Gdata geht auf 100% PC friert für Minuten ein

lynx007 · 14.07.2015, 21:06

... und es geht erstmal gar nichts mehr.

Fangen wir mal von vorne an. Hallo Forum, ich bin neu hier und ich bin mir nicht Sicher ob ich Software auf dem Rechner drauf habe die nichts zu suchen hat oder mein Antivirenprogramm einfach nur beschi** ist oder ob ich dank der ganzen Sicherheitsprogs und Scanner die ich drüber laufen hab lassen, irgendetwas zerschossen habe. Ich nutze meinen Computer neben Privat, auch für mein Kleingewerbe und noch habe ich leider nicht die mittel für eine eigene IT, aber ich Arbeite weiter daran und ich würde mich sehr freuen wen ich euch dennoch meines Problemes annehmt. Ich möchte wen möglich als Nutzer von Internet via FUnk eine Neuinstalation ersparen, zumindest bis Win 10 da ist. Dennoch wurmt es mich das mein PC immer wieder vorübergehend für paar Sekunden bis Minuten (hab noch nie nachgezählt "einfriert" wen ich den Browser nutze und mein GDIS wiedermal auf 100% irgendetwas macht. Ich möchte einfach gewissheit habe und die bösen Geister aus meinen Kopf und damit auch aus meinen Computer verbannen.

Tja, irgendwie hat alles mit dem wechsel meines Virenprogrammes begonnen. Ich brauchte für mein neugekauftes Notebook, wo keine so rießigen Probleme mit dem Gdata auftreten, einen Virenscanner. Kasperski wirkte als Software vom "bösen Russen", irgenwie (vielleicht ungerechtfertigt) unsympatisch. Ich entschied mich für eine Doppellizens "german sicherheit" zum Preis von einer, da ich auch auf meinen Hauptrechner den Scanner, Bitdefender auch langsam ersetzen musste. und vielleicht war es ein Fehler zu denken, zwei Fliegen mit der Doppellizenz schlagen zu können. Genz genau lässt sich zumindest ein Virus/Trojaner auch nicht ausschließen. Zumindest gab es anfangs ein paar Meldungen. Vermutlich nur Fehlalarme. Aber es lief halt auch nie so wirklich Rund.

Schon am Anfang gab es immer wieder Aussetzter beim Surfen. Aber halt auch Alarme von IS. Gefolgt von einer Keylogger warnung die in verbindung mit meinen damaligen Logitechtreiber und Hardwarestand, nach Deinstalation der Software verschwunden, aber auch einer Warnung das eine Viren-Signatur oder gar die Engine-B nicht gestartet werden konnte. Ich habe darauf hin nach dem fehler geschaut, sehr viele Scanner und Cleaner installiert und laufen lassen und Gdata auch des öfteren Deinstalliert und wieder neu installiert. Mit der Deinstallation der Logitechsoftware waren die Warnung erstmal weg und alles deutet auf einen fehl Alarm hin. Dennoch ist mir mulmig dabei, da sich ja gerne Trojaner auch in Treiber oder Systemdateine verstecken sollen. Und GData zieht halt immer wieder extrem viel Leistung und scheint in eine schleife zu kommen wo gar nichts mehr geht. Ich hatte zwischenzeitlich wegen der Keylogger Warnung, alle möglichen Scanner drauf. Aber bis auf ein paar dutzend der üblichen ad und Spysoftware, die meisten wurden von Spybot gefunden, zwei von Malwarebyte, wurde nichts gefunden. Nur Gdata findet immer irgendetwas etwas im Browser. Wenn man bei einem Freeze reset drückt, bringt nach dem hochfahren das virensignatur b nicht geladen werden konnte und ich doch bitte ein signaturupdate machen soll. Ich habe schon alle möglichen Virenprogramme trüber laufen lassen, allso genau schon den ersten Punkt habe ich falsch gemacht. Es läuft auch alles Stabil, nur der Aussetzer den der Browser manchmal hat nervt und ich will halt die Ursache finden oder zumindest Schadsoftware ausschließen können.

Auch letztens hat Gdate irgendetwas gefunden und aufgrund von Bössartigen verhaltens inin Quarantäne gesteckt. Was genau kann ich nicht sagen. Irgendetwas in der registri und in chrome. Bin mir aber nicht im klaren wie ich das hier einbinden kann. Ach, auch das einsenden von diesen fällen zu Gdata scheint nicht zu funktionieren, was nicht gerade verdauungsfördernd ist. Wie kann man den den Screenshoot hier einbinden?

Und schon mal danke für eure Hilfe, logfiles folgen....

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Lynx (administrator) on BÜRO1 on 14-07-2015 22:17:51
Running from C:\Users\Lynx\Downloads
Loaded Profiles: Lynx (Available Profiles: Lynx & asdf & GameOne & Administrator)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\System\HsMgr64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(G DATA Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(G DATA Software AG) C:\Program Files (x86)\G Data\InternetSecurity\GUI\GDSC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2012-09-28] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2012-09-28] ()
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6714472 2015-04-20] (SoftPerfect Research)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1864312 2015-06-16] (G DATA Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-07-06] (Glarysoft Ltd)
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: G - "G:\StarCraft II Setup.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {020a0173-84af-11e4-8121-f3961ac82c14} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {04e691fc-8044-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {04e69238-8044-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {04e69306-8044-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {04e69add-8044-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {0e809422-7b9e-11e4-8115-f77993d69a7e} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {1402e90a-1006-11e5-81ff-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {1402e936-1006-11e5-81ff-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {1402e961-1006-11e5-81ff-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {1c9b5243-81c9-11e4-811e-a171e9ee8aa0} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {2024620d-7c54-11e4-8117-8a2dc101f76e} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {2bb89a14-8961-11e4-812a-82be54052a10} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {41642107-f681-11e4-81c6-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {42bb8f9b-0820-11e5-81ee-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {5425a063-d06f-11e2-be96-962745884476} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {5681dade-8754-11e4-8125-e4c02fffe7b6} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {602ed588-2080-11e5-821a-bc5ff49b57b2} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {61795401-b66d-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {71e31c43-89a4-11e4-812b-98c65f152381} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {760bc187-b8cb-11e4-816f-c4355dd57672} - "I:\autorun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {7f78bb87-7ea4-11e4-8119-bb79d2cffb58} - "I:\autorun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {7f78bbca-7ea4-11e4-8119-bb79d2cffb58} - "I:\autorun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {8a7c7d08-a273-11e4-8148-f5a56fa14f71} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {8a7c7d74-a273-11e4-8148-f5a56fa14f71} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {9244bd9c-fcb4-11e4-81de-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {a1dc5abc-7e18-11e4-8118-aeb9a153bd8e} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {a21fd9b2-b48e-11e4-815d-9eafbcb2d3b9} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {a21fd9da-b48e-11e4-815d-9eafbcb2d3b9} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {a28a761e-10c5-11e5-8200-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {ae18e9a0-a357-11e4-8149-97076599412e} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {ae18eafe-a357-11e4-8149-97076599412e} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {aeecd083-88ee-11e4-8129-806c020fe1a9} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b63bf765-07dc-11e5-81ed-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b63bf7a2-07dc-11e5-81ed-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b63bf7ce-07dc-11e5-81ed-bc5ff49b57b2} - "I:\autorun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b63bf7fe-07dc-11e5-81ed-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b84604c1-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b84604f6-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b8460559-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b8460946-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b84609bd-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {bf3cdaa7-814f-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {c00238a7-27fd-11e5-822a-bc5ff49b57b2} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce05f25-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce067e0-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce0681a-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce06850-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce06881-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce068ba-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce068f0-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce06936-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce069a2-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {d627b92c-1b09-11e5-8211-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {dcfa1ee0-1203-11e5-8203-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {dfd179af-0a91-11e5-81f2-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {e1765eec-7926-11e4-8112-b126ba4a7607} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {e1765f1c-7926-11e4-8112-b126ba4a7607} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {e176669c-7926-11e4-8112-b126ba4a7607} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {e728a784-85c2-11e4-8123-cd986dcb0dac} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {f2ac2242-26cb-11e5-8229-bc5ff49b57b2} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {f6308941-b6c5-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {fabed4b4-829b-11e4-811f-8a75175685a0} - "F:\AutoRun.exe" 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk *  

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://expertzone.microsoft.com/Home.aspx
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://google.de/
https://googlemail.com/
https://meine.deutsche-bank.de/trxm/db/
https://easybill.de/
hxxp://promotionbasis.de/
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3171061452-4263852144-1531571965-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-23] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4284259D-18DF-4D86-ACE1-40E748E2D1BD}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{C7B339BB-30C0-448F-824F-F56A70FCDF7C}: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602
FF SelectedSearchEngine: 
FF Homepage: https://mail.google.com/mail/u/0/?shva=1#inbox
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-3171061452-4263852144-1531571965-1001: SkypeForBusinessPlugin-15.8 -> C:\Users\Lynx\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.369\npGatewayNpapi.dll [2015-04-20] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3171061452-4263852144-1531571965-1001: SkypeForBusinessPlugin64-15.8 -> C:\Users\Lynx\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.369\npGatewayNpapi-x64.dll [2015-04-20] (Microsoft Corporation)
FF Extension: Ghostery - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\firefox@ghostery.com.xpi [2015-04-14]
FF Extension: Shoptimate - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\support@shoptimate.com.xpi [2015-01-25]
FF Extension: PAYBACK Internet Assistent fuer Firefox - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\toolbar-ff@payback.de.xpi [2015-03-29]
FF Extension: Youtube and more - Easy Video Downloader - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\vdpure@link64.xpi [2015-02-04]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2015-01-24]
FF Extension: Adblock Plus - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-25]
FF Extension: DownThemAll! - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-01-25]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-06-08]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome: 
=======
CHR Profile: C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-05-09]
CHR Extension: (SoundCloud Downloader) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjckonbgbnaihkahaolpfjpllplfifjo [2015-01-24]
CHR Extension: (Adblock Plus) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-02]
CHR Extension: (Video Downloader professional) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-05-14]
CHR Extension: (Porsche) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg [2015-05-15]
CHR Extension: (ScriptBlock) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2015-05-14]
CHR Extension: (FoxyDeal) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jelbcgibfifpplacnbbflieigmcbpkec [2015-05-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (SoundCloud Downloader Free) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci [2015-01-24]
CHR Extension: (Flashcontrol) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-05-14]
CHR Extension: (Ghostery) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-05-14]
CHR Extension: (GetThemAll Video Downloader) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2015-05-14]
CHR Extension: (Google Wallet) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR HKLM-x32\...\Chrome\Extension: [Lynx] - No Path Or update_url value

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2558072 2015-06-19] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [966776 2015-06-16] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [3711712 2015-06-16] (G Data Software AG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3202368 2015-06-19] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789624 2015-06-16] (G Data Software AG)
R2 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [138272 2014-09-05] ()
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [219680 2014-09-05] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-06] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-10] ()
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 cmudaxp; C:\Windows\system32\drivers\cmudaxp.sys [2733568 2012-09-28] (C-Media Inc)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [158720 2015-07-14] (G Data Software AG)
S0 GDElam; C:\Windows\System32\DRIVERS\GDElam.sys [117904 2015-01-08] (G Data Software AG)
R3 GDKBB; C:\WINDOWS\system32\drivers\GDKBB64.sys [27648 2015-05-14] (G Data Software AG)
R1 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt64.sys [20992 2015-05-14] (G Data Software AG)
R1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [230912 2015-07-14] (G Data Software AG)
R3 GDPkIcpt; C:\WINDOWS\system32\drivers\PktIcpt.sys [91648 2015-07-14] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [68608 2015-07-14] (G Data Software AG)
R1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [106272 2015-05-17] (G Data Software)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2015-07-09] (Glarysoft Ltd)
R1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [125952 2015-07-14] (G Data Software AG)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated) [File not signed]
S1 mbmiodrvr; C:\Windows\syswow64\mbmiodrvr.sys [4608 2004-04-10] (cansoft@livewiredev.com) [File not signed]
S3 MEMSWEEP2; C:\WINDOWS\system32\3FF2.tmp [6144 2009-06-18] (Sophos Plc) [File not signed]
R1 networx; C:\Windows\System32\drivers\networx.sys [60736 2015-03-17] (NetFilterSDK.com)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 22:17 - 2015-07-14 22:18 - 00029334 _____ C:\Users\Lynx\Downloads\FRST.txt
2015-07-14 22:16 - 2015-07-14 22:17 - 00000000 ____D C:\FRST
2015-07-14 22:16 - 2015-07-14 22:16 - 02133504 _____ (Farbar) C:\Users\Lynx\Downloads\FRST64.exe
2015-07-14 22:16 - 2015-07-14 22:16 - 00000470 _____ C:\Users\Lynx\Downloads\defogger_disable.log
2015-07-14 22:16 - 2015-07-14 22:16 - 00000000 _____ C:\Users\Lynx\defogger_reenable
2015-07-14 22:15 - 2015-07-14 22:15 - 00050477 _____ C:\Users\Lynx\Downloads\Defogger.exe
2015-07-14 14:56 - 2015-07-14 14:56 - 00003840 _____ C:\WINDOWS\DPINST.LOG
2015-07-14 14:56 - 2015-07-14 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY
2015-07-14 14:55 - 2015-07-14 14:55 - 00000000 _____ C:\Users\Lynx\Desktop\Neues Textdokument (3).txt
2015-07-10 22:20 - 2015-07-10 22:22 - 133389698 _____ C:\Users\Lynx\Downloads\Latex-Orgie - GUTERPORNCOM.flv
2015-07-10 08:47 - 2015-07-10 08:48 - 08765440 _____ C:\Users\Lynx\Downloads\SkypeForBusinessPlugin (1).msi
2015-07-09 23:59 - 2015-07-10 00:11 - 102040672 _____ C:\Users\Lynx\Downloads\Katie Jordin Latex Sex - Fetisch sex video - Tube8com.mp4
2015-07-09 23:57 - 2015-07-10 00:03 - 55641385 _____ C:\Users\Lynx\Downloads\Fetish latex and boots fuck - Hardcore sex video - Tube8com.mp4
2015-07-09 23:55 - 2015-07-10 00:00 - 45240671 _____ C:\Users\Lynx\Downloads\Latex Maid Fucked - Hardcore sex video - Tube8com.mp4
2015-07-09 20:56 - 2015-07-09 20:56 - 00000000 _____ C:\Recovery.txt
2015-07-09 19:25 - 2015-06-09 22:57 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150709-192501.backup
2015-07-09 19:22 - 2015-07-14 20:52 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-07-09 19:22 - 2015-07-09 19:22 - 00020160 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUBootStartup.sys
2015-07-09 19:22 - 2015-07-09 19:22 - 00003306 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5
2015-07-09 19:22 - 2015-07-09 19:22 - 00002964 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
2015-07-09 19:22 - 2015-07-09 19:22 - 00001108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-07-09 19:22 - 2015-07-09 19:22 - 00001096 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-07-09 19:22 - 2015-07-09 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2015-07-09 19:21 - 2015-07-09 19:21 - 15201344 _____ C:\Users\Lynx\Downloads\gu5setup (2).exe
2015-07-09 19:20 - 2015-07-09 19:21 - 15201344 _____ C:\Users\Lynx\Downloads\gu5setup (1).exe
2015-07-09 19:16 - 2015-05-09 22:44 - 00004299 _____ C:\Quarantine.lst
2015-07-09 18:35 - 2015-07-09 18:35 - 00000598 _____ C:\Users\Lynx\Desktop\Start Emsisoft Emergency Kit.lnk
2015-07-09 18:33 - 2015-07-09 00:14 - 00136456 _____ (Emsisoft GmbH) C:\WINDOWS\system32\Drivers\epp64.sys
2015-07-09 18:25 - 2015-07-09 18:32 - 160550488 _____ C:\Users\Lynx\Downloads\EmsisoftEmergencyKit.exe
2015-07-08 15:53 - 2015-07-08 15:53 - 00131174 _____ C:\Users\Lynx\Downloads\Promoter_Personalbogen_Vorlage.pptx
2015-07-07 23:04 - 2011-05-31 18:11 - 00415744 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbwwan.sys
2015-07-07 23:04 - 2011-05-03 16:42 - 00222464 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys
2015-07-07 23:04 - 2011-02-25 19:02 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys
2015-07-07 23:04 - 2011-01-30 19:20 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juwwanecm.sys
2015-07-07 23:04 - 2011-01-30 19:19 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys
2015-07-07 23:04 - 2011-01-30 19:19 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys
2015-07-07 23:04 - 2011-01-30 19:19 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys
2015-07-07 23:04 - 2010-10-08 17:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys
2015-07-07 23:04 - 2010-09-26 19:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys
2015-07-07 23:04 - 2010-08-06 08:43 - 01001472 _____ (DiBcom SA) C:\WINDOWS\system32\Drivers\mod7700.sys
2015-07-07 23:04 - 2010-07-27 10:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys
2015-07-07 23:04 - 2010-03-20 13:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys
2015-07-03 09:33 - 2015-05-07 19:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-03 09:33 - 2015-05-07 18:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-03 09:32 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-03 09:32 - 2015-05-12 02:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-07-03 09:32 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-03 09:32 - 2015-05-07 19:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-03 09:32 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-03 09:32 - 2015-05-07 18:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-03 09:32 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-03 09:32 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-03 09:32 - 2015-05-03 17:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-03 09:32 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-03 09:32 - 2015-05-03 16:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-03 09:32 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-03 09:32 - 2015-05-03 16:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-03 09:32 - 2015-05-03 16:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-03 09:32 - 2015-05-03 02:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-03 09:32 - 2015-05-02 01:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-03 09:32 - 2015-05-01 03:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-07-03 09:32 - 2015-05-01 03:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-07-03 09:32 - 2015-05-01 03:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-07-03 09:32 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-03 09:32 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-03 09:32 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-03 09:32 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-03 09:32 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-03 09:32 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-03 01:15 - 2015-07-03 01:15 - 00000000 ____D C:\Users\Lynx\Documents\The Witcher
2015-07-03 01:15 - 2015-07-03 01:15 - 00000000 ____D C:\Users\Lynx\AppData\Local\The Witcher
2015-07-03 01:09 - 2015-07-03 01:09 - 00018435 _____ C:\WINDOWS\DirectX.log
2015-07-03 01:07 - 2015-07-03 01:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher Enhanced Edition
2015-07-03 00:56 - 2015-07-03 01:07 - 00000000 ____D C:\Program Files (x86)\The Witcher Enhanced Edition
2015-07-03 00:56 - 2015-07-03 01:06 - 00000000 ____D C:\Users\Public\Documents\The Witcher
2015-07-02 17:25 - 2015-07-02 17:27 - 00000000 ____D C:\Users\Lynx\Downloads\Sound Cloud
2015-07-01 14:38 - 2015-07-01 14:43 - 45827960 _____ C:\Users\Lynx\Downloads\Rich Bitch Sucking Off The Poor Bell-boy movie (Danny D Rebecca Moore Cathy Heaven)  MILF Fox.mp4
2015-07-01 14:36 - 2015-07-01 14:43 - 45180522 _____ C:\Users\Lynx\Downloads\Great Looking Nurse Likes Hard Dicks movie (Jayden Jaymes)  MILF Fox.mp4
2015-06-27 22:50 - 2015-06-27 22:51 - 04343907 _____ C:\Users\Lynx\Downloads\TV-20150627-2107-0201.websm.h264.mp4
2015-06-27 22:45 - 2015-06-27 22:45 - 11207009 _____ C:\Users\Lynx\Downloads\TV-20150627-2142-2801.websm.h264.mp4
2015-06-24 13:10 - 2015-06-24 13:10 - 00009336 ____N (G*DATA Software AG) C:\WINDOWS\SysWOW64\GdScrSv.de.dll
2015-06-24 12:06 - 2015-06-24 12:06 - 02230392 ____N (G Data Software AG) C:\WINDOWS\SysWOW64\GdScrSv.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 22:16 - 2014-11-28 21:01 - 00000000 ____D C:\Users\Lynx
2015-07-14 22:15 - 2014-03-29 09:28 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-14 22:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-14 21:41 - 2013-05-01 03:13 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 21:12 - 2015-05-17 20:47 - 01735652 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-14 20:57 - 2014-09-24 08:16 - 01870968 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-14 20:57 - 2014-09-24 07:43 - 00799712 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-14 20:57 - 2014-09-24 07:43 - 00174252 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-14 20:57 - 2013-03-26 22:58 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3171061452-4263852144-1531571965-1001
2015-07-14 20:51 - 2015-05-17 18:49 - 00091579 _____ C:\WINDOWS\setupact.log
2015-07-14 20:51 - 2015-01-06 18:51 - 00000000 __RDO C:\Users\Lynx\OneDrive
2015-07-14 20:51 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-14 20:51 - 2013-05-01 03:13 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-14 19:15 - 2014-03-29 09:28 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-14 15:02 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-14 14:57 - 2013-08-22 15:25 - 01572864 ___SH C:\WINDOWS\system32\config\BBI
2015-07-14 14:56 - 2015-05-14 23:31 - 00230912 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\MiniIcpt.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00158720 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\GDBehave.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00125952 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\HookCentre.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00091648 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\PktIcpt.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00068608 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\gdwfpcd64.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00001998 _____ C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2015-07-14 14:56 - 2015-05-14 23:31 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2015-07-14 14:56 - 2015-04-11 23:47 - 00000000 ____D C:\ProgramData\G Data
2015-07-14 14:56 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\tracing
2015-07-12 13:32 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-12 13:22 - 2013-03-26 22:50 - 00000000 ____D C:\Users\Lynx\AppData\Local\Packages
2015-07-09 19:56 - 2015-05-18 09:18 - 00007782 _____ C:\WINDOWS\PFRO.log
2015-07-09 19:56 - 2013-12-19 02:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-09 19:31 - 2015-05-10 12:38 - 00000000 ____D C:\ProgramData\GlarySoft
2015-07-09 19:27 - 2014-04-02 00:12 - 00000085 _____ C:\WINDOWS\wininit.ini
2015-07-09 19:22 - 2015-05-10 11:56 - 00000000 ____D C:\Users\Lynx\AppData\Roaming\GlarySoft
2015-07-09 18:27 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-04 20:53 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-03 09:49 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-03 09:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-03 09:34 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-02 17:48 - 2015-04-15 13:21 - 00000000 ____D C:\Users\Lynx\AppData\Roaming\foobar2000
2015-06-28 13:52 - 2015-04-04 21:50 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-21 15:37 - 2015-02-14 22:15 - 00000000 ____D C:\Users\Lynx\AppData\Local\Battle.net
2015-06-20 05:02 - 2014-09-24 09:43 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-20 05:02 - 2014-09-24 09:43 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-04-11 23:48 - 2015-04-11 23:48 - 0000000 _____ () C:\Users\Lynx\AppData\Roaming\gdfw.log
2015-04-11 23:48 - 2015-05-14 23:31 - 0001558 _____ () C:\Users\Lynx\AppData\Roaming\gdscan.log
2013-12-19 01:44 - 2013-12-19 11:58 - 0007605 _____ () C:\Users\Lynx\AppData\Local\Resmon.ResmonCfg
2014-04-02 00:21 - 2014-04-02 00:21 - 0645567 _____ () C:\ProgramData\1396390413.bdinstall.bin
2015-04-11 21:09 - 2015-04-11 21:09 - 0259014 _____ () C:\ProgramData\1428779286.bdinstall.bin

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-14 16:47

==================== End of log ============================

--- --- ---

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:16 on 14/07/2015 (Lynx)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Lynx at 2015-07-14 22:18:20
Running from C:\Users\Lynx\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3171061452-4263852144-1531571965-500 - Administrator - Enabled) => C:\Users\Administrator
asdf (S-1-5-21-3171061452-4263852144-1531571965-1011 - Administrator - Enabled) => C:\Users\asdf
GameOne (S-1-5-21-3171061452-4263852144-1531571965-1012 - Administrator - Enabled) => C:\Users\GameOne
Gast (S-1-5-21-3171061452-4263852144-1531571965-501 - Limited - Enabled)
Lynx (S-1-5-21-3171061452-4263852144-1531571965-1001 - Administrator - Enabled) => C:\Users\Lynx

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA INTERNET SECURITY (Disabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: G DATA INTERNET SECURITY (Disabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G*DATA Personal Firewall (Disabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{C27EF409-FB69-451F-B996-DC853C25FCA2}) (Version: 1.4 - Eyeo GmbH)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F5B2C61F-1C10-FD9B-C29C-D8B88C9849CF}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
ASUS Xonar DG Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008788}) (Version: 1.00.0003 - ASUSTeK Computer Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.3825 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BF4 Settings Editor (HKLM\...\{EF4C9459-47DE-4FCD-B9E0-CEB5BA03FC64}) (Version: 1.1 - Realmware)
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.62.0000 - 2K Games)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Brother MFL-Pro Suite DCP-7040 (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Darksiders (HKLM-x32\...\Steam App 50620) (Version:  - Vigil Games)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Exact Audio Copy 1.0beta6 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta6 - Andre Wiethoff)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
G DATA INTERNET SECURITY (HKLM-x32\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.6 - G DATA Software AG)
Glary Utilities 5.29 (HKLM-x32\...\Glary Utilities 5) (Version: 5.29.0.49 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 32.610.28.00.06 - Huawei Technologies Co.,Ltd)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mobile Connection Manager (HKLM-x32\...\o2DE) (Version:  - Mobile Connection Manager)
MobileWiFi (HKLM-x32\...\MobileWiFi) (Version: TOOL-ConnLaucher_WIN1.09.02.00 - Huawei Technologies Co.,Ltd)
Motherboard Monitor 5 (HKLM-x32\...\Motherboard Monitor 5_is1) (Version: 5 - Alexander van Kaam)
NetWorx 5.3.5 (HKLM\...\NetWorx_is1) (Version:  - Softperfect Research)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Sigma Data Center 4.0 (HKLM-x32\...\Sigma Data Center4.0) (Version: 4.0 - Sigma Elektro GmbH)
Sins of a Solar Empire®: Rebellion (HKLM-x32\...\Steam App 204880) (Version:  - Ironclad Games)
Skype for Business Web App Plug-in (HKLM-x32\...\{5EEFC600-CE9E-4DCE-862A-E7D4A9C7B568}) (Version: 15.8.20020.369 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Witcher Enhanced Edition Version 1.6 (HKLM-x32\...\The Witcher Enhanced Edition_is1) (Version: 1.6 - CD Projekt RED)
Thrustmaster FFB Driver (HKLM-x32\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 2.FFD.2009 - Thrustmaster)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - SIGMA Elektro GmbH (usbser) Ports  (04/27/2012 5.1.2600.5512) (HKLM\...\72BE00E857D6F4F2018C51300C130B652C40D203) (Version: 04/27/2012 5.1.2600.5512 - SIGMA Elektro GmbH)
Windows-Treiberpaket - SIGMA Elektro GmbH (usbser) Ports  (04/27/2012 5.1.2600.5512) (HKLM\...\A4116E16EA28F359FEA424C9A3780F9D6A08961B) (Version: 04/27/2012 5.1.2600.5512 - SIGMA Elektro GmbH)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.25_TME - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3171061452-4263852144-1531571965-1001_Classes\CLSID\{1542FC7D-8D51-43D5-B757-67C763F27BF4}\localserver32 -> C:\Users\Lynx\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.369\GatewayVersion-x64.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3171061452-4263852144-1531571965-1001_Classes\CLSID\{7ECF6F97-B4F3-4168-9835-F59C06D7875F}\InprocServer32 -> C:\Users\Lynx\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.369\GatewayActiveX-x64.dll (Microsoft Corporation)

==================== Restore Points =========================

18-06-2015 10:02:38 Geplanter Prüfpunkt
28-06-2015 15:13:41 Geplanter Prüfpunkt
03-07-2015 01:08:03 DirectX wurde installiert
09-07-2015 19:15:18 Removed Dual-Core Optimizer

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2015-07-09 19:25 - 00000938 ____R C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0333FDCB-AA26-4F55-AA9C-CCE310750266} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-07-06] (Glarysoft Ltd)
Task: {0AB1A48C-3664-4127-B5CE-8386A0A9D5AB} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {5451D4B3-B4B8-42CE-9BEC-2DFCCC37CE06} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01] (Google Inc.)
Task: {677ACAC3-8332-4008-BF3C-04091672F5A2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {9DF37369-510C-4774-9C84-8E9F2CDA14E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {A5E40770-25C2-42EC-89C4-AD182E37DD51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01] (Google Inc.)
Task: {BC81D61C-F774-4254-B8A4-E82CAEB7D2A2} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-07-06] (Glarysoft Ltd)
Task: {DE1ED4F7-59B1-4436-819D-A7615A96A27B} - System32\Tasks\Core Temp Autostart Lynx => C:\Users\Lynx\Desktop\Tool\test\Coretemp\Core Temp.exe
Task: {E2685575-9DD3-48AE-8CCF-BF3F39419233} - \BackgroundContainer Startup Task No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-09-07 14:47 - 2014-09-05 09:40 - 00138272 _____ () C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
2014-09-07 14:47 - 2014-09-05 09:40 - 00219680 _____ () C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-11-06 14:03 - 2014-08-10 11:40 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-06-16 11:17 - 2015-06-16 11:17 - 00382584 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2013-03-26 23:33 - 2012-09-28 10:10 - 00200704 _____ () C:\Windows\SysWOW64\HsMgr.exe
2013-03-26 23:33 - 2012-09-28 10:10 - 00282112 _____ () C:\Windows\System\HsMgr64.exe
2015-06-05 20:57 - 2015-04-20 11:12 - 00790016 _____ () C:\Program Files\NetWorx\sqlite.dll
2015-06-05 20:57 - 2015-03-17 14:00 - 00160064 _____ () C:\Program Files\NetWorx\nfapi.dll
2013-04-02 14:14 - 2012-09-25 11:26 - 01163264 _____ () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
2014-04-15 22:28 - 2014-04-15 22:28 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-12-18 10:35 - 2014-09-28 18:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2015-07-06 08:27 - 2015-07-06 08:27 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2013-11-26 11:50 - 2012-09-28 10:10 - 00143360 ____N () C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll
2015-07-14 16:41 - 2015-07-13 23:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 16:41 - 2015-07-13 23:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
2013-04-02 14:13 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Lynx\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lynx\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\surface.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: SafeBox => 2
MSCONFIG\Services: UPDATESRV => 2
MSCONFIG\Services: VSSERV => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{DBE0F4F0-F77D-4D85-9622-DEC53250D5CE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{9458107B-DA9C-46E1-910F-1BFB56DAC150}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{29CA44B7-E8C0-4DF7-8E4F-E1F3DBE297B9}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{7ABD0489-2CF2-44F5-96AD-BB6B31861520}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{8CC8CB97-9A52-4FE6-B217-647C70F8798C}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{7BACBBC6-3C95-4AF3-9747-059B5213E0E0}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{BC60BA31-2B2B-4478-9723-17F0FB2895EF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{99108D1E-CE15-415B-88A9-5289B25A2164}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D9AA73A4-BB09-4E57-964D-DCA7BFA38E3A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9B8C1D7C-A51E-479C-92DB-08796857EC03}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{288C92FF-5A29-4058-9182-4C5B74848720}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{B0695EC9-E741-437E-A8F7-00BB43090A62}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{611D58D1-7819-4724-97ED-C0581D48374D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{EA363283-5449-4781-B955-2C99EAA14D0C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{0AC24DBD-C0B6-4B7E-A03B-D6BDD28ED963}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{73DB0B9A-8698-40BD-9D39-F6719EF741E2}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{35ADF468-3DC0-4452-B2B0-763D264E2627}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [UDP Query User{26A70BBB-D016-412A-8646-3F458CDAF839}C:\program files (x86)\guild wars 2\gw2.exe] => (Block) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{F461AC8F-406C-4EC7-8E8C-D8E2BC6F877A}C:\program files (x86)\guild wars 2\gw2.exe] => (Block) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{CE542427-DE7B-43C1-AA5B-7ADAA3CBD98E}C:\program files (x86)\guild wars 2\gw2.tmp] => (Block) C:\program files (x86)\guild wars 2\gw2.tmp
FirewallRules: [TCP Query User{8C0EE13B-C9A1-4B57-9984-490A70778786}C:\program files (x86)\guild wars 2\gw2.tmp] => (Block) C:\program files (x86)\guild wars 2\gw2.tmp
FirewallRules: [{2050AAF9-ABCF-4F2C-9CB6-099556BF0126}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{1AA99CEB-4983-4477-B285-D7CF6D02A654}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{A92185F9-3B5C-4A2B-BCF3-2F81AD335F85}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{E58863C2-A668-4C65-B16D-B8B7CE39EB7F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [TCP Query User{D8CB9252-7FA6-40B8-8243-7D3F006A36C5}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{41B1F62B-CFE2-4634-945B-4FA5C7CCEF33}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{BD3327D6-9A8B-4653-890F-0271C9F507CB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CBE646C9-66A7-4973-B252-DDD4E35AC527}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{4291A19C-4A97-4F5B-9304-F79AE04E5906}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BD5A82C1-93BD-40D7-B8FC-702B8F9E232E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A01E36C6-62E8-4950-9213-E112614EA1CA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2770E487-4C59-4520-9F4A-497182DCAC23}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2C1E8A4A-77B0-4826-AE75-C8B877899670}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{B68883A5-6184-423A-AC0F-3D66D3960E72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{A98AF0D8-2BB3-4D80-ADCF-21A953F2CE8A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Darksiders\DarksidersPC.exe
FirewallRules: [{0543D67D-2A0E-479C-A52D-7CE1E01A8F4F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Darksiders\DarksidersPC.exe
FirewallRules: [TCP Query User{A3047585-CFFA-4D53-A5F9-A3502207B1D1}C:\users\lynx\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.351\pluginhost.exe] => (Allow) C:\users\lynx\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.351\pluginhost.exe
FirewallRules: [UDP Query User{6C0906B5-5D4F-4E36-91F1-29C3BD261706}C:\users\lynx\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.351\pluginhost.exe] => (Allow) C:\users\lynx\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.351\pluginhost.exe
FirewallRules: [{A52DD8D9-70CA-4C98-B61D-2657D3B25D21}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{7EE71D7A-B81C-4915-A013-DA64D6198830}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{59696D70-2F61-4978-9C8A-ADDE9EE90DE0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{EA62C5D5-69C6-4497-956A-76B267D9116E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{B9079510-5B2F-4182-8AAE-12CD76B8EEED}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{B2273F9C-BFB6-4D14-AE3E-9B00F4937129}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2015 04:47:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (07/14/2015 12:24:23 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (07/14/2015 11:28:11 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (07/13/2015 11:50:21 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (07/12/2015 01:27:20 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (07/12/2015 10:34:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003d85e
ID des fehlerhaften Prozesses: 0x1c5c
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5

Error: (07/12/2015 10:29:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AVKTray.exe, Version: 25.1.15062.313, Zeitstempel: 0x54f534d0
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0236002a
ID des fehlerhaften Prozesses: 0x988
Startzeit der fehlerhaften Anwendung: 0xAVKTray.exe0
Pfad der fehlerhaften Anwendung: AVKTray.exe1
Pfad des fehlerhaften Moduls: AVKTray.exe2
Berichtskennung: AVKTray.exe3
Vollständiger Name des fehlerhaften Pakets: AVKTray.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AVKTray.exe5

Error: (07/12/2015 09:23:32 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (07/11/2015 10:21:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (07/11/2015 12:04:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 378

Startzeit: 01d0bad95952bec1

Endzeit: 0

Anwendungspfad: C:\WINDOWS\Explorer.EXE

Berichts-ID: 9f3a878f-274f-11e5-8229-bc5ff49b57b2

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (07/14/2015 08:51:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/14/2015 08:51:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst InstallDriver Table Manager erreicht.

Error: (07/14/2015 08:51:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/14/2015 08:51:05 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.

Error: (07/14/2015 08:51:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎14.‎07.‎2015 um 20:49:20 unerwartet heruntergefahren.

Error: (07/14/2015 02:58:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/14/2015 02:58:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst InstallDriver Table Manager erreicht.

Error: (07/14/2015 02:58:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/14/2015 02:58:02 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.

Error: (07/14/2015 12:09:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office:
=========================
Error: (07/14/2015 04:47:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (07/14/2015 12:24:23 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (07/14/2015 11:28:11 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (07/13/2015 11:50:21 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (07/12/2015 01:27:20 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (07/12/2015 10:34:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85e1c5c01d0bc7cedd331acC:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dllc9f8cae3-2870-11e5-822b-bc5ff49b57b2

Error: (07/12/2015 10:29:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AVKTray.exe25.1.15062.31354f534d0unknown0.0.0.000000000c00000050236002a98801d0bc655e322fdaC:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exeunknown2c399a69-2870-11e5-822b-bc5ff49b57b2

Error: (07/12/2015 09:23:32 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (07/11/2015 10:21:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (07/11/2015 12:04:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.1766737801d0bad95952bec10C:\WINDOWS\Explorer.EXE9f3a878f-274f-11e5-8229-bc5ff49b57b2


CodeIntegrity Errors:
===================================
  Date: 2015-07-14 20:50:58.160
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-14 14:57:56.456
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-14 12:08:29.425
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-14 11:11:32.722
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-13 11:28:03.831
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-12 13:06:22.503
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-12 07:40:58.768
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-11 20:51:07.299
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-10 08:22:06.769
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-09 20:04:52.113
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 36%
Total physical RAM: 8162.86 MB
Available physical RAM: 5218.23 MB
Total Virtual: 12762.86 MB
Available Virtual: 8558.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:209.34 GB) (Free:52.23 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:185.53 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:465.76 GB) (Free:214.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive g: (MobileWiFi) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive i: () (Removable) (Total:7.53 GB) (Free:7.25 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E1CD7899)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=209.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: C2C51141)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 047C8D10)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================

--- --- ---

GMER Musste ich im abgesicherten Modus ausführen, da er sonst immer abgestürzt ist.

Code:

ATTFilter

5GMER Logfile:

	Code: 

 ATTFilter

  
	GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-14 22:35:26
Windows 6.3.9600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_Series rev.DXT09B0Q 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\Lynx\AppData\Local\Temp\pxldqpog.sys


---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [480:488]  fffff960009af2d0

---- EOF - GMER 2.1 ----
         
 --- --- ---
5

MFG
Lynx

Warlord711 · 14.07.2015, 21:44

Hallo lynx007

Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.

Bitte arbeite alle Schritte der Reihe nach ab.
Hier findest du die Anleitung für Hilfesuchende
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg.

Wir arbeiten hier alle freiwillig und meist auch nur in unserer Freizeit. Daher kann es bei Antworten zu Verzögerungen kommen.
Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist.

Führe sämtliche Tools mit administrativen Rechten aus, Vista, Win7,Win8 User mit Rechtsklick "als Administrator starten".

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Cursor zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

lynx007 · 14.07.2015, 22:34

Hallo Timo,

habe deine Anleitung nochmal durchgelesen und nochmal alle Schritte nochmal durchlaufen lassen. Vorhin hat bei den Scanns wieder GDATA angeschlagen wärend ich FRST hab laufen lassen. Dachte es handelt sich um das Programm, aber Gdata verweist auf eine erunt.exe , habe mich gegen Quarantäne entschieden. Später konnte ich ja GMER komischerweise nicht durchlaufen lassen (crash).

Jetzt schlägt Gdata nicht mehr an und GMER läuft auch ohne abgesicherten Modus durch.

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:13 on 14/07/2015 (Lynx)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Lynx (administrator) on BÜRO1 on 14-07-2015 23:14:28
Running from C:\Users\Lynx\Desktop\Neuer Ordner
Loaded Profiles: Lynx (Available Profiles: Lynx & asdf & GameOne & Administrator)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\System\HsMgr64.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(G DATA Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2012-09-28] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2012-09-28] ()
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6714472 2015-04-20] (SoftPerfect Research)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1864312 2015-06-16] (G DATA Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-07-06] (Glarysoft Ltd)
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: G - "G:\StarCraft II Setup.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {020a0173-84af-11e4-8121-f3961ac82c14} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {04e691fc-8044-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {04e69238-8044-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {04e69306-8044-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {04e69add-8044-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {0e809422-7b9e-11e4-8115-f77993d69a7e} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {1402e90a-1006-11e5-81ff-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {1402e936-1006-11e5-81ff-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {1402e961-1006-11e5-81ff-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {1c9b5243-81c9-11e4-811e-a171e9ee8aa0} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {2024620d-7c54-11e4-8117-8a2dc101f76e} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {2bb89a14-8961-11e4-812a-82be54052a10} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {41642107-f681-11e4-81c6-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {42bb8f9b-0820-11e5-81ee-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {5425a063-d06f-11e2-be96-962745884476} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {5681dade-8754-11e4-8125-e4c02fffe7b6} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {602ed588-2080-11e5-821a-bc5ff49b57b2} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {61795401-b66d-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {71e31c43-89a4-11e4-812b-98c65f152381} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {760bc187-b8cb-11e4-816f-c4355dd57672} - "I:\autorun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {7f78bb87-7ea4-11e4-8119-bb79d2cffb58} - "I:\autorun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {7f78bbca-7ea4-11e4-8119-bb79d2cffb58} - "I:\autorun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {8a7c7d08-a273-11e4-8148-f5a56fa14f71} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {8a7c7d74-a273-11e4-8148-f5a56fa14f71} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {9244bd9c-fcb4-11e4-81de-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {a1dc5abc-7e18-11e4-8118-aeb9a153bd8e} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {a21fd9b2-b48e-11e4-815d-9eafbcb2d3b9} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {a21fd9da-b48e-11e4-815d-9eafbcb2d3b9} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {a28a761e-10c5-11e5-8200-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {ae18e9a0-a357-11e4-8149-97076599412e} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {ae18eafe-a357-11e4-8149-97076599412e} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {aeecd083-88ee-11e4-8129-806c020fe1a9} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b63bf765-07dc-11e5-81ed-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b63bf7a2-07dc-11e5-81ed-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b63bf7ce-07dc-11e5-81ed-bc5ff49b57b2} - "I:\autorun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b63bf7fe-07dc-11e5-81ed-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b84604c1-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b84604f6-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b8460559-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b8460946-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b84609bd-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {bf3cdaa7-814f-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {c00238a7-27fd-11e5-822a-bc5ff49b57b2} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce05f25-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce067e0-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce0681a-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce06850-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce06881-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce068ba-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce068f0-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce06936-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce069a2-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {d627b92c-1b09-11e5-8211-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {dcfa1ee0-1203-11e5-8203-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {dfd179af-0a91-11e5-81f2-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {e1765eec-7926-11e4-8112-b126ba4a7607} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {e1765f1c-7926-11e4-8112-b126ba4a7607} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {e176669c-7926-11e4-8112-b126ba4a7607} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {e728a784-85c2-11e4-8123-cd986dcb0dac} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {f2ac2242-26cb-11e5-8229-bc5ff49b57b2} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {f6308941-b6c5-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {fabed4b4-829b-11e4-811f-8a75175685a0} - "F:\AutoRun.exe" 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk *  

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://expertzone.microsoft.com/Home.aspx
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://google.de/
https://googlemail.com/
https://meine.deutsche-bank.de/trxm/db/
https://easybill.de/
hxxp://promotionbasis.de/
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3171061452-4263852144-1531571965-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-23] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4284259D-18DF-4D86-ACE1-40E748E2D1BD}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{C7B339BB-30C0-448F-824F-F56A70FCDF7C}: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602
FF SelectedSearchEngine: 
FF Homepage: https://mail.google.com/mail/u/0/?shva=1#inbox
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-3171061452-4263852144-1531571965-1001: SkypeForBusinessPlugin-15.8 -> C:\Users\Lynx\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.369\npGatewayNpapi.dll [2015-04-20] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3171061452-4263852144-1531571965-1001: SkypeForBusinessPlugin64-15.8 -> C:\Users\Lynx\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.369\npGatewayNpapi-x64.dll [2015-04-20] (Microsoft Corporation)
FF Extension: Ghostery - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\firefox@ghostery.com.xpi [2015-04-14]
FF Extension: Shoptimate - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\support@shoptimate.com.xpi [2015-01-25]
FF Extension: PAYBACK Internet Assistent fuer Firefox - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\toolbar-ff@payback.de.xpi [2015-03-29]
FF Extension: Youtube and more - Easy Video Downloader - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\vdpure@link64.xpi [2015-02-04]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2015-01-24]
FF Extension: Adblock Plus - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-25]
FF Extension: DownThemAll! - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-01-25]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-06-08]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome: 
=======
CHR Profile: C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-05-09]
CHR Extension: (SoundCloud Downloader) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjckonbgbnaihkahaolpfjpllplfifjo [2015-01-24]
CHR Extension: (Adblock Plus) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-02]
CHR Extension: (Video Downloader professional) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-05-14]
CHR Extension: (Porsche) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg [2015-05-15]
CHR Extension: (ScriptBlock) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2015-05-14]
CHR Extension: (FoxyDeal) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jelbcgibfifpplacnbbflieigmcbpkec [2015-05-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (SoundCloud Downloader Free) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci [2015-01-24]
CHR Extension: (Flashcontrol) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-05-14]
CHR Extension: (Ghostery) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-05-14]
CHR Extension: (GetThemAll Video Downloader) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2015-05-14]
CHR Extension: (Google Wallet) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR HKLM-x32\...\Chrome\Extension: [Lynx] - No Path Or update_url value

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2558072 2015-06-19] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [966776 2015-06-16] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [3711712 2015-06-16] (G Data Software AG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3202368 2015-06-19] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789624 2015-06-16] (G Data Software AG)
R2 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [138272 2014-09-05] ()
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [219680 2014-09-05] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-06] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-10] ()
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 cmudaxp; C:\Windows\system32\drivers\cmudaxp.sys [2733568 2012-09-28] (C-Media Inc)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [158720 2015-07-14] (G Data Software AG)
S0 GDElam; C:\Windows\System32\DRIVERS\GDElam.sys [117904 2015-01-08] (G Data Software AG)
R3 GDKBB; C:\WINDOWS\system32\drivers\GDKBB64.sys [27648 2015-05-14] (G Data Software AG)
R1 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt64.sys [20992 2015-05-14] (G Data Software AG)
R1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [230912 2015-07-14] (G Data Software AG)
R3 GDPkIcpt; C:\WINDOWS\system32\drivers\PktIcpt.sys [91648 2015-07-14] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [68608 2015-07-14] (G Data Software AG)
R1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [106272 2015-05-17] (G Data Software)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2015-07-09] (Glarysoft Ltd)
R1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [125952 2015-07-14] (G Data Software AG)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated) [File not signed]
S1 mbmiodrvr; C:\Windows\syswow64\mbmiodrvr.sys [4608 2004-04-10] (cansoft@livewiredev.com) [File not signed]
S3 MEMSWEEP2; C:\WINDOWS\system32\3FF2.tmp [6144 2009-06-18] (Sophos Plc) [File not signed]
R1 networx; C:\Windows\System32\drivers\networx.sys [60736 2015-03-17] (NetFilterSDK.com)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 23:10 - 2015-07-14 23:14 - 00000000 ____D C:\Users\Lynx\Desktop\Neuer Ordner
2015-07-14 22:22 - 2015-07-14 22:22 - 00380416 _____ C:\Users\Lynx\Downloads\Gmer-19357 (1).exe
2015-07-14 22:16 - 2015-07-14 23:14 - 00000000 ____D C:\FRST
2015-07-14 22:16 - 2015-07-14 22:16 - 00000000 _____ C:\Users\Lynx\defogger_reenable
2015-07-14 14:56 - 2015-07-14 14:56 - 00003840 _____ C:\WINDOWS\DPINST.LOG
2015-07-14 14:56 - 2015-07-14 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY
2015-07-14 14:55 - 2015-07-14 14:55 - 00000000 _____ C:\Users\Lynx\Desktop\Neues Textdokument (3).txt
2015-07-10 22:20 - 2015-07-10 22:22 - 133389698 _____ C:\Users\Lynx\Downloads\Latex-Orgie - GUTERPORNCOM.flv
2015-07-10 08:47 - 2015-07-10 08:48 - 08765440 _____ C:\Users\Lynx\Downloads\SkypeForBusinessPlugin (1).msi
2015-07-09 23:59 - 2015-07-10 00:11 - 102040672 _____ C:\Users\Lynx\Downloads\Katie Jordin Latex Sex - Fetisch sex video - Tube8com.mp4
2015-07-09 23:57 - 2015-07-10 00:03 - 55641385 _____ C:\Users\Lynx\Downloads\Fetish latex and boots fuck - Hardcore sex video - Tube8com.mp4
2015-07-09 23:55 - 2015-07-10 00:00 - 45240671 _____ C:\Users\Lynx\Downloads\Latex Maid Fucked - Hardcore sex video - Tube8com.mp4
2015-07-09 20:56 - 2015-07-09 20:56 - 00000000 _____ C:\Recovery.txt
2015-07-09 19:25 - 2015-06-09 22:57 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150709-192501.backup
2015-07-09 19:22 - 2015-07-14 22:37 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-07-09 19:22 - 2015-07-09 19:22 - 00020160 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUBootStartup.sys
2015-07-09 19:22 - 2015-07-09 19:22 - 00003306 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5
2015-07-09 19:22 - 2015-07-09 19:22 - 00002964 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
2015-07-09 19:22 - 2015-07-09 19:22 - 00001108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-07-09 19:22 - 2015-07-09 19:22 - 00001096 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-07-09 19:22 - 2015-07-09 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2015-07-09 19:21 - 2015-07-09 19:21 - 15201344 _____ C:\Users\Lynx\Downloads\gu5setup (2).exe
2015-07-09 19:20 - 2015-07-09 19:21 - 15201344 _____ C:\Users\Lynx\Downloads\gu5setup (1).exe
2015-07-09 19:16 - 2015-05-09 22:44 - 00004299 _____ C:\Quarantine.lst
2015-07-09 18:35 - 2015-07-09 18:35 - 00000598 _____ C:\Users\Lynx\Desktop\Start Emsisoft Emergency Kit.lnk
2015-07-09 18:33 - 2015-07-09 00:14 - 00136456 _____ (Emsisoft GmbH) C:\WINDOWS\system32\Drivers\epp64.sys
2015-07-09 18:25 - 2015-07-09 18:32 - 160550488 _____ C:\Users\Lynx\Downloads\EmsisoftEmergencyKit.exe
2015-07-08 15:53 - 2015-07-08 15:53 - 00131174 _____ C:\Users\Lynx\Downloads\Promoter_Personalbogen_Vorlage.pptx
2015-07-07 23:04 - 2011-05-31 18:11 - 00415744 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbwwan.sys
2015-07-07 23:04 - 2011-05-03 16:42 - 00222464 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys
2015-07-07 23:04 - 2011-02-25 19:02 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys
2015-07-07 23:04 - 2011-01-30 19:20 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juwwanecm.sys
2015-07-07 23:04 - 2011-01-30 19:19 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys
2015-07-07 23:04 - 2011-01-30 19:19 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys
2015-07-07 23:04 - 2011-01-30 19:19 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys
2015-07-07 23:04 - 2010-10-08 17:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys
2015-07-07 23:04 - 2010-09-26 19:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys
2015-07-07 23:04 - 2010-08-06 08:43 - 01001472 _____ (DiBcom SA) C:\WINDOWS\system32\Drivers\mod7700.sys
2015-07-07 23:04 - 2010-07-27 10:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys
2015-07-07 23:04 - 2010-03-20 13:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys
2015-07-03 09:33 - 2015-05-07 19:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-03 09:33 - 2015-05-07 18:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-03 09:32 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-03 09:32 - 2015-05-12 02:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-07-03 09:32 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-03 09:32 - 2015-05-07 19:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-03 09:32 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-03 09:32 - 2015-05-07 18:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-03 09:32 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-03 09:32 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-03 09:32 - 2015-05-03 17:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-03 09:32 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-03 09:32 - 2015-05-03 16:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-03 09:32 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-03 09:32 - 2015-05-03 16:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-03 09:32 - 2015-05-03 16:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-03 09:32 - 2015-05-03 02:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-03 09:32 - 2015-05-02 01:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-03 09:32 - 2015-05-01 03:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-07-03 09:32 - 2015-05-01 03:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-07-03 09:32 - 2015-05-01 03:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-07-03 09:32 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-03 09:32 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-03 09:32 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-03 09:32 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-03 09:32 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-03 09:32 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-03 01:15 - 2015-07-03 01:15 - 00000000 ____D C:\Users\Lynx\Documents\The Witcher
2015-07-03 01:15 - 2015-07-03 01:15 - 00000000 ____D C:\Users\Lynx\AppData\Local\The Witcher
2015-07-03 01:09 - 2015-07-03 01:09 - 00018435 _____ C:\WINDOWS\DirectX.log
2015-07-03 01:07 - 2015-07-03 01:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher Enhanced Edition
2015-07-03 00:56 - 2015-07-03 01:07 - 00000000 ____D C:\Program Files (x86)\The Witcher Enhanced Edition
2015-07-03 00:56 - 2015-07-03 01:06 - 00000000 ____D C:\Users\Public\Documents\The Witcher
2015-07-02 17:25 - 2015-07-02 17:27 - 00000000 ____D C:\Users\Lynx\Downloads\Sound Cloud
2015-07-01 14:38 - 2015-07-01 14:43 - 45827960 _____ C:\Users\Lynx\Downloads\Rich Bitch Sucking Off The Poor Bell-boy movie (Danny D Rebecca Moore Cathy Heaven)  MILF Fox.mp4
2015-07-01 14:36 - 2015-07-01 14:43 - 45180522 _____ C:\Users\Lynx\Downloads\Great Looking Nurse Likes Hard Dicks movie (Jayden Jaymes)  MILF Fox.mp4
2015-06-27 22:50 - 2015-06-27 22:51 - 04343907 _____ C:\Users\Lynx\Downloads\TV-20150627-2107-0201.websm.h264.mp4
2015-06-27 22:45 - 2015-06-27 22:45 - 11207009 _____ C:\Users\Lynx\Downloads\TV-20150627-2142-2801.websm.h264.mp4
2015-06-24 13:10 - 2015-06-24 13:10 - 00009336 ____N (G*DATA Software AG) C:\WINDOWS\SysWOW64\GdScrSv.de.dll
2015-06-24 12:06 - 2015-06-24 12:06 - 02230392 ____N (G Data Software AG) C:\WINDOWS\SysWOW64\GdScrSv.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 23:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-14 22:58 - 2015-05-17 20:47 - 01778317 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-14 22:42 - 2014-09-24 08:16 - 01870968 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-14 22:42 - 2014-09-24 07:43 - 00799712 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-14 22:42 - 2014-09-24 07:43 - 00174252 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-14 22:42 - 2013-03-26 22:58 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3171061452-4263852144-1531571965-1001
2015-07-14 22:41 - 2013-05-01 03:13 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 22:37 - 2015-01-06 18:51 - 00000000 __RDO C:\Users\Lynx\OneDrive
2015-07-14 22:37 - 2013-05-01 03:13 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-14 22:36 - 2015-05-17 18:49 - 00091733 _____ C:\WINDOWS\setupact.log
2015-07-14 22:36 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-14 22:27 - 2014-11-28 21:01 - 00000000 ____D C:\Users\Lynx
2015-07-14 22:27 - 2013-08-22 15:25 - 01572864 ___SH C:\WINDOWS\system32\config\BBI
2015-07-14 22:15 - 2014-03-29 09:28 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-14 19:15 - 2014-03-29 09:28 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-14 15:02 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-14 14:56 - 2015-05-14 23:31 - 00230912 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\MiniIcpt.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00158720 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\GDBehave.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00125952 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\HookCentre.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00091648 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\PktIcpt.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00068608 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\gdwfpcd64.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00001998 _____ C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2015-07-14 14:56 - 2015-05-14 23:31 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2015-07-14 14:56 - 2015-04-11 23:47 - 00000000 ____D C:\ProgramData\G Data
2015-07-14 14:56 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\tracing
2015-07-12 13:32 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-12 13:22 - 2013-03-26 22:50 - 00000000 ____D C:\Users\Lynx\AppData\Local\Packages
2015-07-09 19:56 - 2015-05-18 09:18 - 00007782 _____ C:\WINDOWS\PFRO.log
2015-07-09 19:56 - 2013-12-19 02:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-09 19:31 - 2015-05-10 12:38 - 00000000 ____D C:\ProgramData\GlarySoft
2015-07-09 19:27 - 2014-04-02 00:12 - 00000085 _____ C:\WINDOWS\wininit.ini
2015-07-09 19:22 - 2015-05-10 11:56 - 00000000 ____D C:\Users\Lynx\AppData\Roaming\GlarySoft
2015-07-09 18:27 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-04 20:53 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-03 09:49 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-03 09:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-03 09:34 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-02 17:48 - 2015-04-15 13:21 - 00000000 ____D C:\Users\Lynx\AppData\Roaming\foobar2000
2015-06-28 13:52 - 2015-04-04 21:50 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-21 15:37 - 2015-02-14 22:15 - 00000000 ____D C:\Users\Lynx\AppData\Local\Battle.net
2015-06-20 05:02 - 2014-09-24 09:43 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-20 05:02 - 2014-09-24 09:43 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-04-11 23:48 - 2015-04-11 23:48 - 0000000 _____ () C:\Users\Lynx\AppData\Roaming\gdfw.log
2015-04-11 23:48 - 2015-05-14 23:31 - 0001558 _____ () C:\Users\Lynx\AppData\Roaming\gdscan.log
2013-12-19 01:44 - 2013-12-19 11:58 - 0007605 _____ () C:\Users\Lynx\AppData\Local\Resmon.ResmonCfg
2014-04-02 00:21 - 2014-04-02 00:21 - 0645567 _____ () C:\ProgramData\1396390413.bdinstall.bin
2015-04-11 21:09 - 2015-04-11 21:09 - 0259014 _____ () C:\ProgramData\1428779286.bdinstall.bin

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-14 16:47

==================== End of log ============================

--- --- ---

[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Lynx at 2015-07-14 23:14:58
Running from C:\Users\Lynx\Desktop\Neuer Ordner
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3171061452-4263852144-1531571965-500 - Administrator - Enabled) => C:\Users\Administrator
asdf (S-1-5-21-3171061452-4263852144-1531571965-1011 - Administrator - Enabled) => C:\Users\asdf
GameOne (S-1-5-21-3171061452-4263852144-1531571965-1012 - Administrator - Enabled) => C:\Users\GameOne
Gast (S-1-5-21-3171061452-4263852144-1531571965-501 - Limited - Enabled)
Lynx (S-1-5-21-3171061452-4263852144-1531571965-1001 - Administrator - Enabled) => C:\Users\Lynx

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G*DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{C27EF409-FB69-451F-B996-DC853C25FCA2}) (Version: 1.4 - Eyeo GmbH)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F5B2C61F-1C10-FD9B-C29C-D8B88C9849CF}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
ASUS Xonar DG Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008788}) (Version: 1.00.0003 - ASUSTeK Computer Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.3825 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BF4 Settings Editor (HKLM\...\{EF4C9459-47DE-4FCD-B9E0-CEB5BA03FC64}) (Version: 1.1 - Realmware)
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.62.0000 - 2K Games)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Brother MFL-Pro Suite DCP-7040 (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Darksiders (HKLM-x32\...\Steam App 50620) (Version:  - Vigil Games)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Exact Audio Copy 1.0beta6 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta6 - Andre Wiethoff)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
G DATA INTERNET SECURITY (HKLM-x32\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.6 - G DATA Software AG)
Glary Utilities 5.29 (HKLM-x32\...\Glary Utilities 5) (Version: 5.29.0.49 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 32.610.28.00.06 - Huawei Technologies Co.,Ltd)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mobile Connection Manager (HKLM-x32\...\o2DE) (Version:  - Mobile Connection Manager)
MobileWiFi (HKLM-x32\...\MobileWiFi) (Version: TOOL-ConnLaucher_WIN1.09.02.00 - Huawei Technologies Co.,Ltd)
Motherboard Monitor 5 (HKLM-x32\...\Motherboard Monitor 5_is1) (Version: 5 - Alexander van Kaam)
NetWorx 5.3.5 (HKLM\...\NetWorx_is1) (Version:  - Softperfect Research)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Sigma Data Center 4.0 (HKLM-x32\...\Sigma Data Center4.0) (Version: 4.0 - Sigma Elektro GmbH)
Sins of a Solar Empire®: Rebellion (HKLM-x32\...\Steam App 204880) (Version:  - Ironclad Games)
Skype for Business Web App Plug-in (HKLM-x32\...\{5EEFC600-CE9E-4DCE-862A-E7D4A9C7B568}) (Version: 15.8.20020.369 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Witcher Enhanced Edition Version 1.6 (HKLM-x32\...\The Witcher Enhanced Edition_is1) (Version: 1.6 - CD Projekt RED)
Thrustmaster FFB Driver (HKLM-x32\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 2.FFD.2009 - Thrustmaster)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - SIGMA Elektro GmbH (usbser) Ports  (04/27/2012 5.1.2600.5512) (HKLM\...\72BE00E857D6F4F2018C51300C130B652C40D203) (Version: 04/27/2012 5.1.2600.5512 - SIGMA Elektro GmbH)
Windows-Treiberpaket - SIGMA Elektro GmbH (usbser) Ports  (04/27/2012 5.1.2600.5512) (HKLM\...\A4116E16EA28F359FEA424C9A3780F9D6A08961B) (Version: 04/27/2012 5.1.2600.5512 - SIGMA Elektro GmbH)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.25_TME - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3171061452-4263852144-1531571965-1001_Classes\CLSID\{1542FC7D-8D51-43D5-B757-67C763F27BF4}\localserver32 -> C:\Users\Lynx\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.369\GatewayVersion-x64.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3171061452-4263852144-1531571965-1001_Classes\CLSID\{7ECF6F97-B4F3-4168-9835-F59C06D7875F}\InprocServer32 -> C:\Users\Lynx\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.369\GatewayActiveX-x64.dll (Microsoft Corporation)

==================== Restore Points =========================

18-06-2015 10:02:38 Geplanter Prüfpunkt
28-06-2015 15:13:41 Geplanter Prüfpunkt
03-07-2015 01:08:03 DirectX wurde installiert
09-07-2015 19:15:18 Removed Dual-Core Optimizer

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2015-07-09 19:25 - 00000938 ____R C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0333FDCB-AA26-4F55-AA9C-CCE310750266} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-07-06] (Glarysoft Ltd)
Task: {0AB1A48C-3664-4127-B5CE-8386A0A9D5AB} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {5451D4B3-B4B8-42CE-9BEC-2DFCCC37CE06} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01] (Google Inc.)
Task: {677ACAC3-8332-4008-BF3C-04091672F5A2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {9DF37369-510C-4774-9C84-8E9F2CDA14E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {A5E40770-25C2-42EC-89C4-AD182E37DD51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01] (Google Inc.)
Task: {BC81D61C-F774-4254-B8A4-E82CAEB7D2A2} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-07-06] (Glarysoft Ltd)
Task: {DE1ED4F7-59B1-4436-819D-A7615A96A27B} - System32\Tasks\Core Temp Autostart Lynx => C:\Users\Lynx\Desktop\Tool\test\Coretemp\Core Temp.exe
Task: {E2685575-9DD3-48AE-8CCF-BF3F39419233} - \BackgroundContainer Startup Task No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-09-07 14:47 - 2014-09-05 09:40 - 00138272 _____ () C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
2014-09-07 14:47 - 2014-09-05 09:40 - 00219680 _____ () C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-11-06 14:03 - 2014-08-10 11:40 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-06-16 11:17 - 2015-06-16 11:17 - 00382584 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2013-03-26 23:33 - 2012-09-28 10:10 - 00200704 _____ () C:\Windows\SysWOW64\HsMgr.exe
2013-03-26 23:33 - 2012-09-28 10:10 - 00282112 _____ () C:\Windows\System\HsMgr64.exe
2015-06-05 20:57 - 2015-04-20 11:12 - 00790016 _____ () C:\Program Files\NetWorx\sqlite.dll
2015-06-05 20:57 - 2015-03-17 14:00 - 00160064 _____ () C:\Program Files\NetWorx\nfapi.dll
2013-04-02 14:14 - 2012-09-25 11:26 - 01163264 _____ () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
2014-04-15 22:28 - 2014-04-15 22:28 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-11-26 11:50 - 2012-09-28 10:10 - 00143360 ____N () C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll
2013-04-02 14:13 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-12-18 10:35 - 2014-09-28 18:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2015-07-06 08:27 - 2015-07-06 08:27 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2015-07-14 16:41 - 2015-07-13 23:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 16:41 - 2015-07-13 23:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Lynx\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lynx\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\surface.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: SafeBox => 2
MSCONFIG\Services: UPDATESRV => 2
MSCONFIG\Services: VSSERV => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{DBE0F4F0-F77D-4D85-9622-DEC53250D5CE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{9458107B-DA9C-46E1-910F-1BFB56DAC150}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{29CA44B7-E8C0-4DF7-8E4F-E1F3DBE297B9}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{7ABD0489-2CF2-44F5-96AD-BB6B31861520}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{8CC8CB97-9A52-4FE6-B217-647C70F8798C}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{7BACBBC6-3C95-4AF3-9747-059B5213E0E0}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{BC60BA31-2B2B-4478-9723-17F0FB2895EF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{99108D1E-CE15-415B-88A9-5289B25A2164}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D9AA73A4-BB09-4E57-964D-DCA7BFA38E3A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9B8C1D7C-A51E-479C-92DB-08796857EC03}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{288C92FF-5A29-4058-9182-4C5B74848720}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{B0695EC9-E741-437E-A8F7-00BB43090A62}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{611D58D1-7819-4724-97ED-C0581D48374D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{EA363283-5449-4781-B955-2C99EAA14D0C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{0AC24DBD-C0B6-4B7E-A03B-D6BDD28ED963}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{73DB0B9A-8698-40BD-9D39-F6719EF741E2}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{35ADF468-3DC0-4452-B2B0-763D264E2627}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [UDP Query User{26A70BBB-D016-412A-8646-3F458CDAF839}C:\program files (x86)\guild wars 2\gw2.exe] => (Block) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{F461AC8F-406C-4EC7-8E8C-D8E2BC6F877A}C:\program files (x86)\guild wars 2\gw2.exe] => (Block) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{CE542427-DE7B-43C1-AA5B-7ADAA3CBD98E}C:\program files (x86)\guild wars 2\gw2.tmp] => (Block) C:\program files (x86)\guild wars 2\gw2.tmp
FirewallRules: [TCP Query User{8C0EE13B-C9A1-4B57-9984-490A70778786}C:\program files (x86)\guild wars 2\gw2.tmp] => (Block) C:\program files (x86)\guild wars 2\gw2.tmp
FirewallRules: [{2050AAF9-ABCF-4F2C-9CB6-099556BF0126}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{1AA99CEB-4983-4477-B285-D7CF6D02A654}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{A92185F9-3B5C-4A2B-BCF3-2F81AD335F85}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{E58863C2-A668-4C65-B16D-B8B7CE39EB7F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [TCP Query User{D8CB9252-7FA6-40B8-8243-7D3F006A36C5}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{41B1F62B-CFE2-4634-945B-4FA5C7CCEF33}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{BD3327D6-9A8B-4653-890F-0271C9F507CB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CBE646C9-66A7-4973-B252-DDD4E35AC527}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{4291A19C-4A97-4F5B-9304-F79AE04E5906}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BD5A82C1-93BD-40D7-B8FC-702B8F9E232E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A01E36C6-62E8-4950-9213-E112614EA1CA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2770E487-4C59-4520-9F4A-497182DCAC23}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2C1E8A4A-77B0-4826-AE75-C8B877899670}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{B68883A5-6184-423A-AC0F-3D66D3960E72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{A98AF0D8-2BB3-4D80-ADCF-21A953F2CE8A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Darksiders\DarksidersPC.exe
FirewallRules: [{0543D67D-2A0E-479C-A52D-7CE1E01A8F4F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Darksiders\DarksidersPC.exe
FirewallRules: [TCP Query User{A3047585-CFFA-4D53-A5F9-A3502207B1D1}C:\users\lynx\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.351\pluginhost.exe] => (Allow) C:\users\lynx\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.351\pluginhost.exe
FirewallRules: [UDP Query User{6C0906B5-5D4F-4E36-91F1-29C3BD261706}C:\users\lynx\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.351\pluginhost.exe] => (Allow) C:\users\lynx\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.351\pluginhost.exe
FirewallRules: [{A52DD8D9-70CA-4C98-B61D-2657D3B25D21}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{7EE71D7A-B81C-4915-A013-DA64D6198830}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{59696D70-2F61-4978-9C8A-ADDE9EE90DE0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{EA62C5D5-69C6-4497-956A-76B267D9116E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{B9079510-5B2F-4182-8AAE-12CD76B8EEED}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{B2273F9C-BFB6-4D14-AE3E-9B00F4937129}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2015 10:24:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x1a44
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5

Error: (07/14/2015 10:24:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x810
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5

Error: (07/14/2015 10:22:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x22bc
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5

Error: (07/14/2015 04:47:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (07/14/2015 12:24:23 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (07/14/2015 11:28:11 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (07/13/2015 11:50:21 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (07/12/2015 01:27:20 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (07/12/2015 10:34:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003d85e
ID des fehlerhaften Prozesses: 0x1c5c
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5

Error: (07/12/2015 10:29:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AVKTray.exe, Version: 25.1.15062.313, Zeitstempel: 0x54f534d0
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0236002a
ID des fehlerhaften Prozesses: 0x988
Startzeit der fehlerhaften Anwendung: 0xAVKTray.exe0
Pfad der fehlerhaften Anwendung: AVKTray.exe1
Pfad des fehlerhaften Moduls: AVKTray.exe2
Berichtskennung: AVKTray.exe3
Vollständiger Name des fehlerhaften Pakets: AVKTray.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AVKTray.exe5


System errors:
=============
Error: (07/14/2015 10:37:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/14/2015 10:37:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst InstallDriver Table Manager erreicht.

Error: (07/14/2015 10:36:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/14/2015 10:36:30 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.

Error: (07/14/2015 10:35:56 PM) (Source: DCOM) (EventID: 10005) (User: BÜRO1)
Description: 1084WSearchNicht verfügbar{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (07/14/2015 10:35:56 PM) (Source: DCOM) (EventID: 10005) (User: BÜRO1)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/14/2015 10:35:56 PM) (Source: DCOM) (EventID: 10005) (User: BÜRO1)
Description: 1084AVKProxy-Service{9CC0C66E-A7B9-4611-8792-EE9833277273}

Error: (07/14/2015 10:35:51 PM) (Source: DCOM) (EventID: 10005) (User: BÜRO1)
Description: 1084AVKProxy-Service{9CC0C66E-A7B9-4611-8792-EE9833277273}

Error: (07/14/2015 10:35:48 PM) (Source: DCOM) (EventID: 10005) (User: BÜRO1)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/14/2015 10:35:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office:
=========================
Error: (07/14/2015 10:24:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa1a4401d0be730eabddb7C:\Users\Lynx\Downloads\Gmer-19357.exeC:\Users\Lynx\Downloads\Gmer-19357.exe5022f348-2a66-11e5-8231-bc5ff49b57b2

Error: (07/14/2015 10:24:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa81001d0be73046c0c69C:\Users\Lynx\Downloads\Gmer-19357.exeC:\Users\Lynx\Downloads\Gmer-19357.exe45d16e6f-2a66-11e5-8231-bc5ff49b57b2

Error: (07/14/2015 10:22:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa22bc01d0be72cf5ce452C:\Users\Lynx\Downloads\Gmer-19357.exeC:\Users\Lynx\Downloads\Gmer-19357.exe11d2844a-2a66-11e5-8231-bc5ff49b57b2

Error: (07/14/2015 04:47:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (07/14/2015 12:24:23 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (07/14/2015 11:28:11 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (07/13/2015 11:50:21 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (07/12/2015 01:27:20 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (07/12/2015 10:34:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85e1c5c01d0bc7cedd331acC:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dllc9f8cae3-2870-11e5-822b-bc5ff49b57b2

Error: (07/12/2015 10:29:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AVKTray.exe25.1.15062.31354f534d0unknown0.0.0.000000000c00000050236002a98801d0bc655e322fdaC:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exeunknown2c399a69-2870-11e5-822b-bc5ff49b57b2


CodeIntegrity Errors:
===================================
  Date: 2015-07-14 22:36:24.269
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-14 22:27:55.487
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-14 20:50:58.160
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-14 14:57:56.456
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-14 12:08:29.425
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-14 11:11:32.722
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-13 11:28:03.831
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-12 13:06:22.503
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-12 07:40:58.768
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-11 20:51:07.299
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 28%
Total physical RAM: 8162.86 MB
Available physical RAM: 5830.05 MB
Total Virtual: 12762.86 MB
Available Virtual: 9496.03 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:209.34 GB) (Free:52.36 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:185.53 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:465.76 GB) (Free:214.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive g: (MobileWiFi) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive i: () (Removable) (Total:7.53 GB) (Free:7.25 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E1CD7899)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=209.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: C2C51141)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 047C8D10)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================

--- --- ---

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-14 23:23:10
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_Series rev.DXT09B0Q 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\Lynx\AppData\Local\Temp\pxldqpog.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                                                fffff96000238d00 15 bytes [00, A9, F3, 01, 80, 64, 6D, ...]
.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16                                                                                           fffff96000238d10 11 bytes [00, 91, FC, FF, 00, BF, CA, ...]

---- User code sections - GMER 2.1 ----

.text   C:\Windows\System\HsMgr64.exe[5524] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance                                                           00007ff86012d050 7 bytes JMP 00007ff9600100d8
.text   C:\Windows\System\HsMgr64.exe[5524] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstanceEx                                                         00007ff860151340 7 bytes JMP 00007ff960010110
.text   C:\Windows\System\HsMgr64.exe[5524] C:\WINDOWS\SYSTEM32\DSOUND.dll!DirectSoundCreate8                                                          00007ff8499ec7c0 5 bytes JMP 00007ff860010180
.text   C:\Windows\System\HsMgr64.exe[5524] C:\WINDOWS\SYSTEM32\DSOUND.dll!DirectSoundCaptureCreate8                                                   00007ff8499f0b50 7 bytes JMP 00007ff8600105a8
.text   C:\Windows\System\HsMgr64.exe[5524] C:\WINDOWS\SYSTEM32\DSOUND.dll!DirectSoundCaptureCreate                                                    00007ff849a07f30 7 bytes JMP 00007ff860010570
.text   C:\Windows\System\HsMgr64.exe[5524] C:\WINDOWS\SYSTEM32\DSOUND.dll!DirectSoundCreate                                                           00007ff849a08050 7 bytes JMP 00007ff860010148
.text   C:\Windows\System\HsMgr64.exe[5524] C:\WINDOWS\SYSTEM32\DSOUND.dll!DirectSoundFullDuplexCreate                                                 00007ff849a08170 5 bytes JMP 00007ff8600105e0

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [536:560]                                                                                                        fffff9600098d2d0

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions                                                                                        NOEXECUTE=OPTIN  USEPLATFORMCLOCK  SAFEBOOT:NETWORK  BOOTLOG  NOGUIBOOT  BOOTLOGO
Reg     HKLM\SYSTEM\CurrentControlSet\Control@LastBootSucceeded                                                                                        0
Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime                                                                              0xC6 0x1B 0xCE 0x92 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime                                                                          0xD4 0x4C 0xCD 0x07 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime                                                                                 0xE6 0x69 0xCE 0x92 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime                                                                             0xF5 0x9A 0xCD 0x07 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@de-DE                                                                          295
Reg     HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\ACR0204LR0080084201_2B_07DA_B3^C6AC641E00AB7DB27383C40757AE9E6A@Timestamp  0x4F 0x9E 0xAB 0x93 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid                                                                                               580
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment@SAFEBOOT_OPTION                                                              NETWORK
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber                                                             4522547
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                              -791322182
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId                                              300
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime                                            447850393
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime                                                                           8441
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime                                                                         8151
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID                                                                               6e427c2b-d90f-486e-9a71-e98781a
Reg     HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter                                                                 3
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{b3a5103f-3270-4949-8f77-ca07d24ae2ee}@LastProbeTime                          1436913264
Reg     HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge                                                                    2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime                                                                ?Di?, ?Jul ?14 ?15, 08:54:46???????????????????????????????????
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                                7604
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                               1726
Reg     HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence                                                                         295
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C7B339BB-30C0-448F-824F-F56A70FCDF7C}@LeaseObtainedTime                    1436906020
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C7B339BB-30C0-448F-824F-F56A70FCDF7C}@T1                                   1436949220
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C7B339BB-30C0-448F-824F-F56A70FCDF7C}@T2                                   1436981620
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C7B339BB-30C0-448F-824F-F56A70FCDF7C}@LeaseTerminatesTime                  1436992420
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop                                                               0
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw                                                                                             0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask                                                                                         0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw                                                                                             0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask                                                                                         0x64 0x62 0x03 0x00 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU@MRUList                                                                         cab
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown                                                                 1
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\GWX\Usage@UsageTime                                                                             0x9A 0x72 0xE6 0x2C ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@Layout_MaximumAvailableHeightCells                                          8
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@Layout_AvailableHeightCells                                                 8
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime                                       0xC7 0xFB 0x40 0x31 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime                                  0xC7 0xFB 0x40 0x31 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime                                         0xC7 0xFB 0x40 0x31 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime                                        0xC7 0xFB 0x40 0x31 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken                                                        LM%3d63572495440247%3bID%3d3293C64BF5CD38C2!104%3bLR%3d63572502314290%3bEP%3d4%3bTD%3dTrue%3bSO%3d0
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest                                         0xB9 0x4E 0xBA 0x7B ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations                                                          6

---- EOF - GMER 2.1 ----

Code:

ATTFilter

AVA 25.2518
GD 25.5358

*** Prozess ***

Prozess: 820
Dateiname: erunt.exe
Pfad: c:\windows\erunt.exe

Herausgeber: Unbekannter Herausgeber
Erstelldatum: 02/22/13 15:05:21
Änderungsdatum: 02/22/13 02:04:50

Gestartet von: cmd.exe
Herausgeber: Microsoft Windows


*** Aktionen ***

Ein Packer wurde auf die Programmdatei angewandt. Möglicherweise um schädliche Inhalte zu verbergen.
Das Programm hat in Dateien oder Ordnern geschrieben, die genutzt werden können, um das System zu gefährden.
Das Programm hat Werte in der System-Registrierung verändert die genutzt werden können um das System zu gefährden.

YGLRtuLAcnJycmJi0HJycnJiYuBycicnd2JicCp0ckInJyYGt3JycnJiYnAsJycnJyYGaHJycnJiYoArJycnJyYGmXJykCsWbSsJyXJycKdycnB4cnJycmJicJlycnJyYmJwunKxXmO2cnKxXmO2cmJicI5ycgAA
Version der Regeln: 5.0.59
OS: Windows 6.2 Service Pack 0.0 Build: 9200 - Workstation 64bit OS
Version der dll: 53604

ERUNT.exe  C:\FRST\HIVES silent sysreg curuser /noconfirmdelete /noprogresswindow
MD5: 2E0323A94915FAAB10A25F3BABF82584
C:\WINDOWS\system32\cmd.exe /c ERUNT.exe C:\FRST\HIVES silent sysreg curuser /noconfirmdelete /noprogresswindow
MD5:

Warlord711 · 15.07.2015, 07:44

Hinweis: Registry Cleaner

Ich sehe, dass du sogenannte Registry Cleaner installiert hast.
In deinem Fall Glary Utilities.

Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab.

Der Grund ist ganz einfach:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler.
Zerstörst du die Registry, zerstörst du Windows.

Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich.

Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über

Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)

zu deinstallieren.

Das von GData gemeldet ERUNT wird von FRST aufgerufen und ist ein bewährtes Programm, um von der Registry eine Sicherung zu erstellen.

GData blockiert gern hilfreiche Tools, deswegen am besten für den Dauer der Bereinigung bzw. beim Einsatz der folgenden Tools, GData deaktivieren.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

lynx007 · 15.07.2015, 11:50

Habe GU entfernt.

Code:

ATTFilter

# AdwCleaner v4.208 - Bericht erstellt 15/07/2015 um 12:42:58
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-15.1 [Server]
# Betriebssystem : Windows 8.1 Pro  (x64)
# Benutzername : Lynx - BÜRO1
# Gestarted von : C:\Users\Lynx\Desktop\Neuer Ordner\AdwCleaner_4.208.exe
# Option : Löschen

**** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba
Datei Gelöscht : C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
Datei Gelöscht : C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage
Datei Gelöscht : C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcdjknjpbnhdoabbngpmfekaecnpajba_0.localstorage-journal
Datei Gelöscht : C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ippenodjaoidmkkfdlmdhofiebnpjddb_0.localstorage
Datei Gelöscht : C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_skateboardmsm.de_0.localstorage
Datei Gelöscht : C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_skateboardmsm.de_0.localstorage-journal

***** [ Geplante Tasks ] *****

Task Gelöscht : BackgroundContainer Startup Task

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v


-\\ Google Chrome v43.0.2357.134


*************************

AdwCleaner[R0].txt - [4701 Bytes] - [19/12/2013 02:10:57]
AdwCleaner[R1].txt - [2172 Bytes] - [15/07/2015 12:38:59]
AdwCleaner[R2].txt - [2231 Bytes] - [15/07/2015 12:41:11]
AdwCleaner[S0].txt - [4552 Bytes] - [19/12/2013 02:11:59]
AdwCleaner[S1].txt - [2105 Bytes] - [15/07/2015 12:42:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2164  Bytes] ##########

Wie kann ich GDATA vollständig deaktivieren? Hab den Virenwächter, Firewall und den Autopiloten deaktiviert. Dennoch wurde JMT prommt in die Quarantäne geschoben und möchte einen neustart .... :-( War total überrascht, normalerweise Frägt er mich bei sowas und lässt mir die wahl. xD Bekomme ich den ausgeschaltet ohne gleich zu deinstallieren? msconfig? oder sitzt der zu tief und ich muss ihn vollständig deinstalieren? Notfalls geht auch das, wobei es mir aufgrund der Trafic ein deaktivieren lieber wäre, falls möglich. Habe das Objekt zurückbewegt und im die rechte gegeben das es ausgefürt wird. Reicht das? Oder verfälscht das den Scann?

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.9 (07.14.2015:2)
OS: Windows 8.1 Pro x64
Ran by Lynx on 15.07.2015 at 12:55:19,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A2D5EBA-F86D-4BD3-A177-019765996711}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}



~~~ Files

Successfully deleted: [File] C:\ProgramData\1396390413.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1428779286.bdinstall.bin



~~~ Folders



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Lynx\appdata\local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
Successfully deleted: [Folder] C:\Users\Lynx\appdata\local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba

[C:\Users\Lynx\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Lynx\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
elicpjhcidhpjomhibiffojpinpmmpil
hcdjknjpbnhdoabbngpmfekaecnpajba

[C:\Users\Lynx\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Lynx\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  elicpjhcidhpjomhibiffojpinpmmpil,
  hcdjknjpbnhdoabbngpmfekaecnpajba
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.07.2015 at 12:58:32,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Update, 15.07.2015 13:01:56, SYSTEM, BÃ?RO1, Manual, Rootkit Database, 2015.2.25.1, 2015.7.14.1, 
Update, 15.07.2015 13:01:56, SYSTEM, BÃ?RO1, Manual, Remediation Database, 2015.3.9.1, 2015.7.14.1, 
Update, 15.07.2015 13:01:56, SYSTEM, BÃ?RO1, Manual, IP Database, 0.0.0.0, 2015.6.12.1, 
Update, 15.07.2015 13:01:56, SYSTEM, BÃ?RO1, Manual, Domain Database, 0.0.0.0, 2015.6.12.1, 
Update, 15.07.2015 13:02:04, SYSTEM, BÃ?RO1, Manual, Malware Database, 2015.3.9.5, 2015.7.15.3, 
Scan, 15.07.2015 13:13:13, SYSTEM, BÃ?RO1, Manual, Start: 15.07.2015 13:02:53, Dauer: 10 Minuten 20 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "0" nicht-Malwareerkennung, 

(end)

von dem habe ich noch einen alten log über, an dem tag wurde auch etwas in die quarantäne gesteckt. Bin mir aber nicht sicher ob es nur ein fehlalarm war.

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 10.05.2015 10:55:29, SYSTEM, BÃ?RO1, Protection, Malware Protection, Starting, 
Protection, 10.05.2015 10:55:29, SYSTEM, BÃ?RO1, Protection, Malware Protection, Started, 
Protection, 10.05.2015 10:55:29, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Starting, 
Protection, 10.05.2015 10:55:29, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Started, 
Update, 10.05.2015 10:55:47, SYSTEM, BÃ?RO1, Manual, Rootkit Database, 2015.2.25.1, 2015.4.21.1, 
Update, 10.05.2015 10:55:47, SYSTEM, BÃ?RO1, Manual, Remediation Database, 2015.3.9.1, 2015.5.9.1, 
Update, 10.05.2015 10:55:57, SYSTEM, BÃ?RO1, Manual, Malware Database, 2015.3.9.5, 2015.5.10.2, 
Protection, 10.05.2015 10:55:57, SYSTEM, BÃ?RO1, Protection, Refresh, Starting, 
Protection, 10.05.2015 10:55:57, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopping, 
Protection, 10.05.2015 10:55:57, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopped, 
Protection, 10.05.2015 10:56:04, SYSTEM, BÃ?RO1, Protection, Refresh, Success, 
Protection, 10.05.2015 10:56:04, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Starting, 
Protection, 10.05.2015 10:56:04, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Started, 
Update, 10.05.2015 10:56:08, SYSTEM, BÃ?RO1, Manual, Remediation Database, 2015.3.9.1, 2015.5.9.1, 
Protection, 10.05.2015 10:56:09, SYSTEM, BÃ?RO1, Protection, Refresh, Starting, 
Protection, 10.05.2015 10:56:09, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopping, 
Protection, 10.05.2015 10:56:09, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopped, 
Protection, 10.05.2015 10:56:15, SYSTEM, BÃ?RO1, Protection, Refresh, Success, 
Protection, 10.05.2015 10:56:15, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Starting, 
Protection, 10.05.2015 10:56:19, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Started, 
Scan, 10.05.2015 11:17:35, SYSTEM, BÃ?RO1, Manual, Start: 10.05.2015 10:59:26, Dauer: 16 Minuten 20 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "1" nicht-Malwareerkennung, 
Protection, 10.05.2015 12:58:17, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopping, 
Protection, 10.05.2015 12:58:17, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopped, 
Protection, 10.05.2015 12:58:17, SYSTEM, BÃ?RO1, Protection, Malware Protection, Stopping, 
Protection, 10.05.2015 12:58:22, SYSTEM, BÃ?RO1, Protection, Malware Protection, Stopped, 
Protection, 10.05.2015 13:02:31, SYSTEM, BÃ?RO1, Protection, Malware Protection, Starting, 
Protection, 10.05.2015 13:02:31, SYSTEM, BÃ?RO1, Protection, Malware Protection, Started, 
Protection, 10.05.2015 13:02:31, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Starting, 
Protection, 10.05.2015 13:03:28, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Started, 
Update, 10.05.2015 13:59:37, SYSTEM, BÃ?RO1, Scheduler, Malware Database, 2015.5.10.2, 2015.5.10.3, 
Protection, 10.05.2015 13:59:37, SYSTEM, BÃ?RO1, Protection, Refresh, Starting, 
Protection, 10.05.2015 13:59:37, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopping, 
Protection, 10.05.2015 13:59:38, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopped, 
Protection, 10.05.2015 13:59:47, SYSTEM, BÃ?RO1, Protection, Refresh, Success, 
Protection, 10.05.2015 13:59:47, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Starting, 
Protection, 10.05.2015 13:59:47, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Started, 
Update, 10.05.2015 16:06:06, SYSTEM, BÃ?RO1, Scheduler, Malware Database, 2015.5.10.3, 2015.5.10.4, 
Protection, 10.05.2015 16:06:07, SYSTEM, BÃ?RO1, Protection, Refresh, Starting, 
Protection, 10.05.2015 16:06:07, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopping, 
Protection, 10.05.2015 16:06:07, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopped, 
Protection, 10.05.2015 16:06:15, SYSTEM, BÃ?RO1, Protection, Refresh, Success, 
Protection, 10.05.2015 16:06:15, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Starting, 
Protection, 10.05.2015 16:06:15, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Started, 
Update, 10.05.2015 16:43:11, SYSTEM, BÃ?RO1, Scheduler, Malware Database, 2015.5.10.4, 2015.5.10.5, 
Protection, 10.05.2015 16:43:11, SYSTEM, BÃ?RO1, Protection, Refresh, Starting, 
Protection, 10.05.2015 16:43:11, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopping, 
Protection, 10.05.2015 16:43:12, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Stopped, 
Protection, 10.05.2015 16:43:20, SYSTEM, BÃ?RO1, Protection, Refresh, Success, 
Protection, 10.05.2015 16:43:20, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Starting, 
Protection, 10.05.2015 16:43:21, SYSTEM, BÃ?RO1, Protection, Malicious Website Protection, Started, 

(end)

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Lynx (administrator) on BÜRO1 on 15-07-2015 13:26:00
Running from C:\Users\Lynx\Desktop\Neuer Ordner
Loaded Profiles: Lynx (Available Profiles: Lynx & asdf & GameOne & Administrator)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(G DATA Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2012-09-28] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2012-09-28] ()
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6714472 2015-04-20] (SoftPerfect Research)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1864312 2015-06-16] (G DATA Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: G - "G:\StarCraft II Setup.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {020a0173-84af-11e4-8121-f3961ac82c14} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {04e691fc-8044-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {04e69238-8044-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {04e69306-8044-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {04e69add-8044-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {0e809422-7b9e-11e4-8115-f77993d69a7e} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {1402e90a-1006-11e5-81ff-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {1402e936-1006-11e5-81ff-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {1402e961-1006-11e5-81ff-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {1c9b5243-81c9-11e4-811e-a171e9ee8aa0} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {2024620d-7c54-11e4-8117-8a2dc101f76e} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {2bb89a14-8961-11e4-812a-82be54052a10} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {41642107-f681-11e4-81c6-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {42bb8f9b-0820-11e5-81ee-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {5425a063-d06f-11e2-be96-962745884476} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {5681dade-8754-11e4-8125-e4c02fffe7b6} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {602ed588-2080-11e5-821a-bc5ff49b57b2} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {61795401-b66d-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {71e31c43-89a4-11e4-812b-98c65f152381} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {760bc187-b8cb-11e4-816f-c4355dd57672} - "I:\autorun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {7f78bb87-7ea4-11e4-8119-bb79d2cffb58} - "I:\autorun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {7f78bbca-7ea4-11e4-8119-bb79d2cffb58} - "I:\autorun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {8a7c7d08-a273-11e4-8148-f5a56fa14f71} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {8a7c7d74-a273-11e4-8148-f5a56fa14f71} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {9244bd9c-fcb4-11e4-81de-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {a1dc5abc-7e18-11e4-8118-aeb9a153bd8e} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {a21fd9b2-b48e-11e4-815d-9eafbcb2d3b9} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {a21fd9da-b48e-11e4-815d-9eafbcb2d3b9} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {a28a761e-10c5-11e5-8200-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {ae18e9a0-a357-11e4-8149-97076599412e} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {ae18eafe-a357-11e4-8149-97076599412e} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {aeecd083-88ee-11e4-8129-806c020fe1a9} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b63bf765-07dc-11e5-81ed-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b63bf7a2-07dc-11e5-81ed-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b63bf7ce-07dc-11e5-81ed-bc5ff49b57b2} - "I:\autorun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b63bf7fe-07dc-11e5-81ed-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b84604c1-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b84604f6-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b8460559-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b8460946-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {b84609bd-84f8-11e4-8122-b56aafda7137} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {bf3cdaa7-814f-11e4-811c-cbbe4fc69574} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {c00238a7-27fd-11e5-822a-bc5ff49b57b2} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce05f25-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce067e0-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce0681a-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce06850-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce06881-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce068ba-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce068f0-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce06936-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {cce069a2-b56c-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {d627b92c-1b09-11e5-8211-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {dcfa1ee0-1203-11e5-8203-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {dfd179af-0a91-11e5-81f2-bc5ff49b57b2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {e1765eec-7926-11e4-8112-b126ba4a7607} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {e1765f1c-7926-11e4-8112-b126ba4a7607} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {e176669c-7926-11e4-8112-b126ba4a7607} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {e728a784-85c2-11e4-8123-cd986dcb0dac} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {f2ac2242-26cb-11e5-8229-bc5ff49b57b2} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {f6308941-b6c5-11e4-816e-dcc58f51a083} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\...\MountPoints2: {fabed4b4-829b-11e4-811f-8a75175685a0} - "F:\AutoRun.exe" 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://expertzone.microsoft.com/Home.aspx
HKU\S-1-5-21-3171061452-4263852144-1531571965-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://google.de/
https://googlemail.com/
https://meine.deutsche-bank.de/trxm/db/
https://easybill.de/
hxxp://promotionbasis.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3171061452-4263852144-1531571965-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-23] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4284259D-18DF-4D86-ACE1-40E748E2D1BD}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{C7B339BB-30C0-448F-824F-F56A70FCDF7C}: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602
FF SelectedSearchEngine: 
FF Homepage: https://mail.google.com/mail/u/0/?shva=1#inbox
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-3171061452-4263852144-1531571965-1001: SkypeForBusinessPlugin-15.8 -> C:\Users\Lynx\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.369\npGatewayNpapi.dll [2015-04-20] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3171061452-4263852144-1531571965-1001: SkypeForBusinessPlugin64-15.8 -> C:\Users\Lynx\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.369\npGatewayNpapi-x64.dll [2015-04-20] (Microsoft Corporation)
FF Extension: Ghostery - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\firefox@ghostery.com.xpi [2015-04-14]
FF Extension: Shoptimate - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\support@shoptimate.com.xpi [2015-01-25]
FF Extension: PAYBACK Internet Assistent fuer Firefox - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\toolbar-ff@payback.de.xpi [2015-03-29]
FF Extension: Youtube and more - Easy Video Downloader - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\vdpure@link64.xpi [2015-02-04]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2015-01-24]
FF Extension: Adblock Plus - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-25]
FF Extension: DownThemAll! - C:\Users\Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\nvoeywbl.default-1421962251602\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-01-25]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-06-08]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome: 
=======
CHR Profile: C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-05-09]
CHR Extension: (SoundCloud Downloader) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjckonbgbnaihkahaolpfjpllplfifjo [2015-01-24]
CHR Extension: (Adblock Plus) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-02]
CHR Extension: (Porsche) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg [2015-05-15]
CHR Extension: (FoxyDeal) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jelbcgibfifpplacnbbflieigmcbpkec [2015-05-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (SoundCloud Downloader Free) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci [2015-01-24]
CHR Extension: (Flashcontrol) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-05-14]
CHR Extension: (Ghostery) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-05-14]
CHR Extension: (GetThemAll Video Downloader) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2015-05-14]
CHR Extension: (Google Wallet) - C:\Users\Lynx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR HKLM-x32\...\Chrome\Extension: [Lynx] - No Path Or update_url value

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2558072 2015-06-19] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [966776 2015-06-16] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [3711712 2015-06-16] (G Data Software AG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3202368 2015-06-19] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789624 2015-06-16] (G Data Software AG)
S2 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [138272 2014-09-05] ()
S2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [219680 2014-09-05] ()
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-06] ()
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-10] ()
S2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 cmudaxp; C:\Windows\system32\drivers\cmudaxp.sys [2733568 2012-09-28] (C-Media Inc)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [158720 2015-07-14] (G Data Software AG)
S0 GDElam; C:\Windows\System32\DRIVERS\GDElam.sys [117904 2015-01-08] (G Data Software AG)
R3 GDKBB; C:\WINDOWS\system32\drivers\GDKBB64.sys [27648 2015-05-14] (G Data Software AG)
R1 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt64.sys [20992 2015-05-14] (G Data Software AG)
R1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [230912 2015-07-14] (G Data Software AG)
R3 GDPkIcpt; C:\WINDOWS\system32\drivers\PktIcpt.sys [91648 2015-07-14] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [68608 2015-07-14] (G Data Software AG)
R1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [106272 2015-05-17] (G Data Software)
R1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [125952 2015-07-14] (G Data Software AG)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated) [File not signed]
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-15] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S1 mbmiodrvr; C:\Windows\syswow64\mbmiodrvr.sys [4608 2004-04-10] (cansoft@livewiredev.com) [File not signed]
S3 MEMSWEEP2; C:\WINDOWS\system32\3FF2.tmp [6144 2009-06-18] (Sophos Plc) [File not signed]
R1 networx; C:\Windows\System32\drivers\networx.sys [60736 2015-03-17] (NetFilterSDK.com)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-15 13:01 - 2015-07-15 13:02 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-15 13:01 - 2015-07-15 13:01 - 00001118 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-15 13:01 - 2015-07-15 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-15 13:01 - 2015-07-15 13:01 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-15 13:01 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-15 13:01 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-15 13:01 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-15 12:58 - 2015-07-15 12:58 - 00002185 _____ C:\Users\Lynx\Desktop\JRT.txt
2015-07-15 12:46 - 2015-07-15 12:46 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-bÜro1-windows-8.1-pro-(64-bit).dat
2015-07-15 12:46 - 2015-07-15 12:46 - 00000000 ____D C:\RegBackup
2015-07-15 12:37 - 2015-07-15 12:38 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Lynx\Downloads\mbam-setup-2.1.6.1022 (2).exe
2015-07-14 23:10 - 2015-07-15 13:21 - 00000000 ____D C:\Users\Lynx\Desktop\Neuer Ordner
2015-07-14 22:22 - 2015-07-14 22:22 - 00380416 _____ C:\Users\Lynx\Downloads\Gmer-19357 (1).exe
2015-07-14 22:16 - 2015-07-15 13:26 - 00000000 ____D C:\FRST
2015-07-14 22:16 - 2015-07-14 22:16 - 00000000 _____ C:\Users\Lynx\defogger_reenable
2015-07-14 14:56 - 2015-07-14 14:56 - 00003840 _____ C:\WINDOWS\DPINST.LOG
2015-07-14 14:56 - 2015-07-14 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY
2015-07-14 14:55 - 2015-07-14 14:55 - 00000000 _____ C:\Users\Lynx\Desktop\Neues Textdokument (3).txt
2015-07-10 22:20 - 2015-07-10 22:22 - 133389698 _____ C:\Users\Lynx\Downloads\Latex-Orgie - GUTERPORNCOM.flv
2015-07-10 08:47 - 2015-07-10 08:48 - 08765440 _____ C:\Users\Lynx\Downloads\SkypeForBusinessPlugin (1).msi
2015-07-09 23:59 - 2015-07-10 00:11 - 102040672 _____ C:\Users\Lynx\Downloads\Katie Jordin Latex Sex - Fetisch sex video - Tube8com.mp4
2015-07-09 23:57 - 2015-07-10 00:03 - 55641385 _____ C:\Users\Lynx\Downloads\Fetish latex and boots fuck - Hardcore sex video - Tube8com.mp4
2015-07-09 23:55 - 2015-07-10 00:00 - 45240671 _____ C:\Users\Lynx\Downloads\Latex Maid Fucked - Hardcore sex video - Tube8com.mp4
2015-07-09 20:56 - 2015-07-09 20:56 - 00000000 _____ C:\Recovery.txt
2015-07-09 19:25 - 2015-06-09 22:57 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150709-192501.backup
2015-07-09 19:21 - 2015-07-09 19:21 - 15201344 _____ C:\Users\Lynx\Downloads\gu5setup (2).exe
2015-07-09 19:20 - 2015-07-09 19:21 - 15201344 _____ C:\Users\Lynx\Downloads\gu5setup (1).exe
2015-07-09 19:16 - 2015-05-09 22:44 - 00004299 _____ C:\Quarantine.lst
2015-07-09 18:35 - 2015-07-09 18:35 - 00000598 _____ C:\Users\Lynx\Desktop\Start Emsisoft Emergency Kit.lnk
2015-07-09 18:33 - 2015-07-09 00:14 - 00136456 _____ (Emsisoft GmbH) C:\WINDOWS\system32\Drivers\epp64.sys
2015-07-09 18:25 - 2015-07-09 18:32 - 160550488 _____ C:\Users\Lynx\Downloads\EmsisoftEmergencyKit.exe
2015-07-08 15:53 - 2015-07-08 15:53 - 00131174 _____ C:\Users\Lynx\Downloads\Promoter_Personalbogen_Vorlage.pptx
2015-07-07 23:04 - 2011-05-31 18:11 - 00415744 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbwwan.sys
2015-07-07 23:04 - 2011-05-03 16:42 - 00222464 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys
2015-07-07 23:04 - 2011-02-25 19:02 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys
2015-07-07 23:04 - 2011-01-30 19:20 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juwwanecm.sys
2015-07-07 23:04 - 2011-01-30 19:19 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys
2015-07-07 23:04 - 2011-01-30 19:19 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys
2015-07-07 23:04 - 2011-01-30 19:19 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys
2015-07-07 23:04 - 2010-10-08 17:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys
2015-07-07 23:04 - 2010-09-26 19:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys
2015-07-07 23:04 - 2010-08-06 08:43 - 01001472 _____ (DiBcom SA) C:\WINDOWS\system32\Drivers\mod7700.sys
2015-07-07 23:04 - 2010-07-27 10:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys
2015-07-07 23:04 - 2010-03-20 13:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys
2015-07-03 09:33 - 2015-05-07 19:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-03 09:33 - 2015-05-07 18:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-03 09:32 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-03 09:32 - 2015-05-12 02:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-07-03 09:32 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-03 09:32 - 2015-05-07 19:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-03 09:32 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-03 09:32 - 2015-05-07 18:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-03 09:32 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-03 09:32 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-03 09:32 - 2015-05-03 17:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-03 09:32 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-03 09:32 - 2015-05-03 16:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-03 09:32 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-03 09:32 - 2015-05-03 16:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-03 09:32 - 2015-05-03 16:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-03 09:32 - 2015-05-03 02:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-03 09:32 - 2015-05-02 01:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-03 09:32 - 2015-05-01 03:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-07-03 09:32 - 2015-05-01 03:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-07-03 09:32 - 2015-05-01 03:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-07-03 09:32 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-03 09:32 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-03 09:32 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-03 09:32 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-03 09:32 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-03 09:32 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-03 01:15 - 2015-07-03 01:15 - 00000000 ____D C:\Users\Lynx\Documents\The Witcher
2015-07-03 01:15 - 2015-07-03 01:15 - 00000000 ____D C:\Users\Lynx\AppData\Local\The Witcher
2015-07-03 01:09 - 2015-07-03 01:09 - 00018435 _____ C:\WINDOWS\DirectX.log
2015-07-03 01:07 - 2015-07-03 01:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher Enhanced Edition
2015-07-03 00:56 - 2015-07-03 01:07 - 00000000 ____D C:\Program Files (x86)\The Witcher Enhanced Edition
2015-07-03 00:56 - 2015-07-03 01:06 - 00000000 ____D C:\Users\Public\Documents\The Witcher
2015-07-02 17:25 - 2015-07-02 17:27 - 00000000 ____D C:\Users\Lynx\Downloads\Sound Cloud
2015-07-01 14:38 - 2015-07-01 14:43 - 45827960 _____ C:\Users\Lynx\Downloads\Rich Bitch Sucking Off The Poor Bell-boy movie (Danny D Rebecca Moore Cathy Heaven)  MILF Fox.mp4
2015-07-01 14:36 - 2015-07-01 14:43 - 45180522 _____ C:\Users\Lynx\Downloads\Great Looking Nurse Likes Hard Dicks movie (Jayden Jaymes)  MILF Fox.mp4
2015-06-27 22:50 - 2015-06-27 22:51 - 04343907 _____ C:\Users\Lynx\Downloads\TV-20150627-2107-0201.websm.h264.mp4
2015-06-27 22:45 - 2015-06-27 22:45 - 11207009 _____ C:\Users\Lynx\Downloads\TV-20150627-2142-2801.websm.h264.mp4
2015-06-24 13:10 - 2015-06-24 13:10 - 00009336 ____N (G*DATA Software AG) C:\WINDOWS\SysWOW64\GdScrSv.de.dll
2015-06-24 12:06 - 2015-06-24 12:06 - 02230392 ____N (G Data Software AG) C:\WINDOWS\SysWOW64\GdScrSv.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-15 13:17 - 2015-01-06 18:51 - 00000000 __RDO C:\Users\Lynx\OneDrive
2015-07-15 13:16 - 2013-03-26 22:58 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3171061452-4263852144-1531571965-1001
2015-07-15 13:15 - 2015-05-17 20:47 - 01924865 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-15 13:15 - 2014-03-29 09:28 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-15 13:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-15 12:50 - 2014-09-24 08:16 - 01870968 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-15 12:50 - 2014-09-24 07:43 - 00799712 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-15 12:50 - 2014-09-24 07:43 - 00174252 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-15 12:43 - 2015-05-17 18:49 - 00091887 _____ C:\WINDOWS\setupact.log
2015-07-15 12:43 - 2013-12-19 02:10 - 00000000 ____D C:\AdwCleaner
2015-07-15 12:43 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-15 12:43 - 2013-08-22 15:25 - 01572864 ___SH C:\WINDOWS\system32\config\BBI
2015-07-15 12:43 - 2013-05-01 03:13 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-15 12:41 - 2013-05-01 03:13 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-15 12:30 - 2015-05-10 12:38 - 00000000 ____D C:\ProgramData\GlarySoft
2015-07-15 12:30 - 2015-05-10 11:56 - 00000000 ____D C:\Users\Lynx\AppData\Roaming\GlarySoft
2015-07-15 12:30 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-14 22:27 - 2014-11-28 21:01 - 00000000 ____D C:\Users\Lynx
2015-07-14 19:15 - 2014-03-29 09:28 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-14 14:56 - 2015-05-14 23:31 - 00230912 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\MiniIcpt.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00158720 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\GDBehave.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00125952 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\HookCentre.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00091648 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\PktIcpt.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00068608 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\gdwfpcd64.sys
2015-07-14 14:56 - 2015-05-14 23:31 - 00001998 _____ C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2015-07-14 14:56 - 2015-05-14 23:31 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2015-07-14 14:56 - 2015-04-11 23:47 - 00000000 ____D C:\ProgramData\G Data
2015-07-14 14:56 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\tracing
2015-07-12 13:32 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-12 13:22 - 2013-03-26 22:50 - 00000000 ____D C:\Users\Lynx\AppData\Local\Packages
2015-07-09 19:56 - 2015-05-18 09:18 - 00007782 _____ C:\WINDOWS\PFRO.log
2015-07-09 19:56 - 2013-12-19 02:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-09 19:27 - 2014-04-02 00:12 - 00000085 _____ C:\WINDOWS\wininit.ini
2015-07-09 18:27 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-04 20:53 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-03 09:49 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-03 09:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-03 09:34 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-02 17:48 - 2015-04-15 13:21 - 00000000 ____D C:\Users\Lynx\AppData\Roaming\foobar2000
2015-06-28 13:52 - 2015-04-04 21:50 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-21 15:37 - 2015-02-14 22:15 - 00000000 ____D C:\Users\Lynx\AppData\Local\Battle.net
2015-06-20 05:02 - 2014-09-24 09:43 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-20 05:02 - 2014-09-24 09:43 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-04-11 23:48 - 2015-04-11 23:48 - 0000000 _____ () C:\Users\Lynx\AppData\Roaming\gdfw.log
2015-04-11 23:48 - 2015-05-14 23:31 - 0001558 _____ () C:\Users\Lynx\AppData\Roaming\gdscan.log
2013-12-19 01:44 - 2013-12-19 11:58 - 0007605 _____ () C:\Users\Lynx\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Lynx\AppData\Local\Temp\Quarantine.exe
C:\Users\Lynx\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-15 13:17

==================== End of log ============================

was genau macht frst? Bzw warum ein log am anfang und am ende? Kann man so eigenartige veränderungen entdecken, selbst wen die scanner nichts direkt finden?

lg
lynx

Warlord711 · 15.07.2015, 12:49

Frst macht in aller erster Linie erstmal nen Logfile, in dem verschiedene Bereiche aufgelistet werden, z.b. Autostart Einträge, Browser Addons, Dienste usw.

Der erste Scan ist erstmal wichtig um zu sehen, was auf dem Rechner los ist, obs nur AdWare ist oder evtl etwas "schlimmeres". Dann geb ich dir ein paar Tools vor die mit den Sachen, die ich 1. Log gesehen habe, klarkommen.

Ich sehe zwar deren Log, aber ich müsste jetzt hingehen und das 1. Log mit den Logs der Tools gegenprüfen, da ist es einfacher, ein weiteres Log zu erstellen und sicherzugehen, das nichts mehr da ist, oder ob ich evtl. manuell noch was löschen muss oder wie jetzt, weitere Untersuchungen anstellen:

Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.

Klicke auf Wählen Sie eine
Kopiere nun folgendes in die Suchleiste
Code:
ATTFilter
```
C:\WINDOWS\system32\3FF2.tmp
         
```
und klicke auf Öffnen.
Klicke auf Scannen!.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen

Zitat:

Diese Datei wurde bereits von VirusTotal analysiert...

klicke auf Neu analysieren.
Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
Kopiere den Link aus deiner Adresszeile und poste ihn hier.

lynx007 · 15.07.2015, 13:35

Ich kann diese Datei irgendwie nicht finden... muss ich irgendetwas an meinen Rechten ändern? Auch "versteckte Dateien" anzeigen hat nichts dahingehend geändert. Wie kann so etwas sein?

Warlord711 · 15.07.2015, 13:43

Versuchen wir mal anders:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

file: C:\WINDOWS\system32\3FF2.tmp

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

lynx007 · 15.07.2015, 16:13

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Lynx at 2015-07-15 17:11:30 Run:1
Running from C:\Users\Lynx\Desktop\Neuer Ordner
Loaded Profiles: Lynx (Available Profiles: Lynx & asdf & GameOne & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
file: C:\WINDOWS\system32\3FF2.tmp

*****************


========================= file: C:\WINDOWS\system32\3FF2.tmp ========================

MD5: 1595FECFFBE9EA2417E06D5FD0BFA4C4
Creation and modification date: 2015-05-10 11:15 - 2009-06-18 12:54
Size: 0006144
Attributes: ----N
Company Name: Sophos Plc
Internal Name: MEMSWEEP
Original Name: MEMSWEEP.SYS
Product Name: Sophos Anti-Virus
Description: Memsweep kernel driver
File Version: 1.0
Product Version: 3 (Build 1501)
Copyright$creamod: © 1989-2005 Sophos Plc, www.sophos.com

====== End of File: ======


==== End of Fixlog 17:11:30 ====

wirkt so als wäre das etwas von sophos übrig geblieben....

Warlord711 · 16.07.2015, 10:27

Ok, das passt.

Der Rechner startet neu nach diesem Fix:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

emptytemp:
reboot:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Der ESET Scan dauert länger, gern ein paar Stunden:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

lynx007 · 23.07.2015, 14:56

Sorry das ich mich solange nicht mehr gemeldet habe. Ich war leider beruflich äußert viel eingespannt.

Also nach dem fixlog gab es wieder son richtig langen Hänger (geschätzte 30 Secunden während ich im chrome browser auf die Seite bin) wo wieder überhaupt nichts ging, selbst der Taskmanger ließ sich nicht mehr nutzen. Kann ich irgendwo sehen welches Programm diese Last verantworktlich ist? Ich komme ja immer erst in den Task wo alles vorbei ist, sprich sie die Auslastung wieder Normalisiert hat.

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Lynx at 2015-07-23 12:57:44 Run:2
Running from C:\Users\Lynx\Desktop\Neuer Ordner
Loaded Profiles: Lynx (Available Profiles: Lynx & asdf & GameOne & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
emptytemp:
reboot:
*****************

EmptyTemp: => 1.2 GB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 12:58:24 ====

Code:

ATTFilter

 Results of screen317's Security Check version 1.004  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
G DATA INTERNET SECURITY   
Windows Defender           
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 45  
 Adobe Flash Player 	18.0.0.209  
 Google Chrome (43.0.2357.132) 
 Google Chrome (43.0.2357.134) 
````````Process Check: objlist.exe by Laurent````````  
 G Data InternetSecurity Firewall GDFwSvcx64.exe 
 G Data InternetSecurity Firewall GDFirewallTray.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

Rest folg gleich....

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b28c7b4785ac0e42b9accd4eadee1777
# end=init
# utc_time=2015-07-23 11:14:33
# local_time=2015-07-23 01:14:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 24941
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b28c7b4785ac0e42b9accd4eadee1777
# end=updated
# utc_time=2015-07-23 11:20:26
# local_time=2015-07-23 01:20:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b28c7b4785ac0e42b9accd4eadee1777
# engine=24941
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-23 01:47:46
# local_time=2015-07-23 03:47:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='G DATA INTERNET SECURITY'
# compatibility_mode=4112 16777213 100 100 10110 13259270 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 8878772 14741658 0 0
# scanned=500993
# found=20
# cleaned=0
# scan_time=8840
sh=105462EABDD91FD6CAC33D8ED148FF5237837591 ft=1 fh=9fa4b0397f843b64 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Lynx\Downloads\7 Zip 64 Bit - CHIP-Installer.exe"
sh=B27183CB13A54C1F9385BA5CC1B4C21238B6AE24 ft=1 fh=a432b168ba030d2d vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Lynx\Downloads\Bitdefender Rootkit Remover - CHIP-Installer.exe"
sh=411741A75BAB1D1E42DC16FCBE0FAA6052FD1509 ft=1 fh=cdaaaea5c59d8073 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Lynx\Downloads\Driver Cleaner PE - CHIP-Installer.exe"
sh=4B6B92B28668CCEC88B6C4247F01B4762F95EED0 ft=1 fh=9822399fd58f623f vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Lynx\Downloads\Exact Audio Copy - CHIP-Installer.exe"
sh=20C27AF2FC1CED67008602E5EA19A854374408BE ft=1 fh=6fe8f8d948716012 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Lynx\Downloads\foobar2000 - CHIP-Installer.exe"
sh=DEECA37ECBC29B4FE52B6124AC375056CE0B5679 ft=1 fh=592ea2345aa0c844 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Lynx\Downloads\HP USB Disk Storage Format Tool - CHIP-Installer.exe"
sh=E3EF76CF075E4A0A5EAE553501964903DD416836 ft=1 fh=3f4b83e780ab58e0 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Lynx\Downloads\lame3.99.5 - CHIP-Installer.exe"
sh=8FF4022A8F80EDC73BEAFC53F6EBC74E310ECA24 ft=1 fh=ef8c7e2b86ae3604 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Lynx\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe"
sh=B80458FEE174E6A9C09E7A40FB5BB65D41E73B38 ft=1 fh=15e839911164d011 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Lynx\Downloads\MemTest - CHIP-Installer(1).exe"
sh=2D56DC2628638B6E07D6FB7F51C3A0B7EC5B996F ft=1 fh=125e159d79c170ee vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Lynx\Downloads\MemTest - CHIP-Installer.exe"
sh=3C20F29D8B7EBF08CC8A41350C413ABCEC65BE71 ft=1 fh=d867060397d7445c vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Lynx\Downloads\Rootkit Unhooker - CHIP-Installer.exe"
sh=2461D82F26DA23BC9593E3C8DF401D3330130171 ft=1 fh=01ec45c8d8e9c6b3 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Lynx\Downloads\Sophos Anti Rootkit - CHIP-Installer.exe"
sh=91A7C4411CFDB4F1AC97F0FAF786027AE27BB84A ft=1 fh=6ff2e91813dee848 vn="Variante von Win32/Systweak evtl. unerwÃ¼nschte Anwendung" ac=I fn="D:\Downloads\dffsetup-wnaspi32.exe"
sh=DFE4642789A3420CF3F4384D619C9E6EC477E50B ft=1 fh=97502ae7147834c8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="D:\Downloads\NeoDownloaderLiteSetup-Downloader.exe"
sh=EDAA06991688065232BC39745B93F371B912AE19 ft=1 fh=ae718b34d6f4c25d vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="D:\Downloads\VLC media player 64 Bit - CHIP-Installer.exe"
sh=981DD6FB832A26ED9A9F9583BA6F2A78F2148B62 ft=1 fh=3e676125774b21b3 vn="Win32/DownloadAdmin.G evtl. unerwÃ¼nschte Anwendung" ac=I fn="D:\Users\Alex\Downloads\cbsidlm-tr1_10a-NCollector_Studio-ORG-75165440.exe"
sh=8068EB4D7B7FCDC91FE23D8EBC325E55A654DDE6 ft=1 fh=aca2fb68c7a53c8e vn="Variante von Win32/SmartFileAdvisor.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="E:\Program Files (x86)\Smart File Advisor\sfa.exe"
sh=A893D4F8C879E48BCC8EF252C92FF6FE51DE5F03 ft=1 fh=7af50601de6215a5 vn="Variante von Win32/SmartFileAdvisor.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="E:\Program Files (x86)\Smart File Advisor\sfa_inst.exe"
sh=DFD5F7A9EA55A9564B60E3FCFE9E7A0138805707 ft=1 fh=1522edb60d2c3866 vn="Variante von Win32/SmartFileAdvisor.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="E:\Users\Alexander Zilka\Downloads\isobuster_all_lang.exe"
sh=F600E6A6A509331CA2E0454D644E6C23AEDAF3EF ft=1 fh=16f27f5df8d80f5e vn="Win32/SpeedUpMyPC evtl. unerwÃ¼nschte Anwendung" ac=I fn="E:\Users\Lynx\Downloads\speedupmypc.exe"

Warlord711 · 24.07.2015, 07:51

Ok, nur noch Setups mit AdWare, vor allem Chip-Adware.

CHIP-Installer - was ist das? - Anleitungen

Hinweis: Registry Cleaner

Ich sehe, dass du sogenannte Registry Cleaner installiert hast.
In deinem Fall E:\Users\Lynx\Downloads\speedupmypc.exe.

Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab.

Der Grund ist ganz einfach:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler.
Zerstörst du die Registry, zerstörst du Windows.

Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich.

Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über

Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)

zu deinstallieren.

Am besten löscht du alles was im ESET Log aufgelistet ist per Hand, vor allem nichts mehr bei Chip downloader, oder zumind. den Alternativen Link ohne AdWare verwenden.

Ansonsten sind die Logs sauber.
Hat sich GData wieder beruhigt oder macht es immer noch Probleme ?

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür

verwende für jede Anwendung und jeden Account ein anderes Passwort
ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist dieses sehr wichtig
speichere keine Passwörter auf deinem PC, gib diese nicht an dritte weiter
ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen
benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster
verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name) haben

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7 / 8 : Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti-Viren-Programm und zusätzlicher Schutz

Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demand Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
AdwCleaner
Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwünschten Programmen (PUPs).
Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt auf den Desktop downloaden.
SpywareBlaster
Eine kurze Einführung findest du Hier
WOT (Web of trust)
Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox

Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
Es spart außerdem Downloadkapazität.

Performance

Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
Miekemoes Blogspot ( MVP )

Was du vermeiden solltest:

Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!

Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen oder Lob, Kritik und Wünsche loswerden?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

lynx007 · 27.07.2015, 13:32

Vielen Dank, werde deine Punkte abarbeiten. Das meiste weiß und befolge ich eigentlich ja schon, manches wie die Cleaner sollte ich ja eigentlich schon Wissen, da haperts meistens nur wieder mit dem Befolgenwen das System aus irgendeinen Grund mal nicht Rund läuft und man in der Panik und Paranoia auf die Idee kommt das System zu reinigen und gar zu beschleunigen.

Bis dahin, hatte heute einen Absturz, was eigentlich nie vorkommt. Hab ein paar Bilder von der Registriy gemacht. Kurze frage, was ist mbchamelion? Harmlos? Wie kann ich den Screenshoots einbinden?

Zu der Frage wegen dem Gdata, Jein, entweder ich habe mich daran gewöhnt oder es ist nicht mehr so schlimm. Aber es "hängt" trotzdem immer weider. Gerade in den Empfohlenen Firefox hatte der Gdate immer richtige hänger gehabt. Ist der IE so schlimm? Ich nutze halt hauptsächlich Chrome. FF habe ich, weil der so langsam war, runtergeworfen, nach fast 20 Jähriger nutzung, hatte ich einfach keine Gedult mehr.

Was haltet ihr von so einem Passwort Safe? Oder könnt ihr mir irgendwelche Tips geben? Sowohl erstellen wie auch Organisieren bereiten mir immer wieder Probleme. Und ich suche gerade da eine Lösung. Nicht alles muss zu 100% sicher sein. Zb Foren und Co... dennoch möchte ich ja nciht jedem alles Mitteilen. Aber gibt es gute Ansätze wie man sich ein Passwort erstellen kann das man sich merken kann, und auf das man immer Zugriff hat. Aber ich bin auch keine Geheimdienster und ich kann mir auch nicht so gut passwörter merken. Gerade wen man unterwegs ist und man muss ich irgendwo einloggen und man weiß das passwort nicht, kann das schnell sehr störend sein.

Zitat:

defogger_enable by jpshortstuff (23.02.10.1)
Log created at 15:00 on 27/07/2015 (Lynx)

Parsing file...

-=E.O.F=-

Code:

ATTFilter

# DelFix v1.010 - Datei am 27/07/2015 um 15:04:02 erstellt
# Aktualisiert am 26/04/2015 von Xplode
# Benutzer : Lynx - BÜRO1
# Betriebssystem : Windows 8.1 Pro  (64 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\RegBackup
Gelöscht : C:\Users\Lynx\Desktop\LOGIN JOBS.txt
Gelöscht : C:\Users\Lynx\Desktop\SecurityCheck.exe
Gelöscht : C:\Users\Lynx\Downloads\esetsmartinstaller_deu.exe
Gelöscht : HKLM\SOFTWARE\AdwCleaner

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #37 [Removed Dual-Core Optimizer | 07/09/2015 17:15:18]
Gelöscht : RP #38 [Geplanter Prüfpunkt | 07/19/2015 20:00:36]
Gelöscht : RP #39 [Geplanter Prüfpunkt | 07/27/2015 11:28:49]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########

Warlord711 · 28.07.2015, 07:42

mbchamelion gehört zu Malwarebytes.

Zur Performance von GData kann ich keine Aussage treffen, hab ich nie genutzt.

Keepass ist ganz gut, um Passwörter zu verwalten/erstellen, besitzt auch so nette Features wie "URL aufrufen" und "automatisches ausfüllen" von Anmeldefeldern.

Gdata geht auf 100% PC friert für Minuten ein

Plagegeister aller Art und deren Bekämpfung: Gdata geht auf 100% PC friert für Minuten ein