:06 - 2014-12-02 14:07 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Erdbeere\Downloads\spybot-2.4.exe
2014-12-01 18:50 - 2014-12-01 18:50 - 00675988 _____ () C:\Users\Erdbeere\Downloads\Minecraft (4).exe
2014-12-01 18:32 - 2014-12-01 18:32 - 00540072 _____ (Neuber Software) C:\Users\Erdbeere\Downloads\SvchostAnalyzer.exe
2014-12-01 18:16 - 2014-12-01 18:16 - 00007600 _____ () C:\Users\Erdbeere\AppData\Local\Resmon.ResmonCfg
2014-11-29 00:45 - 2014-11-29 00:46 - 12243039 _____ () C:\Users\Erdbeere\Downloads\Kay One - Tag des Jüngsten Gerichts.mp4
2014-11-28 23:25 - 2014-11-28 23:26 - 76521512 _____ () C:\Users\Erdbeere\Downloads\Rendern (oh Fuck kein WLAN).mp4
2014-11-27 19:40 - 2014-11-27 19:40 - 00064953 _____ () C:\Users\Erdbeere\Desktop\offenes_fenster_med.jpeg
2014-11-25 14:22 - 2014-11-25 14:20 - 00057352 _____ () C:\Users\Erdbeere\Desktop\.,#ä.camproj
2014-11-25 14:12 - 2014-11-25 14:12 - 52071814 _____ () C:\Users\Erdbeere\Downloads\The Crew - Official E3 2013 CG Cinematic Trailer (Ubisoft) 'The Crew' Racing Game.mp4
2014-11-25 14:09 - 2014-11-25 14:09 - 02990124 _____ () C:\Users\Erdbeere\Desktop\2.wav
2014-11-25 14:07 - 2014-11-25 14:07 - 02990124 _____ () C:\Users\Erdbeere\Desktop\hahaha.wav
2014-11-25 13:55 - 2014-11-25 13:55 - 02718990 _____ () C:\Users\Erdbeere\Downloads\Kollegah & Farid Bang - Dynamit (Instrumental) [HQ].mp4
2014-11-25 13:54 - 2014-11-25 13:54 - 05364343 _____ () C:\Users\Erdbeere\Desktop\ddd.mp4
2014-11-25 13:53 - 2014-11-25 13:53 - 02563638 _____ () C:\Users\Erdbeere\Desktop\ddd (01).mp4
2014-11-23 15:30 - 2014-11-23 15:30 - 00000853 _____ () C:\Windows\pwcmdlist.bak
2014-11-23 02:00 - 2014-11-23 02:01 - 55136460 _____ () C:\Users\Erdbeere\Downloads\Eggbusters - The Legend of Zelda- Twilight Princess.mp4
2014-11-23 00:28 - 2014-11-23 00:28 - 12808480 _____ () C:\Users\Erdbeere\Downloads\Kool Savas 'Märtyrer' (Official HD Video) 2014.mp4
2014-11-20 15:23 - 2014-11-20 15:23 - 04844544 _____ () C:\Users\Erdbeere\Downloads\Arena-Tournament 3.3.5B Patcher.exe
2014-11-20 15:22 - 2014-11-20 15:22 - 00098290 _____ () C:\Users\Erdbeere\Downloads\AT wotlk 3.3.5a Windows.torrent
2014-11-19 19:52 - 2014-11-19 19:52 - 54964861 _____ () C:\Users\Erdbeere\Downloads\Bushido - Mitten in der Nacht (Instrumental).mp4
2014-11-19 16:53 - 2014-11-19 16:56 - 266314856 _____ () C:\Users\Erdbeere\Downloads\AW - 18er Streak - Road to DNA-Bomb-Nuklear (BALD LIVE) - free to use!.mp4
2014-11-19 16:45 - 2014-11-19 16:45 - 01028140 _____ () C:\Users\Erdbeere\Downloads\test.wav
2014-11-17 18:30 - 2014-11-17 18:30 - 00000000 ____D () C:\ProgramData\Nexon
2014-11-17 17:38 - 2014-11-17 17:38 - 00000000 ____D () C:\Users\Erdbeere\Documents\Dragonsaga
2014-11-17 17:32 - 2014-11-17 17:32 - 00000000 ____D () C:\Users\Erdbeere\AppData\Roaming\DragonSaga
2014-11-17 17:28 - 2014-11-17 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FantasyDR2
2014-11-17 16:29 - 2014-11-17 17:12 - 3142946667 _____ () C:\Users\Erdbeere\Downloads\FantasyDR2_Setup_0.2.84.7z
2014-11-16 18:33 - 2014-11-16 18:34 - 08402365 _____ () C:\Users\Erdbeere\Downloads\Kollegah - Big Boss (Acapella).mp4
2014-11-16 14:34 - 2014-11-16 14:34 - 00048695 _____ () C:\Users\Erdbeere\Downloads\wow335a.torrent
2014-11-16 14:30 - 2014-11-16 14:31 - 27944641 _____ () C:\Users\Erdbeere\Downloads\Weekend vs. BattleBoi Basti HR2 [FINALE] VBT Splash!-Edition - ReUpload.mp4
2014-11-16 01:39 - 2014-11-16 01:39 - 26069484 _____ () C:\Users\Erdbeere\Downloads\Weekend (vs. Battle Boi Basti) HR VBT Splash! Instrumental prod. by Peet.mp4
2014-11-16 01:38 - 2014-11-19 19:53 - 00000000 ____D () C:\Users\Erdbeere\Desktop\Die Zerstörung
2014-11-16 00:38 - 2014-11-16 00:38 - 12734205 _____ () C:\Users\Erdbeere\Downloads\Punch Arogunz - Hollow Tips.mp4
2014-11-12 19:23 - 2014-11-12 19:23 - 06136303 _____ () C:\Users\Erdbeere\Downloads\EKO FRESH - QUOTENTÜRKE - AGGRO.TV LYRICS KARAOKE (OFFICIAL VERSION).mp4
2014-11-12 17:11 - 2014-11-12 17:12 - 169231064 _____ () C:\Users\Erdbeere\Downloads\AW - 22er Streak TDM - Road to DNA-Bomb-Nuklear #1 -D - free to use!.mp4
2014-11-11 16:26 - 2014-11-11 16:26 - 00009290 _____ () C:\Users\Erdbeere\Downloads\Client mod-8-0-1-0 (1).zip
2014-11-11 14:59 - 2014-11-03 21:25 - 00615568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-11-11 14:57 - 2014-11-04 01:04 - 31891784 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 24555208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 20923712 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 17259848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 14031448 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 13943904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 13207184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-11 14:57 - 2014-11-04 01:04 - 11397208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 11335408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 04289168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 04009672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434465.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434465.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 00962704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 00934216 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 00922256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 00898192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 00870624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 00501064 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 00417096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 00391824 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 00349504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-11 14:57 - 2014-11-04 01:04 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-11 14:49 - 2014-10-03 20:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-11 14:49 - 2014-10-03 20:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-08 21:35 - 2014-11-08 21:35 - 00000000 ____D () C:\Users\Erdbeere\AppData\Local\Blizzard
2014-11-08 21:03 - 2014-11-08 21:35 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-11-08 21:03 - 2014-11-08 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-11-08 21:00 - 2014-11-09 00:27 - 00000000 ____D () C:\Users\Erdbeere\AppData\Local\Battle.net
2014-11-08 21:00 - 2014-11-08 21:03 - 00000000 ____D () C:\Users\Erdbeere\AppData\Roaming\Battle.net
2014-11-08 21:00 - 2014-11-08 21:00 - 00000000 ____D () C:\Users\Erdbeere\AppData\Local\Blizzard Entertainment
2014-11-08 20:59 - 2014-11-08 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-11-08 20:59 - 2014-11-08 21:00 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-11-08 20:59 - 2014-11-08 20:59 - 00000000 ____D () C:\ProgramData\Battle.net
2014-11-08 20:51 - 2014-11-08 20:52 - 03099552 _____ (Blizzard Entertainment) C:\Users\Erdbeere\Downloads\Hearthstone-Setup-deDE.exe
2014-11-08 20:50 - 2014-11-08 20:50 - 01262333 _____ () C:\Users\Erdbeere\Downloads\A Bird Story.rar
2014-11-08 01:51 - 2014-11-08 01:52 - 13641552 _____ () C:\Users\Erdbeere\Downloads\JBB 2014 [KING FINALE] SpongeBOZZ - KAMPFANSAGE (prod. by Digital Drama).mp4
2014-11-07 21:17 - 2014-11-07 21:17 - 28724370 _____ () C:\Users\Erdbeere\Downloads\JBB 2013 [KING FINALE] - SpongeBOZZ vs. 4tune [HR] prod. by Digital Drama.mp4
2014-11-07 20:10 - 2014-11-07 20:10 - 08221270 _____ () C:\Users\Erdbeere\Downloads\Mickey Mouse- Steamboat Willie (1928).mp4
2014-11-07 20:03 - 2014-11-07 20:03 - 03056008 _____ () C:\Users\Erdbeere\Downloads\Mein neues Intro  by JamanoFX.mp4
2014-11-07 20:02 - 2014-11-07 20:02 - 18788898 _____ () C:\Users\Erdbeere\Downloads\Kollegah & Farid Bang - Stiernackenkommando Lyrics-Official Video.mp4
2014-11-05 18:52 - 2014-11-05 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-11-05 18:52 - 2014-11-05 18:52 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-11-04 14:13 - 2014-11-06 18:06 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-11-04 14:13 - 2014-11-06 18:06 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-11-04 14:10 - 2014-10-30 09:56 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-11-04 14:10 - 2014-10-30 09:56 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-11-04 14:10 - 2014-10-30 05:53 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434460.dll
2014-11-04 14:10 - 2014-10-30 05:53 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434460.dll
2014-11-04 14:06 - 2014-11-04 14:08 - 306024872 _____ (NVIDIA Corporation) C:\Users\Erdbeere\Downloads\344.60-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-11-02 02:00 - 2014-11-02 02:00 - 00000948 _____ () C:\Users\Erdbeere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2014-11-02 02:00 - 2014-11-02 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
2014-11-02 01:38 - 2014-11-02 01:39 - 73640008 _____ (ppy Pty. Ltd.) C:\Users\Erdbeere\Downloads\osu!install (1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-02 15:00 - 2012-07-13 12:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-02 15:00 - 2012-04-27 12:24 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3635345910-3654688113-2807691085-1000UA.job
2014-12-02 14:52 - 2014-01-22 17:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-02 14:05 - 2012-05-02 13:54 - 00000000 ____D () C:\Users\Erdbeere\AppData\Local\Adobe
2014-12-02 14:02 - 2009-07-14 05:45 - 00019760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-02 14:02 - 2009-07-14 05:45 - 00019760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-02 14:00 - 2012-04-27 12:24 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3635345910-3654688113-2807691085-1000Core.job
2014-12-02 13:58 - 2012-04-25 02:28 - 01761448 _____ () C:\Windows\WindowsUpdate.log
2014-12-02 13:55 - 2014-01-22 17:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-02 13:55 - 2012-10-19 12:22 - 00165464 _____ () C:\Windows\setupact.log
2014-12-02 13:55 - 2012-10-02 23:50 - 00000364 ____H () C:\Windows\Tasks\GBoxUpdaterTask{D8164C4D-4E93-4673-BA0C-FEB3FAC9250C}.job
2014-12-02 13:55 - 2012-05-27 18:17 - 00000000 ____D () C:\Users\Erdbeere\AppData\Local\LogMeIn Hamachi
2014-12-02 13:54 - 2012-11-11 16:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-02 13:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-01 18:51 - 2013-08-24 19:20 - 00000000 ____D () C:\Users\Erdbeere\AppData\Roaming\.minecraft
2014-12-01 18:49 - 2013-07-19 14:19 - 00356864 _____ () C:\Users\Erdbeere\Downloads\Minecraft.exe
2014-12-01 18:41 - 2014-09-08 16:03 - 00000000 ____D () C:\Users\Erdbeere\Desktop\Job
2014-12-01 18:07 - 2014-03-23 17:51 - 00000000 ____D () C:\Windows\pss
2014-11-30 20:49 - 2012-04-27 19:15 - 00000000 ____D () C:\Users\Erdbeere\AppData\Roaming\Skype
2014-11-30 17:13 - 2012-05-28 22:16 - 00000000 ____D () C:\Users\Erdbeere\AppData\Roaming\TS3Client
2014-11-29 13:48 - 2012-08-15 18:14 - 31617024 ___SH () C:\Users\Erdbeere\Desktop\Thumbs.db
2014-11-29 00:41 - 2014-05-17 18:26 - 00000000 ____D () C:\Users\Erdbeere\Desktop\Lustige Bilder
2014-11-28 22:56 - 2012-12-28 21:17 - 00064000 ___SH () C:\Users\Erdbeere\Thumbs.db
2014-11-28 22:56 - 2012-04-25 02:28 - 00000000 ____D () C:\Users\Erdbeere
2014-11-28 22:38 - 2012-04-27 19:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-27 20:16 - 2013-02-16 19:11 - 00000132 _____ () C:\Users\Erdbeere\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-11-26 20:00 - 2012-07-13 12:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 20:00 - 2012-04-27 12:22 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 20:00 - 2012-04-27 12:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-25 14:43 - 2013-04-19 14:23 - 00000000 ____D () C:\Users\Erdbeere\AppData\Roaming\OBS
2014-11-25 14:41 - 2012-08-21 17:00 - 00000000 ____D () C:\Users\Erdbeere\AppData\Roaming\Audacity
2014-11-23 14:53 - 2012-04-27 12:23 - 00000000 ____D () C:\Users\Erdbeere\AppData\Local\Deployment
2014-11-23 14:40 - 2012-04-26 22:31 - 00699502 _____ () C:\Windows\system32\perfh007.dat
2014-11-23 14:40 - 2012-04-26 22:31 - 00149544 _____ () C:\Windows\system32\perfc007.dat
2014-11-23 14:40 - 2009-07-14 06:13 - 01625712 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-22 02:17 - 2012-05-02 13:06 - 00000000 ___RD () C:\Users\Erdbeere\Desktop\Sonstiges
2014-11-22 02:13 - 2014-10-25 17:20 - 00000000 ____D () C:\Users\Erdbeere\Desktop\Intro Material
2014-11-22 02:13 - 2013-11-17 14:53 - 00000000 ____D () C:\Users\Erdbeere\Desktop\Thumbmail personen
2014-11-20 15:24 - 2012-06-29 22:45 - 00000000 ____D () C:\Users\Erdbeere\AppData\Roaming\uTorrent
2014-11-17 19:29 - 2013-06-05 20:26 - 00000000 ____D () C:\Users\Erdbeere\AppData\Local\CrashDumps
2014-11-16 13:55 - 2012-04-27 12:24 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3635345910-3654688113-2807691085-1000UA
2014-11-16 13:55 - 2012-04-27 12:24 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3635345910-3654688113-2807691085-1000Core
2014-11-15 23:47 - 2014-01-22 17:05 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 23:47 - 2014-01-22 17:05 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 17:33 - 2014-03-23 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-14 17:33 - 2014-03-23 17:47 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-14 17:33 - 2013-11-05 13:00 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-14 17:30 - 2012-08-20 18:26 - 00000000 ____D () C:\Users\Erdbeere\AppData\Local\Akamai
2014-11-13 13:42 - 2014-03-23 17:47 - 00000000 ____D () C:\ProgramData\Avira
2014-11-11 18:55 - 2012-06-09 21:53 - 00000000 ____D () C:\Users\Erdbeere\AppData\Roaming\Mozilla
2014-11-11 16:21 - 2014-06-20 19:15 - 00000000 ____D () C:\Users\Erdbeere\AppData\Local\Game Dev Tycoon - Steam
2014-11-11 15:00 - 2012-11-11 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-11 15:00 - 2012-10-19 20:36 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-06 18:06 - 2014-04-26 11:39 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-11-06 18:06 - 2014-04-26 11:39 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-11-04 14:14 - 2014-04-26 11:39 - 00000000 ____D () C:\Users\Erdbeere\AppData\Local\NVIDIA Corporation
2014-11-04 14:13 - 2012-04-27 03:29 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-04 01:04 - 2014-04-26 11:50 - 18514080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-04 01:04 - 2013-03-09 19:53 - 00987520 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-11-04 01:04 - 2013-02-25 23:32 - 16884632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-04 01:04 - 2013-02-25 23:32 - 02849736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-04 01:04 - 2012-11-13 13:11 - 00027094 _____ () C:\Windows\system32\nvinfo.pb
2014-11-04 01:04 - 2012-11-11 16:42 - 03238040 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-04 01:04 - 2009-07-13 22:59 - 20985544 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-03 23:02 - 2012-11-11 16:43 - 06882448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-03 23:02 - 2012-11-11 16:43 - 03531464 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-03 23:02 - 2012-11-11 16:43 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-03 23:02 - 2012-11-11 16:43 - 00935232 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-03 23:02 - 2012-11-11 16:43 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-03 23:02 - 2012-11-11 16:43 - 00061640 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-03 12:58 - 2013-05-01 20:38 - 04099264 _____ () C:\Windows\system32\nvcoproc.bin
2014-11-02 02:53 - 2012-12-08 00:27 - 00000000 ____D () C:\Program Files (x86)\osu!

Files to move or delete:
====================
C:\ProgramData\C__Users_Erdbeere_AppData_Local_Temp_7zO7EA2.tmp_SuperHideIP.exe
C:\ProgramData\C__Users_Erdbeere_Desktop_SuperHideIP-3.1.4.8_Cracked-casper03_SuperHideIP.exe


Some content of TEMP:
====================
C:\Users\Erdbeere\AppData\Local\Temp\avgnt.exe
C:\Users\Erdbeere\AppData\Local\Temp\TsuA9DB98DB.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-28 14:00

==================== End Of Log =====================
         
--- --- ---

--- --- ---
=======

Alt 02.12.2014, 16:23   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 nach Start Blackscreen, keine Taskleiste , kein desktop NUR Arbeitsplatz offen - Standard

Windows 7 nach Start Blackscreen, keine Taskleiste , kein desktop NUR Arbeitsplatz offen



hi,

Addition.txt fehlt noch
__________________

__________________

Alt 02.12.2014, 19:32   #3
Erdman
 
Windows 7 nach Start Blackscreen, keine Taskleiste , kein desktop NUR Arbeitsplatz offen - Standard

Windows 7 nach Start Blackscreen, keine Taskleiste , kein desktop NUR Arbeitsplatz offen



Danke für die Antwort, aber ich habe es nach vielen rumprobieren doch kürzlich selber geschafft! Bei mir war die Lösung folgende:
Verschiedene Virenprogramme laufen gelassen (Spybot & Antivirus)
Und ich denke der Ausschlag gebende Grund war , das ich im Taskmanager 2x die explorer.exe geöffnet habe.

Das heißt, sie war bei mir schon offen , aber ich habe sie erneut öffnen lassen.
(Hatte davor auch versucht sie zu beenden und neuzustarten, wie es bei manchen Foren als Lösungsweg beschrieben wurde, doch dies klappte nicht)
Aufjedenfall erschien mein Desktop in der Sekunde wieder.

Ich hoffe ich konnte noch jemanden anderen weiterhelfen.

(Thema kann geschlossen werden)
__________________

Alt 03.12.2014, 11:54   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 nach Start Blackscreen, keine Taskleiste , kein desktop NUR Arbeitsplatz offen - Standard

Windows 7 nach Start Blackscreen, keine Taskleiste , kein desktop NUR Arbeitsplatz offen



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7 nach Start Blackscreen, keine Taskleiste , kein desktop NUR Arbeitsplatz offen
akamai, antivir, avira, bildschirm, blackscreen, browser, cid, computer, desktop, flash player, free download, google, helper, homepage, hotspot, iexplore.exe, installation, launch, lws.exe, mozilla, netgear, problem, realtek, rundll, safer networking, services.exe, software, svchost.exe, system, updates, windows



Ähnliche Themen: Windows 7 nach Start Blackscreen, keine Taskleiste , kein desktop NUR Arbeitsplatz offen


  1. Windows 8.1 schwarzer Desktop/keine Icons/keine Taskleiste + kleine andere Probleme
    Plagegeister aller Art und deren Bekämpfung - 02.02.2015 (17)
  2. Windows 7 nach Start nur schwarzer Screen mit Explorer ohne Taskleiste
    Plagegeister aller Art und deren Bekämpfung - 06.12.2014 (3)
  3. kein desktop, die taskleiste u. startmenü funktionieren nicht bzw. sind weg
    Log-Analyse und Auswertung - 12.11.2014 (5)
  4. Windows 7 - nur Schwarzer Bildschirm, Anmeldung blind möglich aber keine Desktop Symbole oder Taskleiste
    Log-Analyse und Auswertung - 06.11.2014 (15)
  5. Windows 7 Nach Start Schwarzer Desktop und keine Taskleiste aber Explorer Fenster mit "Computer" offen
    Plagegeister aller Art und deren Bekämpfung - 21.10.2014 (10)
  6. Windows 7: Nach Anmeldung schwarzer Desktop und fehlende Taskleiste
    Log-Analyse und Auswertung - 12.10.2014 (13)
  7. 2x Software Fälschung .Kein Desktop-Explorer.Keine Startleiste auch keine Datei-Symbole auf Desktop, was soll ich machen.
    Mülltonne - 25.08.2013 (1)
  8. Windows 8: Keine Startseite mehr, kein Desktop, keine Taskleiste.
    Plagegeister aller Art und deren Bekämpfung - 30.05.2013 (17)
  9. Windows 7 Taskleiste friert ein nach Start
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (36)
  10. Mit eingeschalteter Benutzerkontensteuerung kein Programmaufruf über Taskleiste oder Desktop möglich
    Plagegeister aller Art und deren Bekämpfung - 06.12.2012 (1)
  11. weißer bildschirm, keine taskleiste, kein taskmanager mehr - kein Klicken möglich
    Plagegeister aller Art und deren Bekämpfung - 29.08.2012 (1)
  12. TR/Crypt.ZPACK.GEN8 - nach Start schwarzer Desktop, keine Progr./Dateien; AVIRA Warnung, Systemfehle
    Log-Analyse und Auswertung - 19.05.2012 (1)
  13. Schwarzer Desktop und keine Taskleiste nach "Abzock-Virus"
    Log-Analyse und Auswertung - 07.05.2012 (1)
  14. TR/Crypt.ZPACK.GEN8 - nach Start schwarzer Desktop, keine Progr./Dateien; AVIRA Warnung, Systemfehle
    Log-Analyse und Auswertung - 17.04.2012 (19)
  15. Keine Taskleiste mehr, keine Icons, kein Taskmanager!
    Plagegeister aller Art und deren Bekämpfung - 01.04.2012 (7)
  16. Nach Hochfahren des Rechners, win xp, keine Icons auf Desktop, keine Taskleiste
    Log-Analyse und Auswertung - 20.01.2011 (22)
  17. Kein Desktop, keine Taskleiste Startmenü :)
    Mülltonne - 25.07.2006 (1)

Zum Thema Windows 7 nach Start Blackscreen, keine Taskleiste , kein desktop NUR Arbeitsplatz offen - Guten Tag. Ich habe exakt dasselbe Problem wie von User julyal. der Bildschirm bleibt nach Hochfahren und Anmeldung des Benutzerkontos schwarz, es ist nur das Fenster "Computer" zu sehen. Hier - Windows 7 nach Start Blackscreen, keine Taskleiste , kein desktop NUR Arbeitsplatz offen...
Archiv
Du betrachtest: Windows 7 nach Start Blackscreen, keine Taskleiste , kein desktop NUR Arbeitsplatz offen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.