| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.03.2016, 22:16
| #1 |
 |  Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht Hallo, heute fiel mir auf, dass AntiVir nicht mehr in der Taskleiste war. Manuell war es auch nicht zu starten. Ich habe mir dann die aktuellste Version herunter geladen, konnte diese aber nicht installieren. Statt einer Fehlermeldung passierte einfach gar nichts. Auch ein Rechtsklick und starten per "Administrator" brachte keinen Erfolg. Habe das vorhandene AntiVir dann deinstalliert und nach einem Neustart versucht zu installieren. Gleiches Spiel. Danach habe ich es mit AVG versucht. Auch hier keine Installation möglich. Fehlermeldung: Setup Extractor: Zugriff verweigert. Malwarebytes Anti-Malware konnte ich zwar installieren, aber erst nachdem ich während der Installation den Ordner c:\ProgrammData\Malwarebytes manuell per Klick "freigeben" musste. Vorher war der Zugriff verweigert. Da ich ähnliche Fälle im Netz gefunden habe, vermute ich einen Befall und hoffe auf Hilfe von euch. Hier schon mal die Log-Files von FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von shag (Administrator) auf SHAG-PC (11-03-2016 21:55:34)
Gestartet von C:\Users\shag\Desktop
Geladene Profile: shag (Verfügbare Profile: shag & Coco)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) D:\Program Files (x86)\iRacing\iRacingService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Thrustmaster®) D:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(IvoSoft) C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.exe
() C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7512680 2011-10-25] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-09] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\clientmon.exe" [X]
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {6734fc30-9002-11e2-851a-8c89a5c2e538} - K:\setup.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {ccf4559d-4ca0-11e4-b1b1-8c89a5c2e538} - K:\setup.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {ddc22528-591b-11e3-8b61-8c89a5c2e538} - L:\ting.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-30] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
IFEO\AvastSvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\AvastUI.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avcenter.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avconfig.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgidsagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgrsx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.ServiceHost.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.Systray.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.SystrayStartTrigger.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avp.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\bdagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\blindman.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ccuac.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ComboFix.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\egui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\gsam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\hijackthis.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\instup.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\keyscrambler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbampt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamservice.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mcapexe.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mcuicnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MSASCui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MsMpEng.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\msseces.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\rstrui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDFiles.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDMain.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDWinSec.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\spybotsd.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\update.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\wireshark.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\zlclient.exe: [Debugger] C:\Windows\System32\svchost.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-05-31]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\shag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-03-11]
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{64956C90-8573-4570-AE9E-9C6059173262}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH)
FireFox:
========
FF ProfilePath: C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Session Restore: -> ist aktiviert.
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\shag\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @talk.google.com/O1DPlugin -> C:\Users\shag\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @tools.google.com/Google Update;version=3 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @tools.google.com/Google Update;version=9 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF user.js: detected! => C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\user.js [2009-08-30]
FF Plugin ProgramFiles/Appdata: C:\Users\shag\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\shag\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\searchplugins\icqplugin.xml [2016-03-09]
FF Extension: Avira Browser Safety - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\abs@avira.com [2016-02-19]
FF Extension: leethax.net extension - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\leethax@leethax.net.xpi [2014-02-08] [ist nicht signiert]
FF Extension: Move Media Player - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\moveplayer@movenetworks.com [2013-03-18] [ist nicht signiert]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-03-18] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-15] [ist nicht signiert]
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR Profile: C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-27]
CHR Extension: (Google Docs) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-27]
CHR Extension: (Google Drive) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-27]
CHR Extension: (Google-Suche) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Tabellen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-27]
CHR Extension: (Avira Browserschutz) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-07]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-27]
CHR Extension: (Google Mail) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-27]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]
S3 GalaxyClientService; D:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-11-13] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7220792 2016-02-11] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-09] (NVIDIA Corporation)
R2 iRacingService; D:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-12] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-09] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-09] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-28] (Electronic Arts)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145736 2013-08-15] (Nuance Communications, Inc.)
R2 tmInstall; d:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [45296 2014-07-22] (Thrustmaster®)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]
S2 MBAMService; "C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2013-12-19] (Advanced Micro Devices) [Datei ist nicht signiert]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2016-02-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 cancel; C:\Program Files (x86)\MSI\Super-Charger\cancel_64.sys [16184 2010-05-21] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-05] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [37248 2012-05-22] (Abelssoft GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [34528 2013-05-16] (Windows (R) Win 7 DDK provider)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-10-05] (Duplex Secure Ltd.)
S3 tmhidusb; C:\Windows\System32\DRIVERS\tmhidusb.sys [166640 2014-07-22] (Thrustmaster)
R2 zntport64; C:\EuCaSoft\zntport64.sys [13880 2007-12-22] (Zeal SoftStudio)
U3 ausi091m; C:\Windows\System32\Drivers\ausi091m.sys [0 ] (Advanced Micro Devices) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 cpuz130; \??\C:\Users\shag\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 NTIOLib_1_0_4; \??\d:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\J:\NTIOLib_X64.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-03-11 21:55 - 2016-03-11 21:55 - 00024206 _____ C:\Users\shag\Desktop\FRST.txt
2016-03-11 21:55 - 2016-03-11 21:42 - 02374144 _____ (Farbar) C:\Users\shag\Desktop\FRST64.exe
2016-03-11 21:53 - 2016-03-11 21:55 - 00000000 ____D C:\FRST
2016-03-11 21:32 - 2016-03-11 21:32 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-03-11 21:32 - 2016-03-11 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-03-11 21:31 - 2016-03-11 21:32 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-03-11 21:31 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-11 21:31 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-11 21:31 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-11 21:20 - 2016-03-11 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-05 12:03 - 2016-03-05 12:03 - 00000000 ____D C:\Users\shag\AppData\Roaming\cerasus.media
2016-03-01 21:22 - 2016-03-01 16:25 - 03793920 _____ (IvoSoft) C:\Windows\SysWOW64\clientmon.exe
2016-03-01 21:12 - 2016-03-11 21:36 - 00003362 _____ C:\Windows\System32\Tasks\Search Filter Host
2016-03-01 21:12 - 2016-03-01 21:12 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Lazy Bear Games
2016-03-01 21:11 - 2016-03-11 21:47 - 00000000 ____D C:\Users\shag\AppData\Local\IIIQF
2016-03-01 21:11 - 2016-03-11 21:47 - 00000000 ____D C:\ProgramData\~0
2016-03-01 21:11 - 2016-03-01 21:11 - 00000006 ____S C:\ProgramData\cfc4764f3bbfae7c2c155456e0ae08a61242b9ff
2016-03-01 21:11 - 2016-03-01 21:11 - 00000000 _RSHD C:\ProgramData\274435
2016-03-01 21:11 - 2016-03-01 21:11 - 00000000 _RSHD C:\ProgramData\274335
2016-03-01 21:11 - 2016-03-01 21:11 - 00000000 ____D C:\Users\shag\AppData\Roaming\Windows
2016-03-01 21:11 - 2016-03-01 21:11 - 00000000 ____D C:\ProgramData\mia2477.tmp
2016-03-01 19:55 - 2016-03-01 19:55 - 00000000 ____D C:\ProgramData\dbdata
2016-02-29 20:27 - 2016-02-29 22:37 - 00000000 ____D C:\Users\shag\AppData\Roaming\Factorio
2016-02-29 20:26 - 2016-02-29 20:26 - 00000936 _____ C:\Users\shag\Desktop\Factorio v0.9.8.lnk
2016-02-25 08:09 - 2016-02-25 08:09 - 00000801 _____ C:\Users\Public\Desktop\Passbild-Generator.lnk
2016-02-25 08:09 - 2016-02-25 08:09 - 00000000 ____D C:\Users\shag\AppData\Local\_3_
2016-02-25 08:09 - 2016-02-25 08:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passbild-Generator
2016-02-23 21:02 - 2016-02-23 21:02 - 00000000 _____ C:\Windows\SysWOW64\RENF24A.tmp
2016-02-23 21:01 - 2016-02-23 20:59 - 00110176 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2016-02-23 20:59 - 2016-02-23 21:01 - 00000000 ____D C:\Users\shag\.oracle_jre_usage
2016-02-23 20:59 - 2016-02-23 20:59 - 00000000 ____D C:\Users\shag\AppData\Roaming\Sun
2016-02-23 20:58 - 2016-02-23 20:58 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Oracle
2016-02-23 20:17 - 2016-02-23 21:09 - 00000000 ____D C:\Users\shag\.litwrl
2016-02-21 11:59 - 2016-02-21 11:59 - 00000000 ____D C:\Users\shag\Documents\DyingLight
2016-02-19 18:50 - 2016-02-19 18:50 - 00000000 ____D C:\Users\shag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-12 16:22 - 2016-02-12 16:22 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Google
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-03-11 21:50 - 2013-08-25 19:14 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
2016-03-11 21:49 - 2014-11-23 19:32 - 00000000 ____D C:\Users\shag\AppData\Local\My Games
2016-03-11 21:49 - 2013-03-30 23:41 - 00000000 ____D C:\Users\shag\Documents\My Games
2016-03-11 21:49 - 2013-03-18 19:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-11 21:48 - 2015-12-30 20:54 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-11 21:47 - 2015-09-30 22:11 - 00000000 ____D C:\Users\shag\AppData\Roaming\Atari
2016-03-11 21:46 - 2015-03-13 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-03-11 21:46 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-11 21:43 - 2009-07-14 05:45 - 00022848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-11 21:43 - 2009-07-14 05:45 - 00022848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-11 21:42 - 2009-07-14 18:58 - 00699416 _____ C:\Windows\system32\perfh007.dat
2016-03-11 21:42 - 2009-07-14 18:58 - 00149556 _____ C:\Windows\system32\perfc007.dat
2016-03-11 21:42 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-11 21:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-11 21:41 - 2013-05-14 20:49 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-11 21:36 - 2013-05-14 20:49 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-11 21:35 - 2013-03-18 19:28 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-11 21:35 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-11 21:30 - 2014-07-25 20:28 - 00242786 _____ C:\Windows\ntbtlog.txt
2016-03-11 21:18 - 2016-01-03 15:42 - 00000000 ____D C:\Users\shag\AppData\Local\CrashDumps
2016-03-11 21:17 - 2013-03-18 19:16 - 00000000 ____D C:\Users\shag
2016-03-11 21:10 - 2015-10-03 09:12 - 00000000 ____D C:\Users\Coco
2016-03-11 21:10 - 2015-06-10 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-03-11 21:10 - 2015-05-15 10:42 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-11 21:10 - 2014-10-05 15:49 - 00000000 ____D C:\Users\shag\AppData\Roaming\FreeArc
2016-03-11 21:10 - 2014-08-07 21:41 - 00000000 ____D C:\Users\Besuch
2016-03-11 21:10 - 2014-07-27 20:34 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-11 21:10 - 2014-02-10 20:00 - 00000000 ____D C:\Users\shag\AppData\Roaming\Battle.net
2016-03-11 21:10 - 2013-03-21 22:46 - 00000000 ____D C:\Users\shag\AppData\Roaming\vlc
2016-03-11 21:10 - 2013-03-18 20:25 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\ProgramData\Avira
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\Program Files (x86)\Avira
2016-03-11 21:10 - 2009-07-14 19:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-11 21:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-03-11 20:27 - 2013-03-19 20:07 - 00000000 ____D C:\Users\shag\AppData\Roaming\UseNeXT
2016-03-11 20:21 - 2014-02-10 20:00 - 00000000 ____D C:\Users\shag\AppData\Local\Battle.net
2016-03-11 13:20 - 2015-11-15 18:24 - 00033792 _____ C:\Users\shag\Desktop\Finanzen.xls
2016-03-08 16:41 - 2015-11-20 18:45 - 00000000 ____D C:\Users\shag\.gimp-2.8
2016-03-02 18:57 - 2013-04-18 20:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-02 18:05 - 2015-06-19 16:54 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
2016-03-01 19:50 - 2013-08-25 19:14 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
2016-03-01 19:10 - 2013-03-18 20:30 - 00000000 ___RD C:\Users\shag\Dropbox
2016-03-01 19:10 - 2013-03-18 20:29 - 00000000 ____D C:\Users\shag\AppData\Roaming\Dropbox
2016-02-28 10:10 - 2013-05-02 20:29 - 00000000 ____D C:\ProgramData\Origin
2016-02-25 12:05 - 2015-06-19 16:54 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
2016-02-25 08:15 - 2015-10-15 19:41 - 00013405 _____ C:\Windows\BRRBCOM.INI
2016-02-24 16:09 - 2015-11-09 18:52 - 00000498 _____ C:\Users\shag\Desktop\Coco.txt
2016-02-23 21:03 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Oracle
2016-02-23 21:02 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-02-23 21:02 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-23 21:02 - 2013-09-03 20:26 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-23 21:02 - 2013-03-18 20:28 - 00000000 ____D C:\Program Files\Java
2016-02-23 20:59 - 2015-03-13 18:22 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-02-21 11:57 - 2015-12-06 19:16 - 00000000 ____D C:\Users\shag\Desktop\Spiele
2016-02-21 11:44 - 2014-12-05 21:30 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-21 11:44 - 2014-12-05 21:30 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-18 10:22 - 2013-07-24 17:53 - 00000000 ____D C:\ProgramData\Battle.net
2016-02-18 08:09 - 2013-04-02 21:33 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-02-15 21:54 - 2015-01-12 18:27 - 00000000 ____D C:\Users\shag\AppData\Roaming\Mp3tag
2016-02-10 23:35 - 2016-02-07 20:19 - 00000000 ____D C:\Users\shag\Documents\StarCraft II
2016-02-10 20:57 - 2013-04-18 20:08 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-10 20:57 - 2013-03-18 20:25 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-10 20:57 - 2013-03-18 20:25 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-10 19:45 - 2013-08-25 19:14 - 00004084 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA
2016-02-10 19:45 - 2013-08-25 19:14 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-10-14 03:44 - 2013-10-14 03:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2015-06-10 22:13 - 2015-08-24 19:58 - 0007859 _____ () C:\Users\shag\AppData\Roaming\pcouffin.cat
2015-06-10 22:13 - 2015-08-24 19:58 - 0001167 _____ () C:\Users\shag\AppData\Roaming\pcouffin.inf
2015-06-10 22:13 - 2015-08-24 19:58 - 0000055 _____ () C:\Users\shag\AppData\Roaming\pcouffin.log
2014-10-05 15:03 - 2014-10-05 15:03 - 0004096 _____ (Microsoft) C:\Users\shag\AppData\Roaming\Microsoft\1.exe
2014-10-05 15:01 - 2014-11-23 18:21 - 0004096 _____ (Microsoft) C:\Users\shag\AppData\Roaming\Microsoft\Setupx.exe
2014-10-05 15:05 - 2014-10-05 15:10 - 0004096 _____ (Microsoft) C:\Users\shag\AppData\Roaming\Microsoft\svchost.exe
2013-06-04 20:34 - 2015-06-13 17:45 - 0014848 _____ () C:\Users\shag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-02 16:18 - 2015-06-02 16:21 - 0585728 _____ () C:\Users\shag\AppData\Local\file__0.localstorage
2015-11-20 18:47 - 2015-11-20 18:47 - 0000819 _____ () C:\Users\shag\AppData\Local\recently-used.xbel
2013-03-18 19:55 - 2015-05-27 19:39 - 0007649 _____ () C:\Users\shag\AppData\Local\resmon.resmoncfg
2016-03-01 21:11 - 2016-03-01 21:11 - 0000006 ____S () C:\ProgramData\cfc4764f3bbfae7c2c155456e0ae08a61242b9ff
Einige Dateien in TEMP:
====================
C:\Users\Besuch\AppData\Local\Temp\avgnt.exe
C:\Users\Coco\AppData\Local\Temp\avgnt.exe
C:\Users\shag\AppData\Local\Temp\avgnt.exe
C:\Users\shag\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl1ceez.dll
C:\Users\shag\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\shag\AppData\Local\Temp\nvStInst.exe
C:\Users\shag\AppData\Local\Temp\rldfw32_s18g.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s1hc.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s25k.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s2dg.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s2t0.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s3hs.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s5r0.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s6d8.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s6lg.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s6os.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s90.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_sl4.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s1ak.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s3lo.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s3rk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s4gk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s4lc.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s57o.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s58o.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s5kk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s5qk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s5ss.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s6gk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s6og.dll
C:\Users\shag\AppData\Local\Temp\svhost.exe
C:\Users\shag\AppData\Local\Temp\_is3AAF.exe
C:\Users\shag\AppData\Local\Temp\_is4481.exe
C:\Users\shag\AppData\Local\Temp\_isA517.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-03-01 12:59
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von shag (2016-03-11 21:55:50)
Gestartet von C:\Users\shag\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-03-18 18:16:49)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2443269024-3109390385-3364977999-500 - Administrator - Disabled)
Coco (S-1-5-21-2443269024-3109390385-3364977999-1008 - Administrator - Enabled) => C:\Users\Coco
Gast (S-1-5-21-2443269024-3109390385-3364977999-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2443269024-3109390385-3364977999-1004 - Limited - Enabled)
shag (S-1-5-21-2443269024-3109390385-3364977999-1000 - Administrator - Enabled) => C:\Users\shag
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Age of Conan: Hyborian Adventures (HKLM-x32\...\Age of Conan_is1) (Version: - Funcom)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: - Gameforge)
Anno 2205 (HKLM-x32\...\Uplay Install 1253) (Version: - Ubisoft)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Photo Commander 10 v.10.0.1 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.0.1 - Ashampoo GmbH & Co. KG)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2002861294.48.56.34082026 - Audible, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.141 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BDE Information Utility (HKLM-x32\...\BDE Information Utility) (Version: - InterBase Installation Info (and BDE Information Utility))
Blender (HKLM\...\{BBE9D9F0-3F77-4E26-9E10-1AFB56D41363}) (Version: 2.76.0 - Blender Foundation)
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J5320DW (HKLM-x32\...\{7FC49664-DAA4-4E7C-ADD0-614ABB43691B}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.20.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.4.0.0377 - Disc Soft Ltd)
Darkest Dungeon (HKLM-x32\...\Darkest Dungeon_is1) (Version: - )
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
DVDFab 9.0.6.3 (09/09/2013) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.2.17437 - Landesfinanzdirektion Thüringen)
ElsterFormular 2006/2007 (HKLM-x32\...\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}) (Version: 8.2.1.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2007/2008 (HKLM-x32\...\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}) (Version: 9.2.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2008/2009 (HKLM-x32\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.0.0.0 - Steuerverwaltung des Bundes und der Länder)
EuCaSoft 4.4.0.4377 (HKLM-x32\...\EuCaSoft_is1) (Version: - itas GmbH)
FFB Racing Wheel drivers (HKLM-x32\...\{28B758EA-5C83-48B1-B352-C70F12C73F5A}) (Version: 3.TTRS.2014 - Thrustmaster)
FreeArc 0.666 (HKLM-x32\...\FreeArc) (Version: 0.666 - Bulat Ziganshin)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge)
Geeks3D FurMark 1.13.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0512 - iRacing.com Motorsport Simulations)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java SE Development Kit 7 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Java SE Development Kit 8 Update 73 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180730}) (Version: 8.0.730.2 - Oracle Corporation)
JetDrive (HKLM-x32\...\JetDrive_is1) (Version: 6.11 - Abelssoft)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version: - Nadeo)
MechWarrior Online (HKLM-x32\...\{9f17023b-d04f-432b-b08a-3bb4c3a7ed3c}) (Version: 1.6.0.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.6.1.0 - Piranha Games Inc.) Hidden
MediaCoder x64 0.8.19.5372 (HKLM\...\MediaCoder x64) (Version: 0.8.19.5372 - Broad Intelligence)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mosaizer Pro v12.0 (HKLM-x32\...\Mosaizer Pro_is1) (Version: 12.0 - APP Helmond)
Mozilla Firefox 19.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 19.0.2 (x86 de)) (Version: 19.0.2 - Mozilla)
Mozilla Firefox 44.0.2 (x86 de) (HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 19.0.2 - Mozilla)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Next Car Game Free Technology Demo (HKLM-x32\...\Next Car Game Free Technology Demo) (Version: - Bugbear Entertainment)
NoLimits 2 Demo (remove only) (HKLM\...\NoLimits 2 Demo) (Version: - )
NoLimits Coasters 1.8 (remove only) (HKLM-x32\...\NoLimits Coasters full) (Version: - )
Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Treiber 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Passbild-Generator v4.0a (HKLM-x32\...\Passbild-Generator_is1) (Version: - Passbild-Generator)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Railroad Tycoon 3 (HKLM-x32\...\{DE29025A-091F-4998-AD2D-24C84421190F}) (Version: 1.0 - )
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version: - ) Hidden
Sentinel System Driver Installer 7.5.1 (HKLM-x32\...\{BF9E346B-5ECE-4A18-9510-55729FD08323}) (Version: 7.5.1 - SafeNet, Inc.)
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Spintires RIP MULTI18 (HKLM-x32\...\U3BpbnRpcmVz_is1) (Version: 1 - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.0.115 - MSI)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.43148 - TeamViewer)
The Witcher 3: Wild Hunt - Alternative Look for Ciri (HKLM-x32\...\Alternative Look for Ciri_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Alternative Look for Triss (HKLM-x32\...\Alternative Look for Triss_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Alternative Look for Yennefer (HKLM-x32\...\Alternative Look for Yennefer_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Ballad Heroes - Neutral Gwent Card Set (HKLM-x32\...\Ballad Heroes - Neutral Gwent Card Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Elite Crossbow Set (HKLM-x32\...\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Finisher Animations (HKLM-x32\...\New Finisher Animations_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract - Skellige's Most Wanted (HKLM-x32\...\New Quest - Contract: Skellige's Most Wanted_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Fool's Gold (HKLM-x32\...\New Quest - Fool's Gold_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Scavenger Hunt - Wolf School Gear (HKLM-x32\...\New Quest - Scavenger Hunt: Wolf School Gear_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Where the Cat and Wolf Play... (HKLM-x32\...\New Quest - Where the Cat and Wolf Play..._is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Nilfgaardian Armor Set (HKLM-x32\...\Nilfgaardian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Skellige Armor Set (HKLM-x32\...\Skellige Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Voodoo Chronicles (HKLM-x32\...\{947E7026-E000-4159-86BC-6B9855EC4517}) (Version: 1.00.0000 - PurpleHills)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.3.0.18 - VSO Software)
War Thunder Launcher 1.0.1.278 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - 2013 Gaijin Entertainment Corporation)
WhiteCap (HKLM-x32\...\WhiteCap) (Version: 6.4.1 - SoundSpectrum)
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.116 - MSI)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.7.3.20131014 - Xilisoft)
XMedia Recode Version 3.1.7.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.8 - XMedia Recode)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> d:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {2DDE40A1-B5C9-4E30-B49A-056A855363D0} - System32\Tasks\Search Filter Host => C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.exe [2016-03-01] (IvoSoft)
Task: {5CDC7D13-A92F-4C6A-9037-DFA121DFEAA2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {6167180D-AC7E-4C68-8CC9-023DBC147E37} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {6EB11A62-09BE-4E9B-83D4-6A882DE1ED34} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {8497BBEE-475E-4265-AAA8-F224139C7BA0} - System32\Tasks\Super Charger => C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe [2011-07-06] (MSI)
Task: {C5C53FF5-B82F-4F17-AE3C-81D0F93E55D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DB2708DA-72B3-456B-A231-CAA7741EFF08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {DBCDFCAF-D9E9-40F1-AF62-1F1C50B250EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {E4737B22-8F2C-4315-9743-9053915C8DBA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {EC19B7C3-4AAF-4DEF-9968-077FFE35F30A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {EC4FE598-9EC1-4664-A6F2-59D0338E59D0} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {F854E768-B92F-45F6-9F15-D807D339052F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-07-30 10:04 - 2015-12-16 15:53 - 00126072 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-30 20:54 - 2015-12-09 02:52 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-10-15 19:40 - 2005-04-22 05:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2013-05-31 20:12 - 2015-02-10 14:08 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
2013-03-18 19:24 - 2011-11-10 18:01 - 00506384 _____ () C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
2015-05-15 09:45 - 2015-12-09 02:53 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-05-31 20:12 - 2015-02-18 13:11 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2014-08-17 13:48 - 00001055 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 acdid.acdsystems.com
127.0.0.1 activate.adobe.com
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\shag\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupreg: Super-Charger => C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{6B1F38FA-F6F9-4ABD-B206-E8C90B977830}] => (Allow) C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B7325FFE-3ADA-4DA1-9DE8-3A2DCA7F5A3B}] => (Allow) C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{07D86DA9-61A3-47CB-B1A6-0513D4F06B65}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FDD9CBBE-0ABD-4667-9596-44E879C79778}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{86E3BE82-CA85-440E-B4B2-B2664B446D92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{11DDDDE2-F308-40AF-8D9D-0E2072E70150}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3163EBD-DDB7-4275-AC6D-8C732590173F}] => (Block) %ProgramFiles% (x86)\SQUARE ENIX\Tombraider\TombRaider.exe
FirewallRules: [TCP Query User{73C838EF-603A-4CF2-A23E-2041E1CFCD82}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{E71ACD03-DA48-431D-949F-BF986E2AC015}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [{4BBC53DD-4D5D-4C50-B909-22E10583A056}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{469D4751-7DFA-4A7C-B361-434CEB6A5A81}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{5BB1082F-2E2D-4EE6-944B-DC344AA5B470}C:\eucasoft\meta.exe] => (Allow) C:\eucasoft\meta.exe
FirewallRules: [UDP Query User{A2668BF5-70B4-4A1E-BDF8-5AB545E14AD3}C:\eucasoft\meta.exe] => (Allow) C:\eucasoft\meta.exe
FirewallRules: [TCP Query User{E3CEC154-48F6-4462-86A3-FA11B8C6E49A}C:\eucasoft\eucasoft.exe] => (Allow) C:\eucasoft\eucasoft.exe
FirewallRules: [UDP Query User{6ABB59E9-B8AC-4332-BD91-82B6FA02BCBC}C:\eucasoft\eucasoft.exe] => (Allow) C:\eucasoft\eucasoft.exe
FirewallRules: [TCP Query User{C38681B1-F9C5-4091-9454-BB9C91B9C217}C:\eucasoft\eucaprn.exe] => (Allow) C:\eucasoft\eucaprn.exe
FirewallRules: [UDP Query User{B68FAD45-EBB9-418D-9418-289EC845D24E}C:\eucasoft\eucaprn.exe] => (Allow) C:\eucasoft\eucaprn.exe
FirewallRules: [TCP Query User{3DC74B91-28FD-420E-AD76-7684D5631DE6}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [UDP Query User{E199CF05-61AE-482C-ADCD-46BC0D125AF6}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [TCP Query User{36345DBD-FF4D-463E-947F-2FB5E8F97CE1}E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe] => (Block) E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe
FirewallRules: [UDP Query User{3C8D0343-259F-44B4-9BF4-9116E1EDCF55}E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe] => (Block) E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe
FirewallRules: [TCP Query User{4A3487F5-0DF9-465C-859C-B2E3CB28767D}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{D243A6A0-89AA-47B7-8C5F-EE81A220C3CB}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{D746F088-F43E-4AD9-9FD0-782FFFF44266}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{C1409997-93DC-4B19-8C85-BE34ADE9EC79}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{BB497C68-00F8-4212-B457-64BD9CE73233}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{8D7CAD06-081F-4293-9AFA-A574B67C0766}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{68094F16-F5E3-4BFE-B7E7-0086A112EDFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1D18F698-41EF-4FF1-B72D-D7D764974717}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CF8BFAAF-E0E6-4FBE-9260-2B26188DFB50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{697C2CFB-27E5-4A1B-83B2-D908CF8D0F1F}D:\program files (x86)\rayman legends\rayman legends.exe] => (Block) D:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{4415CC36-28EC-477F-8CA5-84335AD7A691}D:\program files (x86)\rayman legends\rayman legends.exe] => (Block) D:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [{E3D7CB83-5E5C-47E5-8FE7-0E543DEF0773}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{763A8944-677E-40D8-A3BF-36F032CAE895}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DC6F0895-BCFA-477C-8FAA-6D8FAE970845}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{2527224D-47C0-479D-A667-612AF086AD65}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [TCP Query User{D6BCEDD8-4D78-4A28-8B5E-6D6A755083BE}D:\program files (x86)\warthunder\aces.exe] => (Allow) D:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{018EDE3C-20A5-4DEC-83DC-A0F4035CA4F3}D:\program files (x86)\warthunder\aces.exe] => (Allow) D:\program files (x86)\warthunder\aces.exe
FirewallRules: [{E89F95BB-3F00-4592-BF46-D7A0247E3238}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A453AEC4-A7B7-4DA7-B840-7087754DDBF5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AD67C548-8E7C-40B0-A74F-BA65ACD252C3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rush\rush.exe
FirewallRules: [{1B6D63C6-DF1F-46D9-944A-4534CF00CE52}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rush\rush.exe
FirewallRules: [{90FC0048-BB3C-42A3-838C-93D2305165A5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{D2515F04-7392-4710-8C0B-11C44D9D5051}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{7EAC378D-BC60-44E4-8D20-97726450695B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{CA140986-66FC-4FD1-BD7B-4C731BA13B0D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{E6B3BB6E-1BC0-4659-A1C4-0E907310097A}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A5024DE2-F094-4A6B-B3CE-205B577386AF}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{928EC490-B5EE-4BC5-B83D-0877319F5188}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{18A7466B-1BA1-4EBA-8E1D-2AF3988F32B8}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{596BBFE3-EC8B-41A2-896B-BFC6212DD615}] => (Allow) D:\Program Files (x86)\OriginGames\Dead Space\Dead Space.exe
FirewallRules: [{482F736C-0431-441B-892B-ADD6495FE0B5}] => (Allow) D:\Program Files (x86)\OriginGames\Dead Space\Dead Space.exe
FirewallRules: [TCP Query User{3AC563F9-56E0-4D00-AA38-E94904A971D9}D:\program files (x86)\valve\portal 2\portal2.exe] => (Block) D:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [UDP Query User{CE925544-FD60-47B6-9BB2-776A0331FDBA}D:\program files (x86)\valve\portal 2\portal2.exe] => (Block) D:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [TCP Query User{5B653E1C-7A11-48EC-9DBE-A5A6CB0BE297}D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{CFFFAA87-8C93-421C-9379-BEC740574581}D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [TCP Query User{6F9B727C-9EFD-4404-AA37-4AD93A12B836}D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe
FirewallRules: [UDP Query User{C2D99373-F636-44F6-95F8-91527CB4F5C9}D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe
FirewallRules: [TCP Query User{C542631D-D296-4DD5-A464-85B3CB755448}D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe] => (Block) D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe
FirewallRules: [UDP Query User{3EE0E562-25EE-4679-B1F2-206503432AD1}D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe] => (Block) D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe
FirewallRules: [TCP Query User{B78239F5-94BD-4F90-9F9B-BBE7B1F4F294}D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [UDP Query User{BAB1384F-46C8-4EA3-8AE8-F8FDC3DC2678}D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [{6A8DAA67-50D6-4693-9A05-E987BE0BC205}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{F1084AB7-A049-4C1E-A87E-69EA97D45F5A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [TCP Query User{10A90911-6943-486F-B637-EBF581F06F38}D:\program files (x86)\tera\tera-launcher.exe] => (Allow) D:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [UDP Query User{578E97A2-CE4F-4099-B0C8-66F332017191}D:\program files (x86)\tera\tera-launcher.exe] => (Allow) D:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [{66D14BBE-0EA6-415C-9ECD-21364CA004B2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{3E85FEBD-4AEB-45AF-BDAC-E6C9F4F5702D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{69287390-3691-457C-A38B-CC9337E9E2A5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{E7240E72-D750-43AC-91CA-09B8B47924DF}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{5FC65538-FA6D-49E2-89F9-6FCDEE0078BD}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{1D9830DA-43E2-45B8-BC15-4DB65EB7890C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{F600BCAF-ADBB-4F5D-B30B-9316781C151B}C:\users\shag\appdata\local\temp\gw2.exe] => (Allow) C:\users\shag\appdata\local\temp\gw2.exe
FirewallRules: [UDP Query User{41FA0A67-7849-47E9-8705-46E3EE198D57}C:\users\shag\appdata\local\temp\gw2.exe] => (Allow) C:\users\shag\appdata\local\temp\gw2.exe
FirewallRules: [TCP Query User{A3884C3A-1703-41EC-ABE3-45DD9E7CE962}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{78536A0E-367B-49EF-BC0A-2FA83E57D071}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{0F3E8BC1-14C2-481A-98AB-B244B4F084C5}D:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) D:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{BA93D511-5C13-403C-BFB6-40893AF03417}D:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) D:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [{EBFA0E67-670C-4DF3-A88E-B4A8DDF8AA98}] => (Allow) D:\Program Files (x86)\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [{C269B6F7-1883-40EB-B878-9EF8A9EB172E}] => (Allow) D:\Program Files (x86)\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [TCP Query User{D889D8F7-55CC-445A-8E3E-C0B52B5CDF93}D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Block) D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [UDP Query User{46EE6606-D08C-4C75-ACF2-6CEB161D465F}D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Block) D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [TCP Query User{52DC2877-88F2-42CC-A0CA-E3979AC92D06}D:\program files (x86)\ubisoft\driver san francisco\driver.exe] => (Block) D:\program files (x86)\ubisoft\driver san francisco\driver.exe
FirewallRules: [UDP Query User{4B4DB25B-416E-4147-A842-D107757F7375}D:\program files (x86)\ubisoft\driver san francisco\driver.exe] => (Block) D:\program files (x86)\ubisoft\driver san francisco\driver.exe
FirewallRules: [TCP Query User{65ADDC17-D41E-43CF-8F91-0D1A5E64D260}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [UDP Query User{4FCCBC6A-ECB2-4D49-A0C7-06AA70EDCD31}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [TCP Query User{4727CA4A-F3CF-4D4C-BE94-77013DB3E561}D:\gog games\oddworld - new 'n' tasty\nnt.exe] => (Block) D:\gog games\oddworld - new 'n' tasty\nnt.exe
FirewallRules: [UDP Query User{16F3CC54-81C2-4D68-AC5B-A5F110F39B09}D:\gog games\oddworld - new 'n' tasty\nnt.exe] => (Block) D:\gog games\oddworld - new 'n' tasty\nnt.exe
FirewallRules: [{1EDBCBD6-77FE-4354-AFC1-82B6EEF9C166}] => (Allow) d:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{E95D1DBC-A572-4898-977A-09355E2080D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B6D7FDC2-79E5-443F-B573-ADBE5AE02395}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CC4C363A-92C1-483D-A1F8-D8D10344E52C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{09E746F3-3FA8-46A1-8D39-D2FAA689C686}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{20DEB04C-991B-4CE0-BF6E-832CFE776471}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{318028F5-A87E-4579-9378-43E2C20672BB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{2E5D2FF7-7055-42A5-BA32-6F6F01B54240}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{AA87FFA5-9C61-4FAA-8885-C7C06558CA9F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{F99BA5FE-DD38-41F4-A72E-CE7D43AD47E6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{CBF93050-29C7-4CAA-9A0D-5ED1DD81E6EB}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{52E17C41-63A9-4BE2-8174-4167278F4903}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3BEA036E-82D0-4D77-920E-8482907A261F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{5EA49FF2-A58C-43FF-A927-0A95BC6FCD49}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{60D3597B-38BF-4726-B37B-D84C6033C47A}] => (Allow) D:\Program Files (x86)\OriginGames\SimCity\SimCity\SimCity.exe
FirewallRules: [{FF9D86C5-9E1C-4141-A59B-AAA7CF001273}] => (Allow) D:\Program Files (x86)\OriginGames\SimCity\SimCity\SimCity.exe
FirewallRules: [{0EA73370-3A10-4766-A12F-38F0627859C8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F72DC3C7-0503-41A5-9041-0B676C1641F6}] => (Allow) d:\Program Files (x86)\Brother\Brmfl14e\FAXRX.EXE
FirewallRules: [{2DEEF5AC-1862-4BFF-85D2-38570B129251}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{28C6BC4A-6416-4AB8-9D95-58BFF751A037}D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Block) D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
FirewallRules: [UDP Query User{A3AB2A72-C4C0-4F06-A7EE-35C0A00F8240}D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Block) D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
FirewallRules: [TCP Query User{148864F7-C1E4-43C7-8550-2BD665282F51}D:\program files (x86)\the beginner's guide\beginnersguide.exe] => (Block) D:\program files (x86)\the beginner's guide\beginnersguide.exe
FirewallRules: [UDP Query User{C2EF76C4-BCF3-48FB-B86F-7B9BA0048225}D:\program files (x86)\the beginner's guide\beginnersguide.exe] => (Block) D:\program files (x86)\the beginner's guide\beginnersguide.exe
FirewallRules: [{8D43ABC5-5B12-4069-A956-405E2BDADA0D}] => (Allow) C:\Program Files (x86)\Ubisoft\Anno 2205\Bin\Win64\Anno2205.exe
FirewallRules: [TCP Query User{94CB0C90-4707-4792-A2D5-C25AF29D2469}D:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) D:\program files (x86)\funcom\age of conan\conanpatcher.exe
FirewallRules: [UDP Query User{97F8F9D2-7879-4A76-8105-5F4D34C015FA}D:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) D:\program files (x86)\funcom\age of conan\conanpatcher.exe
FirewallRules: [TCP Query User{99C24D58-9BFA-4554-9E71-00D636CD7E73}D:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconan.exe
FirewallRules: [UDP Query User{4047640F-E7E9-40FE-BA37-92EA829E5E29}D:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconan.exe
FirewallRules: [TCP Query User{427ECFE4-217A-4173-992A-9C438892908B}D:\program files (x86)\funcom\age of conan\ageofconandx10.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconandx10.exe
FirewallRules: [UDP Query User{156CF8DA-5855-45EC-BB9D-FF170F6A355E}D:\program files (x86)\funcom\age of conan\ageofconandx10.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconandx10.exe
FirewallRules: [{64B10E9D-6428-4CFA-90EB-011BF57188B4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{703D5913-0510-4C51-8CD3-10C7E1EA0EE6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A37ABBA-07A0-432C-BCD4-096215DA9189}] => (Allow) D:\Program Files\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{9794E91D-9859-47DE-B442-972C8D67A12B}] => (Allow) D:\Program Files\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{E3EB6327-951D-427C-962D-A9D15D80D3BC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{056185A1-5BA0-4BD6-A258-82BA88A67103}D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe] => (Block) D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe
FirewallRules: [UDP Query User{0E5A04DE-1325-45DA-9DA5-912070B8C4F0}D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe] => (Block) D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe
==================== Wiederherstellungspunkte =========================
14-02-2013 01:40:44 Windows Update
14-02-2013 03:00:19 Windows Update
17-03-2013 17:59:43 Removed Java(TM) 6 Update 39
17-03-2013 18:02:58 Installed Java 7 Update 17
17-03-2013 18:20:27 Windows Update
02-03-2016 18:56:53 Geplanter Prüfpunkt
11-03-2016 21:47:57 Removed RollerCoaster Tycoon® 3
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: AODDriver4.01
Description: AODDriver4.01
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.01
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/11/2016 09:48:36 PM) (Source: MsiInstaller) (EventID: 1024) (User: shag-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F0A4E5C00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (03/11/2016 09:35:59 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (03/11/2016 09:18:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws.exe, Version: 1.1.56.9119, Zeitstempel: 0x56a8ec36
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a69ec4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x16c4
Startzeit der fehlerhaften Anwendung: 0xavira_de_av_56e31e2f28336__ws.exe0
Pfad der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws.exe1
Pfad des fehlerhaften Moduls: avira_de_av_56e31e2f28336__ws.exe2
Berichtskennung: avira_de_av_56e31e2f28336__ws.exe3
Error: (03/11/2016 09:17:18 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (03/11/2016 08:51:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws(2).exe, Version: 1.1.56.9119, Zeitstempel: 0x56a8ec36
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a69ec4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xd20
Startzeit der fehlerhaften Anwendung: 0xavira_de_av_56e31e2f28336__ws(2).exe0
Pfad der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws(2).exe1
Pfad des fehlerhaften Moduls: avira_de_av_56e31e2f28336__ws(2).exe2
Berichtskennung: avira_de_av_56e31e2f28336__ws(2).exe3
Error: (03/11/2016 08:50:37 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (03/11/2016 08:42:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws(1).exe, Version: 1.1.56.9119, Zeitstempel: 0x56a8ec36
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a69ec4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x81c
Startzeit der fehlerhaften Anwendung: 0xavira_de_av_56e31e2f28336__ws(1).exe0
Pfad der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws(1).exe1
Pfad des fehlerhaften Moduls: avira_de_av_56e31e2f28336__ws(1).exe2
Berichtskennung: avira_de_av_56e31e2f28336__ws(1).exe3
Error: (03/11/2016 08:41:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws.exe, Version: 1.1.56.9119, Zeitstempel: 0x56a8ec36
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a69ec4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x2fc
Startzeit der fehlerhaften Anwendung: 0xavira_de_av_56e31e2f28336__ws.exe0
Pfad der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws.exe1
Pfad des fehlerhaften Moduls: avira_de_av_56e31e2f28336__ws.exe2
Berichtskennung: avira_de_av_56e31e2f28336__ws.exe3
Error: (03/11/2016 08:41:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Setup.Bundle.exe, Version: 1.1.56.9119, Zeitstempel: 0x56a8ec36
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a69ec4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xb34
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Setup.Bundle.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Setup.Bundle.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Setup.Bundle.exe2
Berichtskennung: Avira.OE.Setup.Bundle.exe3
Error: (03/11/2016 08:40:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Setup.Bundle.exe, Version: 1.1.56.9119, Zeitstempel: 0x56a8ec36
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a69ec4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1670
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Setup.Bundle.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Setup.Bundle.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Setup.Bundle.exe2
Berichtskennung: Avira.OE.Setup.Bundle.exe3
Systemfehler:
=============
Error: (03/11/2016 09:36:11 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%303.
Error: (03/11/2016 09:36:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (03/11/2016 09:36:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Email-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (03/11/2016 09:35:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/11/2016 09:35:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMService erreicht.
Error: (03/11/2016 09:35:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (03/11/2016 09:35:58 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Planer" wurde mit folgendem dienstspezifischem Fehler beendet: %%305.
Error: (03/11/2016 09:35:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (03/11/2016 09:34:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (03/11/2016 09:34:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
==================== Speicherinformationen ===========================
Prozessor: AMD Phenom(tm) II X4 965 Processor
Prozentuale Nutzung des RAM: 25%
Installierter physikalischer RAM: 8178.14 MB
Verfügbarer physikalischer RAM: 6054.96 MB
Summe virtueller Speicher: 14176.34 MB
Verfügbarer virtueller Speicher: 11607.18 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:7.53 GB) NTFS
Drive d: (Programme) (Fixed) (Total:833.85 GB) (Free:251.81 GB) NTFS
Drive e: (Safe) (Fixed) (Total:1863.01 GB) (Free:4.93 GB) NTFS
Drive f: (Daten) (Fixed) (Total:208.46 GB) (Free:12.35 GB) NTFS
Drive g: (Win7) (Fixed) (Total:97.56 GB) (Free:16.33 GB) NTFS
Drive h: (WinXP) (Fixed) (Total:24.41 GB) (Free:1.13 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive i: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: B45C1AEF)
Partition 2: (Active) - (Size=1863 GB) - (Type=05)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C68DC68D)
Partition 1: (Active) - (Size=24.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=208.5 GB) - (Type=OF Extended)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 90486699)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AFD27FD7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
12.03.2016, 13:54
| #2 |
| /// TB-Ausbilder   | Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Schritt 1 Bitte lade dir rKill von Grinler auf deinen Desktop von einem der folgenden Links: RKill oder http://www.trojaner-board.de/85629-rkill-download.html
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 4 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 5
Bitte poste mit deiner nächsten Antwort
Geändert von M-K-D-B (12.03.2016 um 14:17 Uhr) |
|
12.03.2016, 18:02
| #3 |
| | Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht Hallo Matthias,
__________________danke für Deine Hilfe. Schritt 1 - rkill Code:
ATTFilter Rkill 2.8.3 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
hxxp://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 03/12/2016 05:34:28 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.exe (PID: 3708) [UP-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Backup Registry file created at:
C:\Users\shag\Desktop\rkill\rkill-03-12-2016-05-34-32.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity:
* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 acdid.acdsystems.com
127.0.0.1 activate.adobe.com
Program finished at: 03/12/2016 05:34:43 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)
Code:
ATTFilter # AdwCleaner v5.101 - Bericht erstellt am 12/03/2016 um 17:40:41
# Aktualisiert am 07/03/2016 von Xplode
# Datenbank : 2016-03-08.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : shag - SHAG-PC
# Gestartet von : C:\Users\shag\Desktop\AdwCleaner_5.101.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner Gelöscht : C:\ProgramData\Trymedia
[-] Ordner Gelöscht : C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\ICQToolbarData
***** [ Dateien ] *****
[-] Datei Gelöscht : C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\searchplugins\icqplugin.xml
[-] Datei Gelöscht : C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\invalidprefs.js
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HiJackThis.exe
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
***** [ Internetbrowser ] *****
[-] [C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.param.yahoo-fr", "chr-greentree_ff&type=302398");
[-] [C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\prefs.js] [Preference] Gelöscht : user_pref("keyword.URL", "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=");
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2144 Bytes] - [12/03/2016 17:40:41]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [2062 Bytes] - [12/03/2016 17:39:31]
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2330 Bytes] ##########
War schon installiert bei mir. Lässt sich aber nicht starten. Deinstallieren und neu installieren funktioniert nicht. Fehlermeldung bei Installation: Interner Fehler: Expression error 'Runtime Error (at112:109): Schritt 4 - JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x64
Ran by shag (Administrator) on 12.03.2016 at 17:51:14,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 30
Failed to delete: C:\ProgramData\274435 (Folder)
Successfully deleted: C:\ProgramData\274335 (Folder)
Successfully deleted: C:\Users\shag\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\user.js (File)
Successfully deleted: C:\Users\shag\AppData\Roaming\pdfforge (Folder)
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YPI15MJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2S4E3MDQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\909B81IW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COTE14NY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1F15JCJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXDCPS10 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W996E00P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZP79D0MH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YPI15MJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2S4E3MDQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\909B81IW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COTE14NY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1F15JCJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXDCPS10 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W996E00P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZP79D0MH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\SysWOW64\RENF24A.tmp (File)
Registry: 2
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.03.2016 at 17:52:39,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von shag (Administrator) auf SHAG-PC (12-03-2016 17:54:04)
Gestartet von C:\Users\shag\Desktop
Geladene Profile: shag (Verfügbare Profile: shag & Coco)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) D:\Program Files (x86)\iRacing\iRacingService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Thrustmaster®) D:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IvoSoft) C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_182.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7512680 2011-10-25] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-09] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\clientmon.exe" [X]
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {6734fc30-9002-11e2-851a-8c89a5c2e538} - K:\setup.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {ccf4559d-4ca0-11e4-b1b1-8c89a5c2e538} - K:\setup.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {ddc22528-591b-11e3-8b61-8c89a5c2e538} - L:\ting.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-30] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
IFEO\AvastSvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\AvastUI.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avcenter.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avconfig.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgidsagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgrsx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.ServiceHost.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.Systray.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.SystrayStartTrigger.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avp.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\bdagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\blindman.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ccuac.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ComboFix.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\egui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\gsam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\hijackthis.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\instup.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\keyscrambler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbampt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamservice.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mcapexe.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mcuicnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MSASCui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MsMpEng.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\msseces.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\rstrui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDFiles.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDMain.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDWinSec.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\spybotsd.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\update.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\wireshark.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\zlclient.exe: [Debugger] C:\Windows\System32\svchost.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-05-31]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{64956C90-8573-4570-AE9E-9C6059173262}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Session Restore: -> ist aktiviert.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-11] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\shag\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @talk.google.com/O1DPlugin -> C:\Users\shag\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @tools.google.com/Google Update;version=3 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @tools.google.com/Google Update;version=9 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\shag\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\shag\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Avira Browser Safety - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\abs@avira.com [2016-02-19]
FF Extension: leethax.net extension - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\leethax@leethax.net.xpi [2014-02-08] [ist nicht signiert]
FF Extension: Move Media Player - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\moveplayer@movenetworks.com [2013-03-18] [ist nicht signiert]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-03-18] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-15] [ist nicht signiert]
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR Profile: C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-27]
CHR Extension: (Google Docs) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-27]
CHR Extension: (Google Drive) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-27]
CHR Extension: (Google-Suche) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Tabellen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-27]
CHR Extension: (Avira Browserschutz) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-07]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-27]
CHR Extension: (Google Mail) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-27]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]
S3 GalaxyClientService; D:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-11-13] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7220792 2016-02-11] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-09] (NVIDIA Corporation)
R2 iRacingService; D:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-12] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-09] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-09] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-28] (Electronic Arts)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145736 2013-08-15] (Nuance Communications, Inc.)
R2 tmInstall; d:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [45296 2014-07-22] (Thrustmaster®)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2013-12-19] (Advanced Micro Devices) [Datei ist nicht signiert]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2016-02-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 cancel; C:\Program Files (x86)\MSI\Super-Charger\cancel_64.sys [16184 2010-05-21] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-05] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [37248 2012-05-22] (Abelssoft GmbH)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [34528 2013-05-16] (Windows (R) Win 7 DDK provider)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-10-05] (Duplex Secure Ltd.)
S3 tmhidusb; C:\Windows\System32\DRIVERS\tmhidusb.sys [166640 2014-07-22] (Thrustmaster)
R2 zntport64; C:\EuCaSoft\zntport64.sys [13880 2007-12-22] (Zeal SoftStudio)
U3 ahiuozps; C:\Windows\System32\Drivers\ahiuozps.sys [0 ] (Advanced Micro Devices) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 cpuz130; \??\C:\Users\shag\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 NTIOLib_1_0_4; \??\d:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\J:\NTIOLib_X64.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-03-12 17:54 - 2016-03-12 17:54 - 00022593 _____ C:\Users\shag\Desktop\FRST.txt
2016-03-12 17:52 - 2016-03-12 17:52 - 00005224 _____ C:\Users\shag\Desktop\JRT.txt
2016-03-12 17:51 - 2016-03-12 17:51 - 00000000 ____D C:\ProgramData\274335
2016-03-12 17:48 - 2016-03-12 17:48 - 01609216 _____ (Malwarebytes) C:\Users\shag\Desktop\JRT.exe
2016-03-12 17:39 - 2016-03-12 17:40 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-12 17:37 - 2016-03-12 17:35 - 01524224 _____ C:\Users\shag\Desktop\AdwCleaner_5.101.exe
2016-03-12 17:34 - 2016-03-12 17:52 - 00001625 _____ C:\ProgramData\XML
2016-03-12 17:34 - 2016-03-12 17:34 - 00002890 _____ C:\Users\shag\Desktop\Rkill.txt
2016-03-12 17:34 - 2016-03-12 17:34 - 00000000 ____D C:\Users\shag\Desktop\rkill
2016-03-12 17:34 - 2016-03-12 17:33 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\shag\Desktop\rkill.com
2016-03-11 21:55 - 2016-03-11 21:42 - 02374144 _____ (Farbar) C:\Users\shag\Desktop\FRST64.exe
2016-03-11 21:53 - 2016-03-12 17:54 - 00000000 ____D C:\FRST
2016-03-11 21:32 - 2016-03-11 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-03-11 21:31 - 2016-03-11 21:32 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-03-11 21:31 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-11 21:31 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-11 21:31 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-11 21:20 - 2016-03-11 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-05 12:03 - 2016-03-05 12:03 - 00000000 ____D C:\Users\shag\AppData\Roaming\cerasus.media
2016-03-01 21:22 - 2016-03-01 16:25 - 03793920 _____ (IvoSoft) C:\Windows\SysWOW64\clientmon.exe
2016-03-01 21:12 - 2016-03-12 17:51 - 00003362 _____ C:\Windows\System32\Tasks\Search Filter Host
2016-03-01 21:12 - 2016-03-01 21:12 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Lazy Bear Games
2016-03-01 21:11 - 2016-03-12 17:51 - 00000000 __SHD C:\ProgramData\274435
2016-03-01 21:11 - 2016-03-11 21:47 - 00000000 ____D C:\Users\shag\AppData\Local\IIIQF
2016-03-01 21:11 - 2016-03-01 21:11 - 00000006 ____S C:\ProgramData\cfc4764f3bbfae7c2c155456e0ae08a61242b9ff
2016-03-01 21:11 - 2016-03-01 21:11 - 00000000 ____D C:\Users\shag\AppData\Roaming\Windows
2016-03-01 21:11 - 2016-03-01 21:11 - 00000000 ____D C:\ProgramData\mia2477.tmp
2016-03-01 19:55 - 2016-03-01 19:55 - 00000000 ____D C:\ProgramData\dbdata
2016-02-29 20:27 - 2016-02-29 22:37 - 00000000 ____D C:\Users\shag\AppData\Roaming\Factorio
2016-02-29 20:26 - 2016-02-29 20:26 - 00000936 _____ C:\Users\shag\Desktop\Factorio v0.9.8.lnk
2016-02-25 08:09 - 2016-02-25 08:09 - 00000801 _____ C:\Users\Public\Desktop\Passbild-Generator.lnk
2016-02-25 08:09 - 2016-02-25 08:09 - 00000000 ____D C:\Users\shag\AppData\Local\_3_
2016-02-25 08:09 - 2016-02-25 08:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passbild-Generator
2016-02-23 21:01 - 2016-02-23 20:59 - 00110176 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2016-02-23 20:59 - 2016-02-23 21:01 - 00000000 ____D C:\Users\shag\.oracle_jre_usage
2016-02-23 20:59 - 2016-02-23 20:59 - 00000000 ____D C:\Users\shag\AppData\Roaming\Sun
2016-02-23 20:58 - 2016-02-23 20:58 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Oracle
2016-02-23 20:17 - 2016-02-23 21:09 - 00000000 ____D C:\Users\shag\.litwrl
2016-02-21 11:59 - 2016-02-21 11:59 - 00000000 ____D C:\Users\shag\Documents\DyingLight
2016-02-19 18:50 - 2016-02-19 18:50 - 00000000 ____D C:\Users\shag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-12 16:22 - 2016-02-12 16:22 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Google
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-03-12 17:50 - 2013-08-25 19:14 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
2016-03-12 17:50 - 2009-07-14 05:45 - 00022848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-12 17:50 - 2009-07-14 05:45 - 00022848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-12 17:48 - 2009-07-14 18:58 - 00699416 _____ C:\Windows\system32\perfh007.dat
2016-03-12 17:48 - 2009-07-14 18:58 - 00149556 _____ C:\Windows\system32\perfc007.dat
2016-03-12 17:48 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-12 17:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-12 17:42 - 2013-05-14 20:49 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-12 17:42 - 2013-03-18 19:28 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-12 17:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-12 17:41 - 2013-05-14 20:49 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-12 17:31 - 2015-06-19 16:54 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
2016-03-12 17:31 - 2013-04-18 20:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-12 01:14 - 2015-12-06 19:16 - 00000000 ____D C:\Users\shag\Desktop\Spiele
2016-03-12 01:11 - 2016-01-03 15:42 - 00000000 ____D C:\Users\shag\AppData\Local\CrashDumps
2016-03-12 01:11 - 2013-03-21 22:46 - 00000000 ____D C:\Users\shag\AppData\Roaming\vlc
2016-03-11 22:57 - 2013-04-18 20:08 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-11 22:57 - 2013-03-18 20:25 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-11 22:57 - 2013-03-18 20:25 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-11 21:49 - 2014-11-23 19:32 - 00000000 ____D C:\Users\shag\AppData\Local\My Games
2016-03-11 21:49 - 2013-03-30 23:41 - 00000000 ____D C:\Users\shag\Documents\My Games
2016-03-11 21:49 - 2013-03-18 19:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-11 21:48 - 2015-12-30 20:54 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-11 21:47 - 2015-09-30 22:11 - 00000000 ____D C:\Users\shag\AppData\Roaming\Atari
2016-03-11 21:46 - 2015-03-13 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-03-11 21:46 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-11 21:30 - 2014-07-25 20:28 - 00242786 _____ C:\Windows\ntbtlog.txt
2016-03-11 21:17 - 2013-03-18 19:16 - 00000000 ____D C:\Users\shag
2016-03-11 21:10 - 2015-10-03 09:12 - 00000000 ____D C:\Users\Coco
2016-03-11 21:10 - 2015-06-10 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-03-11 21:10 - 2015-05-15 10:42 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-11 21:10 - 2014-10-05 15:49 - 00000000 ____D C:\Users\shag\AppData\Roaming\FreeArc
2016-03-11 21:10 - 2014-08-07 21:41 - 00000000 ____D C:\Users\Besuch
2016-03-11 21:10 - 2014-07-27 20:34 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-11 21:10 - 2014-02-10 20:00 - 00000000 ____D C:\Users\shag\AppData\Roaming\Battle.net
2016-03-11 21:10 - 2013-03-18 20:25 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\ProgramData\Avira
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\Program Files (x86)\Avira
2016-03-11 21:10 - 2009-07-14 19:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-11 21:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-03-11 20:27 - 2013-03-19 20:07 - 00000000 ____D C:\Users\shag\AppData\Roaming\UseNeXT
2016-03-11 20:21 - 2014-02-10 20:00 - 00000000 ____D C:\Users\shag\AppData\Local\Battle.net
2016-03-11 13:20 - 2015-11-15 18:24 - 00033792 _____ C:\Users\shag\Desktop\Finanzen.xls
2016-03-08 16:41 - 2015-11-20 18:45 - 00000000 ____D C:\Users\shag\.gimp-2.8
2016-03-01 19:50 - 2013-08-25 19:14 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
2016-03-01 19:10 - 2013-03-18 20:30 - 00000000 ___RD C:\Users\shag\Dropbox
2016-03-01 19:10 - 2013-03-18 20:29 - 00000000 ____D C:\Users\shag\AppData\Roaming\Dropbox
2016-02-28 10:10 - 2013-05-02 20:29 - 00000000 ____D C:\ProgramData\Origin
2016-02-25 12:05 - 2015-06-19 16:54 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
2016-02-25 08:15 - 2015-10-15 19:41 - 00013405 _____ C:\Windows\BRRBCOM.INI
2016-02-24 16:09 - 2015-11-09 18:52 - 00000498 _____ C:\Users\shag\Desktop\Coco.txt
2016-02-23 21:03 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Oracle
2016-02-23 21:02 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-02-23 21:02 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-23 21:02 - 2013-09-03 20:26 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-23 21:02 - 2013-03-18 20:28 - 00000000 ____D C:\Program Files\Java
2016-02-23 20:59 - 2015-03-13 18:22 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-02-21 11:44 - 2014-12-05 21:30 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-21 11:44 - 2014-12-05 21:30 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-18 10:22 - 2013-07-24 17:53 - 00000000 ____D C:\ProgramData\Battle.net
2016-02-18 08:09 - 2013-04-02 21:33 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-02-15 21:54 - 2015-01-12 18:27 - 00000000 ____D C:\Users\shag\AppData\Roaming\Mp3tag
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-10-14 03:44 - 2013-10-14 03:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2015-06-10 22:13 - 2015-08-24 19:58 - 0007859 _____ () C:\Users\shag\AppData\Roaming\pcouffin.cat
2015-06-10 22:13 - 2015-08-24 19:58 - 0001167 _____ () C:\Users\shag\AppData\Roaming\pcouffin.inf
2015-06-10 22:13 - 2015-08-24 19:58 - 0000055 _____ () C:\Users\shag\AppData\Roaming\pcouffin.log
2014-10-05 15:03 - 2014-10-05 15:03 - 0004096 _____ (Microsoft) C:\Users\shag\AppData\Roaming\Microsoft\1.exe
2014-10-05 15:01 - 2014-11-23 18:21 - 0004096 _____ (Microsoft) C:\Users\shag\AppData\Roaming\Microsoft\Setupx.exe
2014-10-05 15:05 - 2014-10-05 15:10 - 0004096 _____ (Microsoft) C:\Users\shag\AppData\Roaming\Microsoft\svchost.exe
2013-06-04 20:34 - 2015-06-13 17:45 - 0014848 _____ () C:\Users\shag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-02 16:18 - 2015-06-02 16:21 - 0585728 _____ () C:\Users\shag\AppData\Local\file__0.localstorage
2015-11-20 18:47 - 2015-11-20 18:47 - 0000819 _____ () C:\Users\shag\AppData\Local\recently-used.xbel
2013-03-18 19:55 - 2015-05-27 19:39 - 0007649 _____ () C:\Users\shag\AppData\Local\resmon.resmoncfg
2016-03-01 21:11 - 2016-03-01 21:11 - 0000006 ____S () C:\ProgramData\cfc4764f3bbfae7c2c155456e0ae08a61242b9ff
2016-03-12 17:34 - 2016-03-12 17:52 - 0001625 _____ () C:\ProgramData\XML
Einige Dateien in TEMP:
====================
C:\Users\Besuch\AppData\Local\Temp\avgnt.exe
C:\Users\Coco\AppData\Local\Temp\avgnt.exe
C:\Users\shag\AppData\Local\Temp\avgnt.exe
C:\Users\shag\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl1ceez.dll
C:\Users\shag\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\shag\AppData\Local\Temp\nvStInst.exe
C:\Users\shag\AppData\Local\Temp\rldfw32_s18g.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s1hc.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s25k.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s2dg.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s2t0.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s3hs.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s5r0.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s6d8.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s6lg.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s6os.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s90.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_sl4.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s1ak.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s3lo.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s3rk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s4gk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s4lc.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s57o.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s58o.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s5kk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s5qk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s5ss.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s6gk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s6og.dll
C:\Users\shag\AppData\Local\Temp\sqlite3.dll
C:\Users\shag\AppData\Local\Temp\svhost.exe
C:\Users\shag\AppData\Local\Temp\_is3AAF.exe
C:\Users\shag\AppData\Local\Temp\_is4481.exe
C:\Users\shag\AppData\Local\Temp\_isA517.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-03-12 15:55
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von shag (2016-03-12 17:54:22)
Gestartet von C:\Users\shag\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-03-18 18:16:49)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2443269024-3109390385-3364977999-500 - Administrator - Disabled)
Coco (S-1-5-21-2443269024-3109390385-3364977999-1008 - Administrator - Enabled) => C:\Users\Coco
Gast (S-1-5-21-2443269024-3109390385-3364977999-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2443269024-3109390385-3364977999-1004 - Limited - Enabled)
shag (S-1-5-21-2443269024-3109390385-3364977999-1000 - Administrator - Enabled) => C:\Users\shag
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Age of Conan: Hyborian Adventures (HKLM-x32\...\Age of Conan_is1) (Version: - Funcom)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: - Gameforge)
Anno 2205 (HKLM-x32\...\Uplay Install 1253) (Version: - Ubisoft)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Photo Commander 10 v.10.0.1 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.0.1 - Ashampoo GmbH & Co. KG)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2002861294.48.56.34082026 - Audible, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.141 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BDE Information Utility (HKLM-x32\...\BDE Information Utility) (Version: - InterBase Installation Info (and BDE Information Utility))
Blender (HKLM\...\{BBE9D9F0-3F77-4E26-9E10-1AFB56D41363}) (Version: 2.76.0 - Blender Foundation)
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J5320DW (HKLM-x32\...\{7FC49664-DAA4-4E7C-ADD0-614ABB43691B}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.20.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.4.0.0377 - Disc Soft Ltd)
Darkest Dungeon (HKLM-x32\...\Darkest Dungeon_is1) (Version: - )
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
DVDFab 9.0.6.3 (09/09/2013) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.2.17437 - Landesfinanzdirektion Thüringen)
ElsterFormular 2006/2007 (HKLM-x32\...\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}) (Version: 8.2.1.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2007/2008 (HKLM-x32\...\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}) (Version: 9.2.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2008/2009 (HKLM-x32\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.0.0.0 - Steuerverwaltung des Bundes und der Länder)
EuCaSoft 4.4.0.4377 (HKLM-x32\...\EuCaSoft_is1) (Version: - itas GmbH)
FFB Racing Wheel drivers (HKLM-x32\...\{28B758EA-5C83-48B1-B352-C70F12C73F5A}) (Version: 3.TTRS.2014 - Thrustmaster)
FreeArc 0.666 (HKLM-x32\...\FreeArc) (Version: 0.666 - Bulat Ziganshin)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge)
Geeks3D FurMark 1.13.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0512 - iRacing.com Motorsport Simulations)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java SE Development Kit 7 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Java SE Development Kit 8 Update 73 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180730}) (Version: 8.0.730.2 - Oracle Corporation)
JetDrive (HKLM-x32\...\JetDrive_is1) (Version: 6.11 - Abelssoft)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version: - Nadeo)
MechWarrior Online (HKLM-x32\...\{9f17023b-d04f-432b-b08a-3bb4c3a7ed3c}) (Version: 1.6.0.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.6.1.0 - Piranha Games Inc.) Hidden
MediaCoder x64 0.8.19.5372 (HKLM\...\MediaCoder x64) (Version: 0.8.19.5372 - Broad Intelligence)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mosaizer Pro v12.0 (HKLM-x32\...\Mosaizer Pro_is1) (Version: 12.0 - APP Helmond)
Mozilla Firefox 19.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 19.0.2 (x86 de)) (Version: 19.0.2 - Mozilla)
Mozilla Firefox 44.0.2 (x86 de) (HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 19.0.2 - Mozilla)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Next Car Game Free Technology Demo (HKLM-x32\...\Next Car Game Free Technology Demo) (Version: - Bugbear Entertainment)
NoLimits 2 Demo (remove only) (HKLM\...\NoLimits 2 Demo) (Version: - )
NoLimits Coasters 1.8 (remove only) (HKLM-x32\...\NoLimits Coasters full) (Version: - )
Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Treiber 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Passbild-Generator v4.0a (HKLM-x32\...\Passbild-Generator_is1) (Version: - Passbild-Generator)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Railroad Tycoon 3 (HKLM-x32\...\{DE29025A-091F-4998-AD2D-24C84421190F}) (Version: 1.0 - )
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version: - ) Hidden
Sentinel System Driver Installer 7.5.1 (HKLM-x32\...\{BF9E346B-5ECE-4A18-9510-55729FD08323}) (Version: 7.5.1 - SafeNet, Inc.)
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Spintires RIP MULTI18 (HKLM-x32\...\U3BpbnRpcmVz_is1) (Version: 1 - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.0.115 - MSI)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.43148 - TeamViewer)
The Witcher 3: Wild Hunt - Alternative Look for Ciri (HKLM-x32\...\Alternative Look for Ciri_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Alternative Look for Triss (HKLM-x32\...\Alternative Look for Triss_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Alternative Look for Yennefer (HKLM-x32\...\Alternative Look for Yennefer_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Ballad Heroes - Neutral Gwent Card Set (HKLM-x32\...\Ballad Heroes - Neutral Gwent Card Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Elite Crossbow Set (HKLM-x32\...\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Finisher Animations (HKLM-x32\...\New Finisher Animations_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract - Skellige's Most Wanted (HKLM-x32\...\New Quest - Contract: Skellige's Most Wanted_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Fool's Gold (HKLM-x32\...\New Quest - Fool's Gold_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Scavenger Hunt - Wolf School Gear (HKLM-x32\...\New Quest - Scavenger Hunt: Wolf School Gear_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Where the Cat and Wolf Play... (HKLM-x32\...\New Quest - Where the Cat and Wolf Play..._is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Nilfgaardian Armor Set (HKLM-x32\...\Nilfgaardian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Skellige Armor Set (HKLM-x32\...\Skellige Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Voodoo Chronicles (HKLM-x32\...\{947E7026-E000-4159-86BC-6B9855EC4517}) (Version: 1.00.0000 - PurpleHills)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.3.0.18 - VSO Software)
War Thunder Launcher 1.0.1.278 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - 2013 Gaijin Entertainment Corporation)
WhiteCap (HKLM-x32\...\WhiteCap) (Version: 6.4.1 - SoundSpectrum)
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.116 - MSI)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.7.3.20131014 - Xilisoft)
XMedia Recode Version 3.1.7.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.8 - XMedia Recode)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> d:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {2DDE40A1-B5C9-4E30-B49A-056A855363D0} - System32\Tasks\Search Filter Host => C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.exe [2016-03-01] (IvoSoft)
Task: {5CDC7D13-A92F-4C6A-9037-DFA121DFEAA2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {6167180D-AC7E-4C68-8CC9-023DBC147E37} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {6EB11A62-09BE-4E9B-83D4-6A882DE1ED34} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {8497BBEE-475E-4265-AAA8-F224139C7BA0} - System32\Tasks\Super Charger => C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe [2011-07-06] (MSI)
Task: {C5C53FF5-B82F-4F17-AE3C-81D0F93E55D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DB2708DA-72B3-456B-A231-CAA7741EFF08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-11] (Adobe Systems Incorporated)
Task: {DBCDFCAF-D9E9-40F1-AF62-1F1C50B250EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {E4737B22-8F2C-4315-9743-9053915C8DBA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {EC19B7C3-4AAF-4DEF-9968-077FFE35F30A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {EC4FE598-9EC1-4664-A6F2-59D0338E59D0} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {F854E768-B92F-45F6-9F15-D807D339052F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-30 20:54 - 2015-12-09 02:52 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-10-15 19:40 - 2005-04-22 05:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2015-05-15 09:45 - 2015-12-09 02:53 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-03-11 22:57 - 2016-03-11 22:57 - 19397824 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2014-08-17 13:48 - 00001055 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 acdid.acdsystems.com
127.0.0.1 activate.adobe.com
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\shag\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupreg: Super-Charger => C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{6B1F38FA-F6F9-4ABD-B206-E8C90B977830}] => (Allow) C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B7325FFE-3ADA-4DA1-9DE8-3A2DCA7F5A3B}] => (Allow) C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{07D86DA9-61A3-47CB-B1A6-0513D4F06B65}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FDD9CBBE-0ABD-4667-9596-44E879C79778}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{86E3BE82-CA85-440E-B4B2-B2664B446D92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{11DDDDE2-F308-40AF-8D9D-0E2072E70150}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3163EBD-DDB7-4275-AC6D-8C732590173F}] => (Block) %ProgramFiles% (x86)\SQUARE ENIX\Tombraider\TombRaider.exe
FirewallRules: [TCP Query User{73C838EF-603A-4CF2-A23E-2041E1CFCD82}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{E71ACD03-DA48-431D-949F-BF986E2AC015}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [{4BBC53DD-4D5D-4C50-B909-22E10583A056}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{469D4751-7DFA-4A7C-B361-434CEB6A5A81}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{5BB1082F-2E2D-4EE6-944B-DC344AA5B470}C:\eucasoft\meta.exe] => (Allow) C:\eucasoft\meta.exe
FirewallRules: [UDP Query User{A2668BF5-70B4-4A1E-BDF8-5AB545E14AD3}C:\eucasoft\meta.exe] => (Allow) C:\eucasoft\meta.exe
FirewallRules: [TCP Query User{E3CEC154-48F6-4462-86A3-FA11B8C6E49A}C:\eucasoft\eucasoft.exe] => (Allow) C:\eucasoft\eucasoft.exe
FirewallRules: [UDP Query User{6ABB59E9-B8AC-4332-BD91-82B6FA02BCBC}C:\eucasoft\eucasoft.exe] => (Allow) C:\eucasoft\eucasoft.exe
FirewallRules: [TCP Query User{C38681B1-F9C5-4091-9454-BB9C91B9C217}C:\eucasoft\eucaprn.exe] => (Allow) C:\eucasoft\eucaprn.exe
FirewallRules: [UDP Query User{B68FAD45-EBB9-418D-9418-289EC845D24E}C:\eucasoft\eucaprn.exe] => (Allow) C:\eucasoft\eucaprn.exe
FirewallRules: [TCP Query User{3DC74B91-28FD-420E-AD76-7684D5631DE6}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [UDP Query User{E199CF05-61AE-482C-ADCD-46BC0D125AF6}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [TCP Query User{36345DBD-FF4D-463E-947F-2FB5E8F97CE1}E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe] => (Block) E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe
FirewallRules: [UDP Query User{3C8D0343-259F-44B4-9BF4-9116E1EDCF55}E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe] => (Block) E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe
FirewallRules: [TCP Query User{4A3487F5-0DF9-465C-859C-B2E3CB28767D}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{D243A6A0-89AA-47B7-8C5F-EE81A220C3CB}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{D746F088-F43E-4AD9-9FD0-782FFFF44266}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{C1409997-93DC-4B19-8C85-BE34ADE9EC79}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{BB497C68-00F8-4212-B457-64BD9CE73233}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{8D7CAD06-081F-4293-9AFA-A574B67C0766}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{68094F16-F5E3-4BFE-B7E7-0086A112EDFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1D18F698-41EF-4FF1-B72D-D7D764974717}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CF8BFAAF-E0E6-4FBE-9260-2B26188DFB50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{697C2CFB-27E5-4A1B-83B2-D908CF8D0F1F}D:\program files (x86)\rayman legends\rayman legends.exe] => (Block) D:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{4415CC36-28EC-477F-8CA5-84335AD7A691}D:\program files (x86)\rayman legends\rayman legends.exe] => (Block) D:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [{E3D7CB83-5E5C-47E5-8FE7-0E543DEF0773}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{763A8944-677E-40D8-A3BF-36F032CAE895}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DC6F0895-BCFA-477C-8FAA-6D8FAE970845}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{2527224D-47C0-479D-A667-612AF086AD65}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [TCP Query User{D6BCEDD8-4D78-4A28-8B5E-6D6A755083BE}D:\program files (x86)\warthunder\aces.exe] => (Allow) D:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{018EDE3C-20A5-4DEC-83DC-A0F4035CA4F3}D:\program files (x86)\warthunder\aces.exe] => (Allow) D:\program files (x86)\warthunder\aces.exe
FirewallRules: [{E89F95BB-3F00-4592-BF46-D7A0247E3238}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A453AEC4-A7B7-4DA7-B840-7087754DDBF5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AD67C548-8E7C-40B0-A74F-BA65ACD252C3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rush\rush.exe
FirewallRules: [{1B6D63C6-DF1F-46D9-944A-4534CF00CE52}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rush\rush.exe
FirewallRules: [{90FC0048-BB3C-42A3-838C-93D2305165A5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{D2515F04-7392-4710-8C0B-11C44D9D5051}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{7EAC378D-BC60-44E4-8D20-97726450695B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{CA140986-66FC-4FD1-BD7B-4C731BA13B0D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{E6B3BB6E-1BC0-4659-A1C4-0E907310097A}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A5024DE2-F094-4A6B-B3CE-205B577386AF}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{928EC490-B5EE-4BC5-B83D-0877319F5188}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{18A7466B-1BA1-4EBA-8E1D-2AF3988F32B8}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{596BBFE3-EC8B-41A2-896B-BFC6212DD615}] => (Allow) D:\Program Files (x86)\OriginGames\Dead Space\Dead Space.exe
FirewallRules: [{482F736C-0431-441B-892B-ADD6495FE0B5}] => (Allow) D:\Program Files (x86)\OriginGames\Dead Space\Dead Space.exe
FirewallRules: [TCP Query User{3AC563F9-56E0-4D00-AA38-E94904A971D9}D:\program files (x86)\valve\portal 2\portal2.exe] => (Block) D:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [UDP Query User{CE925544-FD60-47B6-9BB2-776A0331FDBA}D:\program files (x86)\valve\portal 2\portal2.exe] => (Block) D:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [TCP Query User{5B653E1C-7A11-48EC-9DBE-A5A6CB0BE297}D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{CFFFAA87-8C93-421C-9379-BEC740574581}D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [TCP Query User{6F9B727C-9EFD-4404-AA37-4AD93A12B836}D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe
FirewallRules: [UDP Query User{C2D99373-F636-44F6-95F8-91527CB4F5C9}D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe
FirewallRules: [TCP Query User{C542631D-D296-4DD5-A464-85B3CB755448}D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe] => (Block) D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe
FirewallRules: [UDP Query User{3EE0E562-25EE-4679-B1F2-206503432AD1}D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe] => (Block) D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe
FirewallRules: [TCP Query User{B78239F5-94BD-4F90-9F9B-BBE7B1F4F294}D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [UDP Query User{BAB1384F-46C8-4EA3-8AE8-F8FDC3DC2678}D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [{6A8DAA67-50D6-4693-9A05-E987BE0BC205}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{F1084AB7-A049-4C1E-A87E-69EA97D45F5A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [TCP Query User{10A90911-6943-486F-B637-EBF581F06F38}D:\program files (x86)\tera\tera-launcher.exe] => (Allow) D:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [UDP Query User{578E97A2-CE4F-4099-B0C8-66F332017191}D:\program files (x86)\tera\tera-launcher.exe] => (Allow) D:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [{66D14BBE-0EA6-415C-9ECD-21364CA004B2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{3E85FEBD-4AEB-45AF-BDAC-E6C9F4F5702D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{69287390-3691-457C-A38B-CC9337E9E2A5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{E7240E72-D750-43AC-91CA-09B8B47924DF}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{5FC65538-FA6D-49E2-89F9-6FCDEE0078BD}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{1D9830DA-43E2-45B8-BC15-4DB65EB7890C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{F600BCAF-ADBB-4F5D-B30B-9316781C151B}C:\users\shag\appdata\local\temp\gw2.exe] => (Allow) C:\users\shag\appdata\local\temp\gw2.exe
FirewallRules: [UDP Query User{41FA0A67-7849-47E9-8705-46E3EE198D57}C:\users\shag\appdata\local\temp\gw2.exe] => (Allow) C:\users\shag\appdata\local\temp\gw2.exe
FirewallRules: [TCP Query User{A3884C3A-1703-41EC-ABE3-45DD9E7CE962}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{78536A0E-367B-49EF-BC0A-2FA83E57D071}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{0F3E8BC1-14C2-481A-98AB-B244B4F084C5}D:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) D:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{BA93D511-5C13-403C-BFB6-40893AF03417}D:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) D:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [{EBFA0E67-670C-4DF3-A88E-B4A8DDF8AA98}] => (Allow) D:\Program Files (x86)\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [{C269B6F7-1883-40EB-B878-9EF8A9EB172E}] => (Allow) D:\Program Files (x86)\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [TCP Query User{D889D8F7-55CC-445A-8E3E-C0B52B5CDF93}D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Block) D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [UDP Query User{46EE6606-D08C-4C75-ACF2-6CEB161D465F}D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Block) D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [TCP Query User{52DC2877-88F2-42CC-A0CA-E3979AC92D06}D:\program files (x86)\ubisoft\driver san francisco\driver.exe] => (Block) D:\program files (x86)\ubisoft\driver san francisco\driver.exe
FirewallRules: [UDP Query User{4B4DB25B-416E-4147-A842-D107757F7375}D:\program files (x86)\ubisoft\driver san francisco\driver.exe] => (Block) D:\program files (x86)\ubisoft\driver san francisco\driver.exe
FirewallRules: [TCP Query User{65ADDC17-D41E-43CF-8F91-0D1A5E64D260}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [UDP Query User{4FCCBC6A-ECB2-4D49-A0C7-06AA70EDCD31}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [TCP Query User{4727CA4A-F3CF-4D4C-BE94-77013DB3E561}D:\gog games\oddworld - new 'n' tasty\nnt.exe] => (Block) D:\gog games\oddworld - new 'n' tasty\nnt.exe
FirewallRules: [UDP Query User{16F3CC54-81C2-4D68-AC5B-A5F110F39B09}D:\gog games\oddworld - new 'n' tasty\nnt.exe] => (Block) D:\gog games\oddworld - new 'n' tasty\nnt.exe
FirewallRules: [{1EDBCBD6-77FE-4354-AFC1-82B6EEF9C166}] => (Allow) d:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{E95D1DBC-A572-4898-977A-09355E2080D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B6D7FDC2-79E5-443F-B573-ADBE5AE02395}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CC4C363A-92C1-483D-A1F8-D8D10344E52C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{09E746F3-3FA8-46A1-8D39-D2FAA689C686}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{20DEB04C-991B-4CE0-BF6E-832CFE776471}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{318028F5-A87E-4579-9378-43E2C20672BB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{2E5D2FF7-7055-42A5-BA32-6F6F01B54240}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{AA87FFA5-9C61-4FAA-8885-C7C06558CA9F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{F99BA5FE-DD38-41F4-A72E-CE7D43AD47E6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{CBF93050-29C7-4CAA-9A0D-5ED1DD81E6EB}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{52E17C41-63A9-4BE2-8174-4167278F4903}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3BEA036E-82D0-4D77-920E-8482907A261F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{5EA49FF2-A58C-43FF-A927-0A95BC6FCD49}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{60D3597B-38BF-4726-B37B-D84C6033C47A}] => (Allow) D:\Program Files (x86)\OriginGames\SimCity\SimCity\SimCity.exe
FirewallRules: [{FF9D86C5-9E1C-4141-A59B-AAA7CF001273}] => (Allow) D:\Program Files (x86)\OriginGames\SimCity\SimCity\SimCity.exe
FirewallRules: [{0EA73370-3A10-4766-A12F-38F0627859C8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F72DC3C7-0503-41A5-9041-0B676C1641F6}] => (Allow) d:\Program Files (x86)\Brother\Brmfl14e\FAXRX.EXE
FirewallRules: [{2DEEF5AC-1862-4BFF-85D2-38570B129251}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{28C6BC4A-6416-4AB8-9D95-58BFF751A037}D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Block) D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
FirewallRules: [UDP Query User{A3AB2A72-C4C0-4F06-A7EE-35C0A00F8240}D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Block) D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
FirewallRules: [TCP Query User{148864F7-C1E4-43C7-8550-2BD665282F51}D:\program files (x86)\the beginner's guide\beginnersguide.exe] => (Block) D:\program files (x86)\the beginner's guide\beginnersguide.exe
FirewallRules: [UDP Query User{C2EF76C4-BCF3-48FB-B86F-7B9BA0048225}D:\program files (x86)\the beginner's guide\beginnersguide.exe] => (Block) D:\program files (x86)\the beginner's guide\beginnersguide.exe
FirewallRules: [{8D43ABC5-5B12-4069-A956-405E2BDADA0D}] => (Allow) C:\Program Files (x86)\Ubisoft\Anno 2205\Bin\Win64\Anno2205.exe
FirewallRules: [TCP Query User{94CB0C90-4707-4792-A2D5-C25AF29D2469}D:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) D:\program files (x86)\funcom\age of conan\conanpatcher.exe
FirewallRules: [UDP Query User{97F8F9D2-7879-4A76-8105-5F4D34C015FA}D:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) D:\program files (x86)\funcom\age of conan\conanpatcher.exe
FirewallRules: [TCP Query User{99C24D58-9BFA-4554-9E71-00D636CD7E73}D:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconan.exe
FirewallRules: [UDP Query User{4047640F-E7E9-40FE-BA37-92EA829E5E29}D:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconan.exe
FirewallRules: [TCP Query User{427ECFE4-217A-4173-992A-9C438892908B}D:\program files (x86)\funcom\age of conan\ageofconandx10.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconandx10.exe
FirewallRules: [UDP Query User{156CF8DA-5855-45EC-BB9D-FF170F6A355E}D:\program files (x86)\funcom\age of conan\ageofconandx10.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconandx10.exe
FirewallRules: [{64B10E9D-6428-4CFA-90EB-011BF57188B4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{703D5913-0510-4C51-8CD3-10C7E1EA0EE6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A37ABBA-07A0-432C-BCD4-096215DA9189}] => (Allow) D:\Program Files\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{9794E91D-9859-47DE-B442-972C8D67A12B}] => (Allow) D:\Program Files\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{E3EB6327-951D-427C-962D-A9D15D80D3BC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{056185A1-5BA0-4BD6-A258-82BA88A67103}D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe] => (Block) D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe
FirewallRules: [UDP Query User{0E5A04DE-1325-45DA-9DA5-912070B8C4F0}D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe] => (Block) D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe
==================== Wiederherstellungspunkte =========================
14-02-2013 01:40:44 Windows Update
14-02-2013 03:00:19 Windows Update
17-03-2013 17:59:43 Removed Java(TM) 6 Update 39
17-03-2013 18:02:58 Installed Java 7 Update 17
17-03-2013 18:20:27 Windows Update
11-03-2016 21:47:57 Removed RollerCoaster Tycoon® 3
12-03-2016 17:51:16 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: AODDriver4.01
Description: AODDriver4.01
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.01
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/12/2016 05:42:08 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (03/12/2016 02:37:45 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (03/12/2016 01:11:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a6a196
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ac04
ID des fehlerhaften Prozesses: 0x1210
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Error: (03/12/2016 12:11:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a6a196
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ac04
ID des fehlerhaften Prozesses: 0xefc
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Error: (03/11/2016 09:48:36 PM) (Source: MsiInstaller) (EventID: 1024) (User: shag-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F0A4E5C00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (03/11/2016 09:35:59 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (03/11/2016 09:18:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws.exe, Version: 1.1.56.9119, Zeitstempel: 0x56a8ec36
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a69ec4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x16c4
Startzeit der fehlerhaften Anwendung: 0xavira_de_av_56e31e2f28336__ws.exe0
Pfad der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws.exe1
Pfad des fehlerhaften Moduls: avira_de_av_56e31e2f28336__ws.exe2
Berichtskennung: avira_de_av_56e31e2f28336__ws.exe3
Error: (03/11/2016 09:17:18 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (03/11/2016 08:51:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws(2).exe, Version: 1.1.56.9119, Zeitstempel: 0x56a8ec36
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a69ec4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xd20
Startzeit der fehlerhaften Anwendung: 0xavira_de_av_56e31e2f28336__ws(2).exe0
Pfad der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws(2).exe1
Pfad des fehlerhaften Moduls: avira_de_av_56e31e2f28336__ws(2).exe2
Berichtskennung: avira_de_av_56e31e2f28336__ws(2).exe3
Error: (03/11/2016 08:50:37 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Systemfehler:
=============
Error: (03/12/2016 05:51:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/12/2016 05:42:17 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%303.
Error: (03/12/2016 05:42:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (03/12/2016 05:42:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Email-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (03/12/2016 05:42:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5
Error: (03/12/2016 05:42:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (03/12/2016 05:42:07 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Planer" wurde mit folgendem dienstspezifischem Fehler beendet: %%305.
Error: (03/12/2016 05:41:11 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (03/12/2016 05:40:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/12/2016 05:40:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
==================== Speicherinformationen ===========================
Prozessor: AMD Phenom(tm) II X4 965 Processor
Prozentuale Nutzung des RAM: 20%
Installierter physikalischer RAM: 8178.14 MB
Verfügbarer physikalischer RAM: 6514.63 MB
Summe virtueller Speicher: 14176.34 MB
Verfügbarer virtueller Speicher: 12310.61 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:8.68 GB) NTFS
Drive d: (Programme) (Fixed) (Total:833.85 GB) (Free:251.82 GB) NTFS
Drive e: (Safe) (Fixed) (Total:1863.01 GB) (Free:4.93 GB) NTFS
Drive f: (Daten) (Fixed) (Total:208.46 GB) (Free:12.35 GB) NTFS
Drive g: (Win7) (Fixed) (Total:97.56 GB) (Free:16.33 GB) NTFS
Drive h: (WinXP) (Fixed) (Total:24.41 GB) (Free:1.13 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive i: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: B45C1AEF)
Partition 2: (Active) - (Size=1863 GB) - (Type=05)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C68DC68D)
Partition 1: (Active) - (Size=24.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=208.5 GB) - (Type=OF Extended)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 90486699)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AFD27FD7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
13.03.2016, 12:28
| #4 |
| /// TB-Ausbilder | Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht Servus, Du hast da mindestens eine illegale/gecrackte Software auf deinem Rechner: Adobe Photoshop Lesestoff:Illegale Software: Cracks, Keygens und Co Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter, wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems. |
|
13.03.2016, 13:26
| #5 |
| | Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht Ok Matthias, danke für den Hinweis. Ich habe es entfernt. Wie jetzt weiter? FRST wiederholen, oder alle Schritte aus dem vorherigen Post? |
|
13.03.2016, 13:45
| #6 |
| /// TB-Ausbilder | Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht Servus, FRST neu bitte:
|
|
13.03.2016, 13:55
| #7 |
| | Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht Hi, hier die FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von shag (Administrator) auf SHAG-PC (13-03-2016 13:52:45)
Gestartet von C:\Users\shag\Desktop
Geladene Profile: shag (Verfügbare Profile: shag & Coco)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) D:\Program Files (x86)\iRacing\iRacingService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Thrustmaster®) D:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(IvoSoft) C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7512680 2011-10-25] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-09] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\clientmon.exe" [X]
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {6734fc30-9002-11e2-851a-8c89a5c2e538} - K:\setup.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {ccf4559d-4ca0-11e4-b1b1-8c89a5c2e538} - K:\setup.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {ddc22528-591b-11e3-8b61-8c89a5c2e538} - L:\ting.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\Winlogon: [Shell] explorer.exe,"C:\Users\shag\AppData\Roaming\clientmon.exe" <==== ACHTUNG
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-30] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
IFEO\AvastSvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\AvastUI.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avcenter.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avconfig.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgidsagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgrsx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.ServiceHost.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.Systray.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.SystrayStartTrigger.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avp.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\bdagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\blindman.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ccuac.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ComboFix.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\egui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\gsam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\hijackthis.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\instup.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\keyscrambler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbampt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamservice.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mcapexe.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mcuicnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MSASCui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MsMpEng.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\msseces.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\rstrui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDFiles.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDMain.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDWinSec.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\spybotsd.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\update.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\wireshark.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\zlclient.exe: [Debugger] C:\Windows\System32\svchost.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-05-31]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{64956C90-8573-4570-AE9E-9C6059173262}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Session Restore: -> ist aktiviert.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-11] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\shag\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @talk.google.com/O1DPlugin -> C:\Users\shag\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @tools.google.com/Google Update;version=3 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @tools.google.com/Google Update;version=9 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\shag\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\shag\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Avira Browser Safety - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\abs@avira.com [2016-02-19]
FF Extension: leethax.net extension - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\leethax@leethax.net.xpi [2014-02-08] [ist nicht signiert]
FF Extension: Move Media Player - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\moveplayer@movenetworks.com [2013-03-18] [ist nicht signiert]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-03-18] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-15] [ist nicht signiert]
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR Profile: C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-27]
CHR Extension: (Google Docs) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-27]
CHR Extension: (Google Drive) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-27]
CHR Extension: (Google-Suche) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Tabellen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-27]
CHR Extension: (Avira Browserschutz) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-07]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-27]
CHR Extension: (Google Mail) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-27]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]
S3 GalaxyClientService; D:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-11-13] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7220792 2016-02-11] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-09] (NVIDIA Corporation)
R2 iRacingService; D:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-12] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-09] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-09] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-28] (Electronic Arts)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145736 2013-08-15] (Nuance Communications, Inc.)
R2 tmInstall; d:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [45296 2014-07-22] (Thrustmaster®)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2013-12-19] (Advanced Micro Devices) [Datei ist nicht signiert]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2016-02-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 cancel; C:\Program Files (x86)\MSI\Super-Charger\cancel_64.sys [16184 2010-05-21] (Windows (R) Win 7 DDK provider)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [37248 2012-05-22] (Abelssoft GmbH)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [34528 2013-05-16] (Windows (R) Win 7 DDK provider)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-10-05] (Duplex Secure Ltd.)
S3 tmhidusb; C:\Windows\System32\DRIVERS\tmhidusb.sys [166640 2014-07-22] (Thrustmaster)
R2 zntport64; C:\EuCaSoft\zntport64.sys [13880 2007-12-22] (Zeal SoftStudio)
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 cpuz130; \??\C:\Users\shag\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 NTIOLib_1_0_4; \??\d:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\J:\NTIOLib_X64.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-03-13 13:20 - 2016-03-13 13:20 - 00099384 _____ C:\Users\shag\AppData\Roaming\inst.exe
2016-03-13 13:20 - 2016-03-13 13:20 - 00082816 _____ (VSO Software) C:\Users\shag\AppData\Roaming\pcouffin.sys
2016-03-12 18:02 - 2016-03-01 16:25 - 03793920 _____ (IvoSoft) C:\Users\shag\AppData\Roaming\clientmon.exe
2016-03-12 17:54 - 2016-03-13 13:52 - 00058565 _____ C:\Users\shag\Desktop\Addition.txt
2016-03-12 17:54 - 2016-03-13 13:52 - 00022811 _____ C:\Users\shag\Desktop\FRST.txt
2016-03-12 17:52 - 2016-03-12 17:52 - 00005224 _____ C:\Users\shag\Desktop\JRT.txt
2016-03-12 17:51 - 2016-03-12 17:51 - 00000000 _RSHD C:\ProgramData\274335
2016-03-12 17:48 - 2016-03-12 17:48 - 01609216 _____ (Malwarebytes) C:\Users\shag\Desktop\JRT.exe
2016-03-12 17:39 - 2016-03-12 17:40 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-12 17:37 - 2016-03-12 17:35 - 01524224 _____ C:\Users\shag\Desktop\AdwCleaner_5.101.exe
2016-03-12 17:34 - 2016-03-12 17:52 - 00001625 _____ C:\ProgramData\XML
2016-03-12 17:34 - 2016-03-12 17:34 - 00002890 _____ C:\Users\shag\Desktop\Rkill.txt
2016-03-12 17:34 - 2016-03-12 17:34 - 00000000 ____D C:\Users\shag\Desktop\rkill
2016-03-12 17:34 - 2016-03-12 17:33 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\shag\Desktop\rkill.com
2016-03-11 21:55 - 2016-03-11 21:42 - 02374144 _____ (Farbar) C:\Users\shag\Desktop\FRST64.exe
2016-03-11 21:53 - 2016-03-13 13:52 - 00000000 ____D C:\FRST
2016-03-11 21:32 - 2016-03-11 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-03-11 21:31 - 2016-03-11 21:32 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-03-11 21:31 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-11 21:31 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-11 21:31 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-11 21:20 - 2016-03-11 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-05 12:03 - 2016-03-05 12:03 - 00000000 ____D C:\Users\shag\AppData\Roaming\cerasus.media
2016-03-01 21:22 - 2016-03-01 16:25 - 03793920 _____ (IvoSoft) C:\Windows\SysWOW64\clientmon.exe
2016-03-01 21:12 - 2016-03-13 13:23 - 00003362 _____ C:\Windows\System32\Tasks\Search Filter Host
2016-03-01 21:12 - 2016-03-01 21:12 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Lazy Bear Games
2016-03-01 21:11 - 2016-03-12 17:51 - 00000000 _RSHD C:\ProgramData\274435
2016-03-01 21:11 - 2016-03-11 21:47 - 00000000 ____D C:\Users\shag\AppData\Local\IIIQF
2016-03-01 21:11 - 2016-03-01 21:11 - 00000006 ____S C:\ProgramData\cfc4764f3bbfae7c2c155456e0ae08a61242b9ff
2016-03-01 21:11 - 2016-03-01 21:11 - 00000000 ____D C:\Users\shag\AppData\Roaming\Windows
2016-03-01 21:11 - 2016-03-01 21:11 - 00000000 ____D C:\ProgramData\mia2477.tmp
2016-03-01 19:55 - 2016-03-01 19:55 - 00000000 ____D C:\ProgramData\dbdata
2016-02-29 20:27 - 2016-02-29 22:37 - 00000000 ____D C:\Users\shag\AppData\Roaming\Factorio
2016-02-29 20:26 - 2016-02-29 20:26 - 00000936 _____ C:\Users\shag\Desktop\Factorio v0.9.8.lnk
2016-02-25 08:09 - 2016-02-25 08:09 - 00000801 _____ C:\Users\Public\Desktop\Passbild-Generator.lnk
2016-02-25 08:09 - 2016-02-25 08:09 - 00000000 ____D C:\Users\shag\AppData\Local\_3_
2016-02-25 08:09 - 2016-02-25 08:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passbild-Generator
2016-02-23 21:01 - 2016-02-23 20:59 - 00110176 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2016-02-23 20:59 - 2016-02-23 21:01 - 00000000 ____D C:\Users\shag\.oracle_jre_usage
2016-02-23 20:59 - 2016-02-23 20:59 - 00000000 ____D C:\Users\shag\AppData\Roaming\Sun
2016-02-23 20:58 - 2016-02-23 20:58 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Oracle
2016-02-23 20:17 - 2016-02-23 21:09 - 00000000 ____D C:\Users\shag\.litwrl
2016-02-21 11:59 - 2016-02-21 11:59 - 00000000 ____D C:\Users\shag\Documents\DyingLight
2016-02-19 18:50 - 2016-02-19 18:50 - 00000000 ____D C:\Users\shag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-12 16:22 - 2016-02-12 16:22 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Google
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-03-13 13:50 - 2013-08-25 19:14 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
2016-03-13 13:41 - 2013-05-14 20:49 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-13 13:31 - 2009-07-14 05:45 - 00022848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-13 13:31 - 2009-07-14 05:45 - 00022848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-13 13:30 - 2009-07-14 18:58 - 00699416 _____ C:\Windows\system32\perfh007.dat
2016-03-13 13:30 - 2009-07-14 18:58 - 00149556 _____ C:\Windows\system32\perfc007.dat
2016-03-13 13:30 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-13 13:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-13 13:23 - 2013-05-14 20:49 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-13 13:23 - 2013-03-18 19:28 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-13 13:23 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-13 13:20 - 2015-08-21 09:34 - 00000000 ____D C:\Users\shag\AppData\Roaming\SoundSpectrum
2016-03-13 13:20 - 2015-08-21 09:34 - 00000000 ____D C:\Program Files (x86)\SoundSpectrum
2016-03-13 13:20 - 2015-06-10 22:13 - 00007859 _____ C:\Users\shag\AppData\Roaming\pcouffin.cat
2016-03-13 13:20 - 2015-06-10 22:13 - 00000000 ____D C:\Users\shag\AppData\Roaming\Vso
2016-03-13 13:20 - 2015-06-10 22:13 - 00000000 ____D C:\Program Files (x86)\vso
2016-03-13 13:18 - 2013-03-19 20:07 - 00000000 ____D C:\Users\shag\AppData\Roaming\UseNeXT
2016-03-13 13:16 - 2013-03-23 01:14 - 00000000 ____D C:\Users\shag\AppData\Roaming\Broad Intelligence
2016-03-13 13:16 - 2013-03-21 23:24 - 00000000 ____D C:\Users\shag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-03-13 13:05 - 2015-06-19 16:54 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
2016-03-13 12:57 - 2013-04-18 20:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-13 12:05 - 2015-06-19 16:54 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
2016-03-12 19:50 - 2013-08-25 19:14 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
2016-03-12 01:14 - 2015-12-06 19:16 - 00000000 ____D C:\Users\shag\Desktop\Spiele
2016-03-12 01:11 - 2016-01-03 15:42 - 00000000 ____D C:\Users\shag\AppData\Local\CrashDumps
2016-03-12 01:11 - 2013-03-21 22:46 - 00000000 ____D C:\Users\shag\AppData\Roaming\vlc
2016-03-11 22:57 - 2013-04-18 20:08 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-11 22:57 - 2013-03-18 20:25 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-11 22:57 - 2013-03-18 20:25 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-11 21:49 - 2014-11-23 19:32 - 00000000 ____D C:\Users\shag\AppData\Local\My Games
2016-03-11 21:49 - 2013-03-30 23:41 - 00000000 ____D C:\Users\shag\Documents\My Games
2016-03-11 21:49 - 2013-03-18 19:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-11 21:48 - 2015-12-30 20:54 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-11 21:47 - 2015-09-30 22:11 - 00000000 ____D C:\Users\shag\AppData\Roaming\Atari
2016-03-11 21:46 - 2015-03-13 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-03-11 21:46 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-11 21:30 - 2014-07-25 20:28 - 00242786 _____ C:\Windows\ntbtlog.txt
2016-03-11 21:17 - 2013-03-18 19:16 - 00000000 ____D C:\Users\shag
2016-03-11 21:10 - 2015-10-03 09:12 - 00000000 ____D C:\Users\Coco
2016-03-11 21:10 - 2015-06-10 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-03-11 21:10 - 2015-05-15 10:42 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-11 21:10 - 2014-10-05 15:49 - 00000000 ____D C:\Users\shag\AppData\Roaming\FreeArc
2016-03-11 21:10 - 2014-08-07 21:41 - 00000000 ____D C:\Users\Besuch
2016-03-11 21:10 - 2014-07-27 20:34 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-11 21:10 - 2014-02-10 20:00 - 00000000 ____D C:\Users\shag\AppData\Roaming\Battle.net
2016-03-11 21:10 - 2013-03-18 20:25 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\ProgramData\Avira
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\Program Files (x86)\Avira
2016-03-11 21:10 - 2009-07-14 19:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-11 21:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-03-11 20:21 - 2014-02-10 20:00 - 00000000 ____D C:\Users\shag\AppData\Local\Battle.net
2016-03-11 13:20 - 2015-11-15 18:24 - 00033792 _____ C:\Users\shag\Desktop\Finanzen.xls
2016-03-08 16:41 - 2015-11-20 18:45 - 00000000 ____D C:\Users\shag\.gimp-2.8
2016-03-01 19:10 - 2013-03-18 20:30 - 00000000 ___RD C:\Users\shag\Dropbox
2016-03-01 19:10 - 2013-03-18 20:29 - 00000000 ____D C:\Users\shag\AppData\Roaming\Dropbox
2016-02-28 10:10 - 2013-05-02 20:29 - 00000000 ____D C:\ProgramData\Origin
2016-02-25 08:15 - 2015-10-15 19:41 - 00013405 _____ C:\Windows\BRRBCOM.INI
2016-02-24 16:09 - 2015-11-09 18:52 - 00000498 _____ C:\Users\shag\Desktop\Coco.txt
2016-02-23 21:03 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Oracle
2016-02-23 21:02 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-02-23 21:02 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-23 21:02 - 2013-09-03 20:26 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-23 21:02 - 2013-03-18 20:28 - 00000000 ____D C:\Program Files\Java
2016-02-23 20:59 - 2015-03-13 18:22 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-02-21 11:44 - 2014-12-05 21:30 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-21 11:44 - 2014-12-05 21:30 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-18 10:22 - 2013-07-24 17:53 - 00000000 ____D C:\ProgramData\Battle.net
2016-02-18 08:09 - 2013-04-02 21:33 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-02-15 21:54 - 2015-01-12 18:27 - 00000000 ____D C:\Users\shag\AppData\Roaming\Mp3tag
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-10-14 03:44 - 2013-10-14 03:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2016-03-12 18:02 - 2016-03-01 16:25 - 3793920 _____ (IvoSoft) C:\Users\shag\AppData\Roaming\clientmon.exe
2016-03-13 13:20 - 2016-03-13 13:20 - 0099384 _____ () C:\Users\shag\AppData\Roaming\inst.exe
2015-06-10 22:13 - 2016-03-13 13:20 - 0007859 _____ () C:\Users\shag\AppData\Roaming\pcouffin.cat
2015-06-10 22:13 - 2016-03-13 13:20 - 0001167 _____ () C:\Users\shag\AppData\Roaming\pcouffin.inf
2015-06-10 22:13 - 2016-03-13 13:20 - 0000055 _____ () C:\Users\shag\AppData\Roaming\pcouffin.log
2016-03-13 13:20 - 2016-03-13 13:20 - 0082816 _____ (VSO Software) C:\Users\shag\AppData\Roaming\pcouffin.sys
2014-10-05 15:03 - 2014-10-05 15:03 - 0004096 _____ (Microsoft) C:\Users\shag\AppData\Roaming\Microsoft\1.exe
2014-10-05 15:01 - 2014-11-23 18:21 - 0004096 _____ (Microsoft) C:\Users\shag\AppData\Roaming\Microsoft\Setupx.exe
2014-10-05 15:05 - 2014-10-05 15:10 - 0004096 _____ (Microsoft) C:\Users\shag\AppData\Roaming\Microsoft\svchost.exe
2013-06-04 20:34 - 2015-06-13 17:45 - 0014848 _____ () C:\Users\shag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-02 16:18 - 2015-06-02 16:21 - 0585728 _____ () C:\Users\shag\AppData\Local\file__0.localstorage
2015-11-20 18:47 - 2015-11-20 18:47 - 0000819 _____ () C:\Users\shag\AppData\Local\recently-used.xbel
2013-03-18 19:55 - 2015-05-27 19:39 - 0007649 _____ () C:\Users\shag\AppData\Local\resmon.resmoncfg
2016-03-01 21:11 - 2016-03-01 21:11 - 0000006 ____S () C:\ProgramData\cfc4764f3bbfae7c2c155456e0ae08a61242b9ff
2016-03-12 17:34 - 2016-03-12 17:52 - 0001625 _____ () C:\ProgramData\XML
Einige Dateien in TEMP:
====================
C:\Users\Besuch\AppData\Local\Temp\avgnt.exe
C:\Users\Coco\AppData\Local\Temp\avgnt.exe
C:\Users\shag\AppData\Local\Temp\avgnt.exe
C:\Users\shag\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl1ceez.dll
C:\Users\shag\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\shag\AppData\Local\Temp\nvStInst.exe
C:\Users\shag\AppData\Local\Temp\rldfw32_s18g.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s1hc.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s25k.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s2dg.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s2t0.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s3hs.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s5r0.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s6d8.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s6lg.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s6os.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s90.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_sl4.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s1ak.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s3lo.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s3rk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s4gk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s4lc.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s57o.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s58o.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s5kk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s5qk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s5ss.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s6gk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s6og.dll
C:\Users\shag\AppData\Local\Temp\sqlite3.dll
C:\Users\shag\AppData\Local\Temp\svhost.exe
C:\Users\shag\AppData\Local\Temp\_is3AAF.exe
C:\Users\shag\AppData\Local\Temp\_is4481.exe
C:\Users\shag\AppData\Local\Temp\_isA517.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-03-12 15:55
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von shag (2016-03-13 13:53:01)
Gestartet von C:\Users\shag\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-03-18 18:16:49)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2443269024-3109390385-3364977999-500 - Administrator - Disabled)
Coco (S-1-5-21-2443269024-3109390385-3364977999-1008 - Administrator - Enabled) => C:\Users\Coco
Gast (S-1-5-21-2443269024-3109390385-3364977999-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2443269024-3109390385-3364977999-1004 - Limited - Enabled)
shag (S-1-5-21-2443269024-3109390385-3364977999-1000 - Administrator - Enabled) => C:\Users\shag
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Age of Conan: Hyborian Adventures (HKLM-x32\...\Age of Conan_is1) (Version: - Funcom)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: - Gameforge)
Anno 2205 (HKLM-x32\...\Uplay Install 1253) (Version: - Ubisoft)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Photo Commander 10 v.10.0.1 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.0.1 - Ashampoo GmbH & Co. KG)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2002861294.48.56.34082026 - Audible, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.141 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BDE Information Utility (HKLM-x32\...\BDE Information Utility) (Version: - InterBase Installation Info (and BDE Information Utility))
Blender (HKLM\...\{BBE9D9F0-3F77-4E26-9E10-1AFB56D41363}) (Version: 2.76.0 - Blender Foundation)
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J5320DW (HKLM-x32\...\{7FC49664-DAA4-4E7C-ADD0-614ABB43691B}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.20.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.2.17437 - Landesfinanzdirektion Thüringen)
ElsterFormular 2006/2007 (HKLM-x32\...\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}) (Version: 8.2.1.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2007/2008 (HKLM-x32\...\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}) (Version: 9.2.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2008/2009 (HKLM-x32\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.0.0.0 - Steuerverwaltung des Bundes und der Länder)
EuCaSoft 4.4.0.4377 (HKLM-x32\...\EuCaSoft_is1) (Version: - itas GmbH)
FFB Racing Wheel drivers (HKLM-x32\...\{28B758EA-5C83-48B1-B352-C70F12C73F5A}) (Version: 3.TTRS.2014 - Thrustmaster)
FreeArc 0.666 (HKLM-x32\...\FreeArc) (Version: 0.666 - Bulat Ziganshin)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge)
Geeks3D FurMark 1.13.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0512 - iRacing.com Motorsport Simulations)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java SE Development Kit 7 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Java SE Development Kit 8 Update 73 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180730}) (Version: 8.0.730.2 - Oracle Corporation)
JetDrive (HKLM-x32\...\JetDrive_is1) (Version: 6.11 - Abelssoft)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MechWarrior Online (HKLM-x32\...\{9f17023b-d04f-432b-b08a-3bb4c3a7ed3c}) (Version: 1.6.0.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.6.1.0 - Piranha Games Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mosaizer Pro v12.0 (HKLM-x32\...\Mosaizer Pro_is1) (Version: 12.0 - APP Helmond)
Mozilla Firefox 19.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 19.0.2 (x86 de)) (Version: 19.0.2 - Mozilla)
Mozilla Firefox 44.0.2 (x86 de) (HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 19.0.2 - Mozilla)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Next Car Game Free Technology Demo (HKLM-x32\...\Next Car Game Free Technology Demo) (Version: - Bugbear Entertainment)
NoLimits 2 Demo (remove only) (HKLM\...\NoLimits 2 Demo) (Version: - )
NoLimits Coasters 1.8 (remove only) (HKLM-x32\...\NoLimits Coasters full) (Version: - )
Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Treiber 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Passbild-Generator v4.0a (HKLM-x32\...\Passbild-Generator_is1) (Version: - Passbild-Generator)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version: - ) Hidden
Sentinel System Driver Installer 7.5.1 (HKLM-x32\...\{BF9E346B-5ECE-4A18-9510-55729FD08323}) (Version: 7.5.1 - SafeNet, Inc.)
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.0.115 - MSI)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.43148 - TeamViewer)
The Witcher 3: Wild Hunt - Alternative Look for Ciri (HKLM-x32\...\Alternative Look for Ciri_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Alternative Look for Triss (HKLM-x32\...\Alternative Look for Triss_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Alternative Look for Yennefer (HKLM-x32\...\Alternative Look for Yennefer_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Ballad Heroes - Neutral Gwent Card Set (HKLM-x32\...\Ballad Heroes - Neutral Gwent Card Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Elite Crossbow Set (HKLM-x32\...\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Finisher Animations (HKLM-x32\...\New Finisher Animations_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract - Skellige's Most Wanted (HKLM-x32\...\New Quest - Contract: Skellige's Most Wanted_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Fool's Gold (HKLM-x32\...\New Quest - Fool's Gold_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Scavenger Hunt - Wolf School Gear (HKLM-x32\...\New Quest - Scavenger Hunt: Wolf School Gear_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Where the Cat and Wolf Play... (HKLM-x32\...\New Quest - Where the Cat and Wolf Play..._is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Nilfgaardian Armor Set (HKLM-x32\...\Nilfgaardian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Skellige Armor Set (HKLM-x32\...\Skellige Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
War Thunder Launcher 1.0.1.278 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - 2013 Gaijin Entertainment Corporation)
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.116 - MSI)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> d:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {2DDE40A1-B5C9-4E30-B49A-056A855363D0} - System32\Tasks\Search Filter Host => C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.exe [2016-03-01] (IvoSoft)
Task: {5CDC7D13-A92F-4C6A-9037-DFA121DFEAA2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {6167180D-AC7E-4C68-8CC9-023DBC147E37} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {6EB11A62-09BE-4E9B-83D4-6A882DE1ED34} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {8497BBEE-475E-4265-AAA8-F224139C7BA0} - System32\Tasks\Super Charger => C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe [2011-07-06] (MSI)
Task: {C5C53FF5-B82F-4F17-AE3C-81D0F93E55D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DB2708DA-72B3-456B-A231-CAA7741EFF08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-11] (Adobe Systems Incorporated)
Task: {DBCDFCAF-D9E9-40F1-AF62-1F1C50B250EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {E4737B22-8F2C-4315-9743-9053915C8DBA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {EC19B7C3-4AAF-4DEF-9968-077FFE35F30A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {EC4FE598-9EC1-4664-A6F2-59D0338E59D0} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {F854E768-B92F-45F6-9F15-D807D339052F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-07-30 10:04 - 2015-12-16 15:53 - 00126072 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-30 20:54 - 2015-12-09 02:52 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-10-15 19:40 - 2005-04-22 05:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2013-05-31 20:12 - 2015-02-10 14:08 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
2013-03-18 19:24 - 2011-11-10 18:01 - 00506384 _____ () C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
2015-05-15 09:45 - 2015-12-09 02:53 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-05-31 20:12 - 2015-02-18 13:11 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2014-08-17 13:48 - 00001055 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 acdid.acdsystems.com
127.0.0.1 activate.adobe.com
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\shag\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupreg: Super-Charger => C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{6B1F38FA-F6F9-4ABD-B206-E8C90B977830}] => (Allow) C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B7325FFE-3ADA-4DA1-9DE8-3A2DCA7F5A3B}] => (Allow) C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{07D86DA9-61A3-47CB-B1A6-0513D4F06B65}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FDD9CBBE-0ABD-4667-9596-44E879C79778}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{86E3BE82-CA85-440E-B4B2-B2664B446D92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{11DDDDE2-F308-40AF-8D9D-0E2072E70150}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3163EBD-DDB7-4275-AC6D-8C732590173F}] => (Block) %ProgramFiles% (x86)\SQUARE ENIX\Tombraider\TombRaider.exe
FirewallRules: [TCP Query User{73C838EF-603A-4CF2-A23E-2041E1CFCD82}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{E71ACD03-DA48-431D-949F-BF986E2AC015}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [{4BBC53DD-4D5D-4C50-B909-22E10583A056}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{469D4751-7DFA-4A7C-B361-434CEB6A5A81}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{5BB1082F-2E2D-4EE6-944B-DC344AA5B470}C:\eucasoft\meta.exe] => (Allow) C:\eucasoft\meta.exe
FirewallRules: [UDP Query User{A2668BF5-70B4-4A1E-BDF8-5AB545E14AD3}C:\eucasoft\meta.exe] => (Allow) C:\eucasoft\meta.exe
FirewallRules: [TCP Query User{E3CEC154-48F6-4462-86A3-FA11B8C6E49A}C:\eucasoft\eucasoft.exe] => (Allow) C:\eucasoft\eucasoft.exe
FirewallRules: [UDP Query User{6ABB59E9-B8AC-4332-BD91-82B6FA02BCBC}C:\eucasoft\eucasoft.exe] => (Allow) C:\eucasoft\eucasoft.exe
FirewallRules: [TCP Query User{C38681B1-F9C5-4091-9454-BB9C91B9C217}C:\eucasoft\eucaprn.exe] => (Allow) C:\eucasoft\eucaprn.exe
FirewallRules: [UDP Query User{B68FAD45-EBB9-418D-9418-289EC845D24E}C:\eucasoft\eucaprn.exe] => (Allow) C:\eucasoft\eucaprn.exe
FirewallRules: [TCP Query User{3DC74B91-28FD-420E-AD76-7684D5631DE6}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [UDP Query User{E199CF05-61AE-482C-ADCD-46BC0D125AF6}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [TCP Query User{36345DBD-FF4D-463E-947F-2FB5E8F97CE1}E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe] => (Block) E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe
FirewallRules: [UDP Query User{3C8D0343-259F-44B4-9BF4-9116E1EDCF55}E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe] => (Block) E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe
FirewallRules: [TCP Query User{4A3487F5-0DF9-465C-859C-B2E3CB28767D}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{D243A6A0-89AA-47B7-8C5F-EE81A220C3CB}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{D746F088-F43E-4AD9-9FD0-782FFFF44266}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{C1409997-93DC-4B19-8C85-BE34ADE9EC79}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{BB497C68-00F8-4212-B457-64BD9CE73233}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{8D7CAD06-081F-4293-9AFA-A574B67C0766}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{68094F16-F5E3-4BFE-B7E7-0086A112EDFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1D18F698-41EF-4FF1-B72D-D7D764974717}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CF8BFAAF-E0E6-4FBE-9260-2B26188DFB50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{697C2CFB-27E5-4A1B-83B2-D908CF8D0F1F}D:\program files (x86)\rayman legends\rayman legends.exe] => (Block) D:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{4415CC36-28EC-477F-8CA5-84335AD7A691}D:\program files (x86)\rayman legends\rayman legends.exe] => (Block) D:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [{E3D7CB83-5E5C-47E5-8FE7-0E543DEF0773}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{763A8944-677E-40D8-A3BF-36F032CAE895}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DC6F0895-BCFA-477C-8FAA-6D8FAE970845}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{2527224D-47C0-479D-A667-612AF086AD65}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [TCP Query User{D6BCEDD8-4D78-4A28-8B5E-6D6A755083BE}D:\program files (x86)\warthunder\aces.exe] => (Allow) D:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{018EDE3C-20A5-4DEC-83DC-A0F4035CA4F3}D:\program files (x86)\warthunder\aces.exe] => (Allow) D:\program files (x86)\warthunder\aces.exe
FirewallRules: [{E89F95BB-3F00-4592-BF46-D7A0247E3238}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A453AEC4-A7B7-4DA7-B840-7087754DDBF5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AD67C548-8E7C-40B0-A74F-BA65ACD252C3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rush\rush.exe
FirewallRules: [{1B6D63C6-DF1F-46D9-944A-4534CF00CE52}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rush\rush.exe
FirewallRules: [{90FC0048-BB3C-42A3-838C-93D2305165A5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{D2515F04-7392-4710-8C0B-11C44D9D5051}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{7EAC378D-BC60-44E4-8D20-97726450695B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{CA140986-66FC-4FD1-BD7B-4C731BA13B0D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{E6B3BB6E-1BC0-4659-A1C4-0E907310097A}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A5024DE2-F094-4A6B-B3CE-205B577386AF}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{928EC490-B5EE-4BC5-B83D-0877319F5188}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{18A7466B-1BA1-4EBA-8E1D-2AF3988F32B8}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{596BBFE3-EC8B-41A2-896B-BFC6212DD615}] => (Allow) D:\Program Files (x86)\OriginGames\Dead Space\Dead Space.exe
FirewallRules: [{482F736C-0431-441B-892B-ADD6495FE0B5}] => (Allow) D:\Program Files (x86)\OriginGames\Dead Space\Dead Space.exe
FirewallRules: [TCP Query User{3AC563F9-56E0-4D00-AA38-E94904A971D9}D:\program files (x86)\valve\portal 2\portal2.exe] => (Block) D:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [UDP Query User{CE925544-FD60-47B6-9BB2-776A0331FDBA}D:\program files (x86)\valve\portal 2\portal2.exe] => (Block) D:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [TCP Query User{5B653E1C-7A11-48EC-9DBE-A5A6CB0BE297}D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{CFFFAA87-8C93-421C-9379-BEC740574581}D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [TCP Query User{6F9B727C-9EFD-4404-AA37-4AD93A12B836}D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe
FirewallRules: [UDP Query User{C2D99373-F636-44F6-95F8-91527CB4F5C9}D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe
FirewallRules: [TCP Query User{C542631D-D296-4DD5-A464-85B3CB755448}D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe] => (Block) D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe
FirewallRules: [UDP Query User{3EE0E562-25EE-4679-B1F2-206503432AD1}D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe] => (Block) D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe
FirewallRules: [TCP Query User{B78239F5-94BD-4F90-9F9B-BBE7B1F4F294}D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [UDP Query User{BAB1384F-46C8-4EA3-8AE8-F8FDC3DC2678}D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [{6A8DAA67-50D6-4693-9A05-E987BE0BC205}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{F1084AB7-A049-4C1E-A87E-69EA97D45F5A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [TCP Query User{10A90911-6943-486F-B637-EBF581F06F38}D:\program files (x86)\tera\tera-launcher.exe] => (Allow) D:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [UDP Query User{578E97A2-CE4F-4099-B0C8-66F332017191}D:\program files (x86)\tera\tera-launcher.exe] => (Allow) D:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [{66D14BBE-0EA6-415C-9ECD-21364CA004B2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{3E85FEBD-4AEB-45AF-BDAC-E6C9F4F5702D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{69287390-3691-457C-A38B-CC9337E9E2A5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{E7240E72-D750-43AC-91CA-09B8B47924DF}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{5FC65538-FA6D-49E2-89F9-6FCDEE0078BD}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{1D9830DA-43E2-45B8-BC15-4DB65EB7890C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{F600BCAF-ADBB-4F5D-B30B-9316781C151B}C:\users\shag\appdata\local\temp\gw2.exe] => (Allow) C:\users\shag\appdata\local\temp\gw2.exe
FirewallRules: [UDP Query User{41FA0A67-7849-47E9-8705-46E3EE198D57}C:\users\shag\appdata\local\temp\gw2.exe] => (Allow) C:\users\shag\appdata\local\temp\gw2.exe
FirewallRules: [TCP Query User{A3884C3A-1703-41EC-ABE3-45DD9E7CE962}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{78536A0E-367B-49EF-BC0A-2FA83E57D071}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{0F3E8BC1-14C2-481A-98AB-B244B4F084C5}D:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) D:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{BA93D511-5C13-403C-BFB6-40893AF03417}D:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) D:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [{EBFA0E67-670C-4DF3-A88E-B4A8DDF8AA98}] => (Allow) D:\Program Files (x86)\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [{C269B6F7-1883-40EB-B878-9EF8A9EB172E}] => (Allow) D:\Program Files (x86)\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [TCP Query User{D889D8F7-55CC-445A-8E3E-C0B52B5CDF93}D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Block) D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [UDP Query User{46EE6606-D08C-4C75-ACF2-6CEB161D465F}D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Block) D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [TCP Query User{52DC2877-88F2-42CC-A0CA-E3979AC92D06}D:\program files (x86)\ubisoft\driver san francisco\driver.exe] => (Block) D:\program files (x86)\ubisoft\driver san francisco\driver.exe
FirewallRules: [UDP Query User{4B4DB25B-416E-4147-A842-D107757F7375}D:\program files (x86)\ubisoft\driver san francisco\driver.exe] => (Block) D:\program files (x86)\ubisoft\driver san francisco\driver.exe
FirewallRules: [TCP Query User{65ADDC17-D41E-43CF-8F91-0D1A5E64D260}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [UDP Query User{4FCCBC6A-ECB2-4D49-A0C7-06AA70EDCD31}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [TCP Query User{4727CA4A-F3CF-4D4C-BE94-77013DB3E561}D:\gog games\oddworld - new 'n' tasty\nnt.exe] => (Block) D:\gog games\oddworld - new 'n' tasty\nnt.exe
FirewallRules: [UDP Query User{16F3CC54-81C2-4D68-AC5B-A5F110F39B09}D:\gog games\oddworld - new 'n' tasty\nnt.exe] => (Block) D:\gog games\oddworld - new 'n' tasty\nnt.exe
FirewallRules: [{1EDBCBD6-77FE-4354-AFC1-82B6EEF9C166}] => (Allow) d:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{E95D1DBC-A572-4898-977A-09355E2080D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B6D7FDC2-79E5-443F-B573-ADBE5AE02395}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CC4C363A-92C1-483D-A1F8-D8D10344E52C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{09E746F3-3FA8-46A1-8D39-D2FAA689C686}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{20DEB04C-991B-4CE0-BF6E-832CFE776471}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{318028F5-A87E-4579-9378-43E2C20672BB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{2E5D2FF7-7055-42A5-BA32-6F6F01B54240}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{AA87FFA5-9C61-4FAA-8885-C7C06558CA9F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{F99BA5FE-DD38-41F4-A72E-CE7D43AD47E6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{CBF93050-29C7-4CAA-9A0D-5ED1DD81E6EB}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{52E17C41-63A9-4BE2-8174-4167278F4903}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3BEA036E-82D0-4D77-920E-8482907A261F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{5EA49FF2-A58C-43FF-A927-0A95BC6FCD49}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{60D3597B-38BF-4726-B37B-D84C6033C47A}] => (Allow) D:\Program Files (x86)\OriginGames\SimCity\SimCity\SimCity.exe
FirewallRules: [{FF9D86C5-9E1C-4141-A59B-AAA7CF001273}] => (Allow) D:\Program Files (x86)\OriginGames\SimCity\SimCity\SimCity.exe
FirewallRules: [{0EA73370-3A10-4766-A12F-38F0627859C8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F72DC3C7-0503-41A5-9041-0B676C1641F6}] => (Allow) d:\Program Files (x86)\Brother\Brmfl14e\FAXRX.EXE
FirewallRules: [{2DEEF5AC-1862-4BFF-85D2-38570B129251}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{28C6BC4A-6416-4AB8-9D95-58BFF751A037}D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Block) D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
FirewallRules: [UDP Query User{A3AB2A72-C4C0-4F06-A7EE-35C0A00F8240}D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Block) D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
FirewallRules: [TCP Query User{148864F7-C1E4-43C7-8550-2BD665282F51}D:\program files (x86)\the beginner's guide\beginnersguide.exe] => (Block) D:\program files (x86)\the beginner's guide\beginnersguide.exe
FirewallRules: [UDP Query User{C2EF76C4-BCF3-48FB-B86F-7B9BA0048225}D:\program files (x86)\the beginner's guide\beginnersguide.exe] => (Block) D:\program files (x86)\the beginner's guide\beginnersguide.exe
FirewallRules: [{8D43ABC5-5B12-4069-A956-405E2BDADA0D}] => (Allow) C:\Program Files (x86)\Ubisoft\Anno 2205\Bin\Win64\Anno2205.exe
FirewallRules: [TCP Query User{94CB0C90-4707-4792-A2D5-C25AF29D2469}D:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) D:\program files (x86)\funcom\age of conan\conanpatcher.exe
FirewallRules: [UDP Query User{97F8F9D2-7879-4A76-8105-5F4D34C015FA}D:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) D:\program files (x86)\funcom\age of conan\conanpatcher.exe
FirewallRules: [TCP Query User{99C24D58-9BFA-4554-9E71-00D636CD7E73}D:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconan.exe
FirewallRules: [UDP Query User{4047640F-E7E9-40FE-BA37-92EA829E5E29}D:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconan.exe
FirewallRules: [TCP Query User{427ECFE4-217A-4173-992A-9C438892908B}D:\program files (x86)\funcom\age of conan\ageofconandx10.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconandx10.exe
FirewallRules: [UDP Query User{156CF8DA-5855-45EC-BB9D-FF170F6A355E}D:\program files (x86)\funcom\age of conan\ageofconandx10.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconandx10.exe
FirewallRules: [{64B10E9D-6428-4CFA-90EB-011BF57188B4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{703D5913-0510-4C51-8CD3-10C7E1EA0EE6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A37ABBA-07A0-432C-BCD4-096215DA9189}] => (Allow) D:\Program Files\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{9794E91D-9859-47DE-B442-972C8D67A12B}] => (Allow) D:\Program Files\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{E3EB6327-951D-427C-962D-A9D15D80D3BC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{056185A1-5BA0-4BD6-A258-82BA88A67103}D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe] => (Block) D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe
FirewallRules: [UDP Query User{0E5A04DE-1325-45DA-9DA5-912070B8C4F0}D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe] => (Block) D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe
==================== Wiederherstellungspunkte =========================
14-02-2013 01:40:44 Windows Update
14-02-2013 03:00:19 Windows Update
17-03-2013 17:59:43 Removed Java(TM) 6 Update 39
17-03-2013 18:02:58 Installed Java 7 Update 17
17-03-2013 18:20:27 Windows Update
11-03-2016 21:47:57 Removed RollerCoaster Tycoon® 3
12-03-2016 17:51:16 JRT Pre-Junkware Removal
13-03-2016 12:42:33 Removed Adobe Photoshop Lightroom 4.4 64-bit.
13-03-2016 13:17:48 Entfernt Railroad Tycoon 3
13-03-2016 13:19:16 Voodoo Chronicles wurde entfernt.
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: AODDriver4.01
Description: AODDriver4.01
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.01
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/13/2016 01:23:23 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (03/13/2016 09:54:38 AM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (03/12/2016 05:42:08 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (03/12/2016 02:37:45 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (03/12/2016 01:11:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a6a196
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ac04
ID des fehlerhaften Prozesses: 0x1210
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Error: (03/12/2016 12:11:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a6a196
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ac04
ID des fehlerhaften Prozesses: 0xefc
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Error: (03/11/2016 09:48:36 PM) (Source: MsiInstaller) (EventID: 1024) (User: shag-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F0A4E5C00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (03/11/2016 09:35:59 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (03/11/2016 09:18:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws.exe, Version: 1.1.56.9119, Zeitstempel: 0x56a8ec36
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a69ec4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x16c4
Startzeit der fehlerhaften Anwendung: 0xavira_de_av_56e31e2f28336__ws.exe0
Pfad der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws.exe1
Pfad des fehlerhaften Moduls: avira_de_av_56e31e2f28336__ws.exe2
Berichtskennung: avira_de_av_56e31e2f28336__ws.exe3
Error: (03/11/2016 09:17:18 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Systemfehler:
=============
Error: (03/13/2016 01:23:33 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%303.
Error: (03/13/2016 01:23:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (03/13/2016 01:23:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Email-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (03/13/2016 01:23:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (03/13/2016 01:23:22 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Planer" wurde mit folgendem dienstspezifischem Fehler beendet: %%305.
Error: (03/13/2016 09:54:48 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%303.
Error: (03/13/2016 09:54:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (03/13/2016 09:54:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Email-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (03/13/2016 09:54:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (03/13/2016 09:54:37 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Planer" wurde mit folgendem dienstspezifischem Fehler beendet: %%305.
==================== Speicherinformationen ===========================
Prozessor: AMD Phenom(tm) II X4 965 Processor
Prozentuale Nutzung des RAM: 32%
Installierter physikalischer RAM: 8178.14 MB
Verfügbarer physikalischer RAM: 5549.96 MB
Summe virtueller Speicher: 14176.34 MB
Verfügbarer virtueller Speicher: 11668.89 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:9.71 GB) NTFS
Drive d: (Programme) (Fixed) (Total:833.85 GB) (Free:259.51 GB) NTFS
Drive e: (Safe) (Fixed) (Total:1863.01 GB) (Free:4.93 GB) NTFS
Drive f: (Daten) (Fixed) (Total:208.46 GB) (Free:12.35 GB) NTFS
Drive g: (Win7) (Fixed) (Total:97.56 GB) (Free:16.33 GB) NTFS
Drive h: (WinXP) (Fixed) (Total:24.41 GB) (Free:1.13 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive i: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: B45C1AEF)
Partition 2: (Active) - (Size=1863 GB) - (Type=05)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C68DC68D)
Partition 1: (Active) - (Size=24.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=208.5 GB) - (Type=OF Extended)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 90486699)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AFD27FD7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
14.03.2016, 06:55
| #8 |
| /// TB-Ausbilder | Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht Servus, Schritt x Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
C:\Windows\system32\Drivers\etc\hosts
Hosts:
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\clientmon.exe" [X]
IFEO\AvastSvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\AvastUI.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avcenter.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avconfig.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgidsagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgrsx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.ServiceHost.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.Systray.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.SystrayStartTrigger.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avp.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\bdagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\blindman.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ccuac.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ComboFix.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\egui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\gsam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\hijackthis.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\instup.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\keyscrambler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbampt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamservice.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mcapexe.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mcuicnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MSASCui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MsMpEng.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\msseces.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\rstrui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDFiles.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDMain.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDWinSec.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\spybotsd.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\update.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\wireshark.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\zlclient.exe: [Debugger] C:\Windows\System32\svchost.exe
Unlock: C:\ProgramData\274335
C:\ProgramData\274335
C:\Users\shag\AppData\Local\IIIQF
C:\ProgramData\cfc4764f3bbfae7c2c155456e0ae08a61242b9ff
C:\ProgramData\mia2477.tmp
C:\Users\shag\AppData\Roaming\Microsoft\svchost.exe
C:\Users\shag\AppData\Roaming\Microsoft\Setupx.exe
C:\Users\shag\AppData\Roaming\Microsoft\1.exe
C:\Users\shag\AppData\Roaming\inst.exe
Folder: C:\Users\shag\AppData\Roaming\Windows
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
14.03.2016, 19:28
| #9 |
| | Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht Schritt 1 - Fixlog.txt Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von shag (2016-03-14 18:17:25) Run:1
Gestartet von C:\Users\shag\Desktop
Geladene Profile: shag (Verfügbare Profile: shag & Coco)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
C:\Windows\system32\Drivers\etc\hosts
Hosts:
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\clientmon.exe" [X]
IFEO\AvastSvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\AvastUI.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avcenter.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avconfig.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgidsagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgrsx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.ServiceHost.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.Systray.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.SystrayStartTrigger.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avp.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\bdagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\blindman.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ccuac.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ComboFix.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\egui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\gsam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\hijackthis.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\instup.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\keyscrambler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbampt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamservice.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mcapexe.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mcuicnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MSASCui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MsMpEng.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\msseces.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\rstrui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDFiles.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDMain.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDWinSec.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\spybotsd.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\update.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\wireshark.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\zlclient.exe: [Debugger] C:\Windows\System32\svchost.exe
Unlock: C:\ProgramData\274335
C:\ProgramData\274335
C:\Users\shag\AppData\Local\IIIQF
C:\ProgramData\cfc4764f3bbfae7c2c155456e0ae08a61242b9ff
C:\ProgramData\mia2477.tmp
C:\Users\shag\AppData\Roaming\Microsoft\svchost.exe
C:\Users\shag\AppData\Roaming\Microsoft\Setupx.exe
C:\Users\shag\AppData\Roaming\Microsoft\1.exe
C:\Users\shag\AppData\Roaming\inst.exe
Folder: C:\Users\shag\AppData\Roaming\Windows
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************
Prozess erfolgreich geschlossen.
C:\Windows\system32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Wert erfolgreich wiederhergestellt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Avira.ServiceHost.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Avira.Systray.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Avira.SystrayStartTrigger.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\blindman.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\gsam.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mcapexe.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mcuicnt.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDFiles.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDMain.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDWinSec.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\update.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe" => Schlüssel erfolgreich entfernt
"C:\ProgramData\274335" => wurde entsperrt
C:\ProgramData\274335 => erfolgreich verschoben
C:\Users\shag\AppData\Local\IIIQF => erfolgreich verschoben
C:\ProgramData\cfc4764f3bbfae7c2c155456e0ae08a61242b9ff => erfolgreich verschoben
C:\ProgramData\mia2477.tmp => erfolgreich verschoben
C:\Users\shag\AppData\Roaming\Microsoft\svchost.exe => erfolgreich verschoben
C:\Users\shag\AppData\Roaming\Microsoft\Setupx.exe => erfolgreich verschoben
C:\Users\shag\AppData\Roaming\Microsoft\1.exe => erfolgreich verschoben
C:\Users\shag\AppData\Roaming\inst.exe => erfolgreich verschoben
========================= Folder: C:\Users\shag\AppData\Roaming\Windows ========================
2016-03-01 21:11 - 2016-03-01 21:11 - 0000000 ____D () C:\Users\shag\AppData\Roaming\Windows\Applications
2016-03-01 21:11 - 2016-03-11 21:10 - 0000000 ____D () C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex
2016-03-01 21:11 - 2016-03-01 21:11 - 0352218 _____ () C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.7z
2016-03-01 21:11 - 2016-03-01 16:25 - 3793920 _____ (IvoSoft) C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.exe
====== Ende von Folder: ======
========= RemoveProxy: =========
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl�sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.
========= Ende von CMD: =========
EmptyTemp: => 2.8 GB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 18:17:47 ====
Code:
ATTFilter # AdwCleaner v5.101 - Bericht erstellt am 14/03/2016 um 18:22:56
# Aktualisiert am 07/03/2016 von Xplode
# Datenbank : 2016-03-14.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : shag - SHAG-PC
# Gestartet von : C:\Users\shag\Desktop\AdwCleaner_5.101.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2429 Bytes] - [12/03/2016 17:40:41]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C2].txt - [984 Bytes] - [14/03/2016 18:22:56]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [2062 Bytes] - [12/03/2016 17:39:31]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [1043 Bytes] - [14/03/2016 18:21:56]
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C2].txt - [1262 Bytes] ##########
Geht immer noch nicht. War schon installiert bei mir. Lässt sich aber nicht starten. Deinstallieren und neu installieren funktioniert nicht. Fehlermeldung bei Installation: Interner Fehler: Expression error 'Runtime Error (at112:109): (muss sehr oft weggeklickt werden). Dann kommt noch die Fehlermeldung: CreateFile schlug fehl; Code 80. Die Datei ist vorhanden. Schritt 4 - FRST FRST.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von shag (Administrator) auf SHAG-PC (14-03-2016 18:37:24)
Gestartet von C:\Users\shag\Desktop
Geladene Profile: shag (Verfügbare Profile: shag & Coco)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) D:\Program Files (x86)\iRacing\iRacingService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Thrustmaster®) D:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\agcp.exe
(IvoSoft) C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7512680 2011-10-25] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-09] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {6734fc30-9002-11e2-851a-8c89a5c2e538} - K:\setup.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {ccf4559d-4ca0-11e4-b1b1-8c89a5c2e538} - K:\setup.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {ddc22528-591b-11e3-8b61-8c89a5c2e538} - L:\ting.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\Winlogon: [Shell] explorer.exe,"C:\Users\shag\AppData\Roaming\clientmon.exe" <==== ACHTUNG
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-30] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-05-31]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{64956C90-8573-4570-AE9E-9C6059173262}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Session Restore: -> ist aktiviert.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-11] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\shag\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @talk.google.com/O1DPlugin -> C:\Users\shag\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @tools.google.com/Google Update;version=3 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @tools.google.com/Google Update;version=9 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\shag\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\shag\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Avira Browser Safety - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\abs@avira.com [2016-02-19]
FF Extension: leethax.net extension - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\leethax@leethax.net.xpi [2014-02-08] [ist nicht signiert]
FF Extension: Move Media Player - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\moveplayer@movenetworks.com [2013-03-18] [ist nicht signiert]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-03-18] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-15] [ist nicht signiert]
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR Profile: C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-27]
CHR Extension: (Google Docs) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-27]
CHR Extension: (Google Drive) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-27]
CHR Extension: (Google-Suche) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Tabellen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-27]
CHR Extension: (Avira Browserschutz) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-07]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-27]
CHR Extension: (Google Mail) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-27]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]
S3 GalaxyClientService; D:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-11-13] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7220792 2016-02-11] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-09] (NVIDIA Corporation)
R2 iRacingService; D:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-12] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-09] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-09] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-28] (Electronic Arts)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145736 2013-08-15] (Nuance Communications, Inc.)
R2 tmInstall; d:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [45296 2014-07-22] (Thrustmaster®)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2013-12-19] (Advanced Micro Devices) [Datei ist nicht signiert]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2016-02-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 cancel; C:\Program Files (x86)\MSI\Super-Charger\cancel_64.sys [16184 2010-05-21] (Windows (R) Win 7 DDK provider)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [37248 2012-05-22] (Abelssoft GmbH)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [34528 2013-05-16] (Windows (R) Win 7 DDK provider)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-10-05] (Duplex Secure Ltd.)
S3 tmhidusb; C:\Windows\System32\DRIVERS\tmhidusb.sys [166640 2014-07-22] (Thrustmaster)
R2 zntport64; C:\EuCaSoft\zntport64.sys [13880 2007-12-22] (Zeal SoftStudio)
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 cpuz130; \??\C:\Users\shag\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 NTIOLib_1_0_4; \??\d:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\J:\NTIOLib_X64.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-03-14 18:19 - 2016-03-14 18:19 - 00000000 ____D C:\ProgramData\274335
2016-03-14 18:17 - 2016-03-14 18:17 - 00011543 _____ C:\Users\shag\Desktop\Fixlog.txt
2016-03-13 13:20 - 2016-03-13 13:20 - 00082816 _____ (VSO Software) C:\Users\shag\AppData\Roaming\pcouffin.sys
2016-03-12 18:02 - 2016-03-01 16:25 - 03793920 _____ (IvoSoft) C:\Users\shag\AppData\Roaming\clientmon.exe
2016-03-12 17:54 - 2016-03-14 18:37 - 00020172 _____ C:\Users\shag\Desktop\FRST.txt
2016-03-12 17:54 - 2016-03-13 13:53 - 00058472 _____ C:\Users\shag\Desktop\Addition.txt
2016-03-12 17:52 - 2016-03-12 17:52 - 00005224 _____ C:\Users\shag\Desktop\JRT.txt
2016-03-12 17:48 - 2016-03-12 17:48 - 01609216 _____ (Malwarebytes) C:\Users\shag\Desktop\JRT.exe
2016-03-12 17:39 - 2016-03-14 18:22 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-12 17:37 - 2016-03-14 18:21 - 01524224 _____ C:\Users\shag\Desktop\AdwCleaner_5.101.exe
2016-03-12 17:34 - 2016-03-12 17:52 - 00001625 _____ C:\ProgramData\XML
2016-03-12 17:34 - 2016-03-12 17:34 - 00002890 _____ C:\Users\shag\Desktop\Rkill.txt
2016-03-12 17:34 - 2016-03-12 17:34 - 00000000 ____D C:\Users\shag\Desktop\rkill
2016-03-12 17:34 - 2016-03-12 17:33 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\shag\Desktop\rkill.com
2016-03-11 21:55 - 2016-03-11 21:42 - 02374144 _____ (Farbar) C:\Users\shag\Desktop\FRST64.exe
2016-03-11 21:53 - 2016-03-14 18:37 - 00000000 ____D C:\FRST
2016-03-11 21:32 - 2016-03-11 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-03-11 21:31 - 2016-03-11 21:32 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-03-11 21:31 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-11 21:31 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-11 21:31 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-11 21:20 - 2016-03-11 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-05 12:03 - 2016-03-05 12:03 - 00000000 ____D C:\Users\shag\AppData\Roaming\cerasus.media
2016-03-01 21:22 - 2016-03-01 16:25 - 03793920 _____ (IvoSoft) C:\Windows\SysWOW64\clientmon.exe
2016-03-01 21:12 - 2016-03-14 18:30 - 00003362 _____ C:\Windows\System32\Tasks\Search Filter Host
2016-03-01 21:12 - 2016-03-01 21:12 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Lazy Bear Games
2016-03-01 21:11 - 2016-03-12 17:51 - 00000000 _RSHD C:\ProgramData\274435
2016-03-01 21:11 - 2016-03-01 21:11 - 00000000 ____D C:\Users\shag\AppData\Roaming\Windows
2016-03-01 19:55 - 2016-03-01 19:55 - 00000000 ____D C:\ProgramData\dbdata
2016-02-29 20:27 - 2016-02-29 22:37 - 00000000 ____D C:\Users\shag\AppData\Roaming\Factorio
2016-02-29 20:26 - 2016-02-29 20:26 - 00000936 _____ C:\Users\shag\Desktop\Factorio v0.9.8.lnk
2016-02-25 08:09 - 2016-02-25 08:09 - 00000801 _____ C:\Users\Public\Desktop\Passbild-Generator.lnk
2016-02-25 08:09 - 2016-02-25 08:09 - 00000000 ____D C:\Users\shag\AppData\Local\_3_
2016-02-25 08:09 - 2016-02-25 08:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passbild-Generator
2016-02-23 21:01 - 2016-02-23 20:59 - 00110176 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2016-02-23 20:59 - 2016-02-23 21:01 - 00000000 ____D C:\Users\shag\.oracle_jre_usage
2016-02-23 20:59 - 2016-02-23 20:59 - 00000000 ____D C:\Users\shag\AppData\Roaming\Sun
2016-02-23 20:58 - 2016-02-23 20:58 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Oracle
2016-02-23 20:17 - 2016-02-23 21:09 - 00000000 ____D C:\Users\shag\.litwrl
2016-02-21 11:59 - 2016-02-21 11:59 - 00000000 ____D C:\Users\shag\Documents\DyingLight
2016-02-19 18:50 - 2016-02-19 18:50 - 00000000 ____D C:\Users\shag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-03-14 18:35 - 2009-07-14 05:45 - 00022848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-14 18:35 - 2009-07-14 05:45 - 00022848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-14 18:34 - 2016-01-03 15:42 - 00000000 ____D C:\Users\shag\AppData\Local\CrashDumps
2016-03-14 18:30 - 2013-05-14 20:49 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-14 18:30 - 2009-07-14 18:58 - 00699416 _____ C:\Windows\system32\perfh007.dat
2016-03-14 18:30 - 2009-07-14 18:58 - 00149556 _____ C:\Windows\system32\perfc007.dat
2016-03-14 18:30 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-14 18:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-14 18:23 - 2013-03-18 19:28 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-14 18:23 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-14 18:05 - 2015-06-19 16:54 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
2016-03-14 17:57 - 2013-04-18 20:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-14 17:50 - 2013-08-25 19:14 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
2016-03-14 17:41 - 2013-05-14 20:49 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-13 19:50 - 2013-08-25 19:14 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
2016-03-13 16:46 - 2013-03-21 22:46 - 00000000 ____D C:\Users\shag\AppData\Roaming\vlc
2016-03-13 15:04 - 2015-12-06 19:16 - 00000000 ____D C:\Users\shag\Desktop\Spiele
2016-03-13 13:20 - 2015-08-21 09:34 - 00000000 ____D C:\Users\shag\AppData\Roaming\SoundSpectrum
2016-03-13 13:20 - 2015-08-21 09:34 - 00000000 ____D C:\Program Files (x86)\SoundSpectrum
2016-03-13 13:20 - 2015-06-10 22:13 - 00007859 _____ C:\Users\shag\AppData\Roaming\pcouffin.cat
2016-03-13 13:20 - 2015-06-10 22:13 - 00000000 ____D C:\Users\shag\AppData\Roaming\Vso
2016-03-13 13:20 - 2015-06-10 22:13 - 00000000 ____D C:\Program Files (x86)\vso
2016-03-13 13:18 - 2013-03-19 20:07 - 00000000 ____D C:\Users\shag\AppData\Roaming\UseNeXT
2016-03-13 13:16 - 2013-03-23 01:14 - 00000000 ____D C:\Users\shag\AppData\Roaming\Broad Intelligence
2016-03-13 13:16 - 2013-03-21 23:24 - 00000000 ____D C:\Users\shag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-03-13 12:05 - 2015-06-19 16:54 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
2016-03-11 22:57 - 2013-04-18 20:08 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-11 22:57 - 2013-03-18 20:25 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-11 22:57 - 2013-03-18 20:25 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-11 21:49 - 2014-11-23 19:32 - 00000000 ____D C:\Users\shag\AppData\Local\My Games
2016-03-11 21:49 - 2013-03-30 23:41 - 00000000 ____D C:\Users\shag\Documents\My Games
2016-03-11 21:49 - 2013-03-18 19:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-11 21:48 - 2015-12-30 20:54 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-11 21:47 - 2015-09-30 22:11 - 00000000 ____D C:\Users\shag\AppData\Roaming\Atari
2016-03-11 21:46 - 2015-03-13 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-03-11 21:46 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-11 21:30 - 2014-07-25 20:28 - 00242786 _____ C:\Windows\ntbtlog.txt
2016-03-11 21:17 - 2013-03-18 19:16 - 00000000 ____D C:\Users\shag
2016-03-11 21:10 - 2015-10-03 09:12 - 00000000 ____D C:\Users\Coco
2016-03-11 21:10 - 2015-06-10 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-03-11 21:10 - 2015-05-15 10:42 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-11 21:10 - 2014-10-05 15:49 - 00000000 ____D C:\Users\shag\AppData\Roaming\FreeArc
2016-03-11 21:10 - 2014-08-07 21:41 - 00000000 ____D C:\Users\Besuch
2016-03-11 21:10 - 2014-07-27 20:34 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-11 21:10 - 2014-02-10 20:00 - 00000000 ____D C:\Users\shag\AppData\Roaming\Battle.net
2016-03-11 21:10 - 2013-03-18 20:25 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\ProgramData\Avira
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\Program Files (x86)\Avira
2016-03-11 21:10 - 2009-07-14 19:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-11 21:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-03-11 20:21 - 2014-02-10 20:00 - 00000000 ____D C:\Users\shag\AppData\Local\Battle.net
2016-03-11 13:20 - 2015-11-15 18:24 - 00033792 _____ C:\Users\shag\Desktop\Finanzen.xls
2016-03-08 16:41 - 2015-11-20 18:45 - 00000000 ____D C:\Users\shag\.gimp-2.8
2016-03-01 19:10 - 2013-03-18 20:30 - 00000000 ___RD C:\Users\shag\Dropbox
2016-03-01 19:10 - 2013-03-18 20:29 - 00000000 ____D C:\Users\shag\AppData\Roaming\Dropbox
2016-02-28 10:10 - 2013-05-02 20:29 - 00000000 ____D C:\ProgramData\Origin
2016-02-25 08:15 - 2015-10-15 19:41 - 00013405 _____ C:\Windows\BRRBCOM.INI
2016-02-24 16:09 - 2015-11-09 18:52 - 00000498 _____ C:\Users\shag\Desktop\Coco.txt
2016-02-23 21:03 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Oracle
2016-02-23 21:02 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-02-23 21:02 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-23 21:02 - 2013-09-03 20:26 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-23 21:02 - 2013-03-18 20:28 - 00000000 ____D C:\Program Files\Java
2016-02-23 20:59 - 2015-03-13 18:22 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-02-21 11:44 - 2014-12-05 21:30 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-21 11:44 - 2014-12-05 21:30 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-18 10:22 - 2013-07-24 17:53 - 00000000 ____D C:\ProgramData\Battle.net
2016-02-18 08:09 - 2013-04-02 21:33 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-02-15 21:54 - 2015-01-12 18:27 - 00000000 ____D C:\Users\shag\AppData\Roaming\Mp3tag
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-10-14 03:44 - 2013-10-14 03:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2016-03-12 18:02 - 2016-03-01 16:25 - 3793920 _____ (IvoSoft) C:\Users\shag\AppData\Roaming\clientmon.exe
2015-06-10 22:13 - 2016-03-13 13:20 - 0007859 _____ () C:\Users\shag\AppData\Roaming\pcouffin.cat
2015-06-10 22:13 - 2016-03-13 13:20 - 0001167 _____ () C:\Users\shag\AppData\Roaming\pcouffin.inf
2015-06-10 22:13 - 2016-03-13 13:20 - 0000055 _____ () C:\Users\shag\AppData\Roaming\pcouffin.log
2016-03-13 13:20 - 2016-03-13 13:20 - 0082816 _____ (VSO Software) C:\Users\shag\AppData\Roaming\pcouffin.sys
2013-06-04 20:34 - 2015-06-13 17:45 - 0014848 _____ () C:\Users\shag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-02 16:18 - 2015-06-02 16:21 - 0585728 _____ () C:\Users\shag\AppData\Local\file__0.localstorage
2015-11-20 18:47 - 2015-11-20 18:47 - 0000819 _____ () C:\Users\shag\AppData\Local\recently-used.xbel
2013-03-18 19:55 - 2015-05-27 19:39 - 0007649 _____ () C:\Users\shag\AppData\Local\resmon.resmoncfg
2016-03-12 17:34 - 2016-03-12 17:52 - 0001625 _____ () C:\ProgramData\XML
Einige Dateien in TEMP:
====================
C:\Users\shag\AppData\Local\Temp\sqlite3.dll
C:\Users\shag\AppData\Local\Temp\svhost.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-03-12 15:55
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von shag (2016-03-14 18:37:43)
Gestartet von C:\Users\shag\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-03-18 18:16:49)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2443269024-3109390385-3364977999-500 - Administrator - Disabled)
Coco (S-1-5-21-2443269024-3109390385-3364977999-1008 - Administrator - Enabled) => C:\Users\Coco
Gast (S-1-5-21-2443269024-3109390385-3364977999-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2443269024-3109390385-3364977999-1004 - Limited - Enabled)
shag (S-1-5-21-2443269024-3109390385-3364977999-1000 - Administrator - Enabled) => C:\Users\shag
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Age of Conan: Hyborian Adventures (HKLM-x32\...\Age of Conan_is1) (Version: - Funcom)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: - Gameforge)
Anno 2205 (HKLM-x32\...\Uplay Install 1253) (Version: - Ubisoft)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Photo Commander 10 v.10.0.1 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.0.1 - Ashampoo GmbH & Co. KG)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2002861294.48.56.34082026 - Audible, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.141 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BDE Information Utility (HKLM-x32\...\BDE Information Utility) (Version: - InterBase Installation Info (and BDE Information Utility))
Blender (HKLM\...\{BBE9D9F0-3F77-4E26-9E10-1AFB56D41363}) (Version: 2.76.0 - Blender Foundation)
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J5320DW (HKLM-x32\...\{7FC49664-DAA4-4E7C-ADD0-614ABB43691B}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.20.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.2.17437 - Landesfinanzdirektion Thüringen)
ElsterFormular 2006/2007 (HKLM-x32\...\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}) (Version: 8.2.1.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2007/2008 (HKLM-x32\...\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}) (Version: 9.2.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2008/2009 (HKLM-x32\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.0.0.0 - Steuerverwaltung des Bundes und der Länder)
EuCaSoft 4.4.0.4377 (HKLM-x32\...\EuCaSoft_is1) (Version: - itas GmbH)
FFB Racing Wheel drivers (HKLM-x32\...\{28B758EA-5C83-48B1-B352-C70F12C73F5A}) (Version: 3.TTRS.2014 - Thrustmaster)
FreeArc 0.666 (HKLM-x32\...\FreeArc) (Version: 0.666 - Bulat Ziganshin)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge)
Geeks3D FurMark 1.13.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0512 - iRacing.com Motorsport Simulations)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java SE Development Kit 7 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Java SE Development Kit 8 Update 73 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180730}) (Version: 8.0.730.2 - Oracle Corporation)
JetDrive (HKLM-x32\...\JetDrive_is1) (Version: 6.11 - Abelssoft)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MechWarrior Online (HKLM-x32\...\{9f17023b-d04f-432b-b08a-3bb4c3a7ed3c}) (Version: 1.6.0.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.6.1.0 - Piranha Games Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mosaizer Pro v12.0 (HKLM-x32\...\Mosaizer Pro_is1) (Version: 12.0 - APP Helmond)
Mozilla Firefox 19.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 19.0.2 (x86 de)) (Version: 19.0.2 - Mozilla)
Mozilla Firefox 44.0.2 (x86 de) (HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 19.0.2 - Mozilla)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Next Car Game Free Technology Demo (HKLM-x32\...\Next Car Game Free Technology Demo) (Version: - Bugbear Entertainment)
NoLimits 2 Demo (remove only) (HKLM\...\NoLimits 2 Demo) (Version: - )
NoLimits Coasters 1.8 (remove only) (HKLM-x32\...\NoLimits Coasters full) (Version: - )
Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Treiber 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Passbild-Generator v4.0a (HKLM-x32\...\Passbild-Generator_is1) (Version: - Passbild-Generator)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version: - ) Hidden
Sentinel System Driver Installer 7.5.1 (HKLM-x32\...\{BF9E346B-5ECE-4A18-9510-55729FD08323}) (Version: 7.5.1 - SafeNet, Inc.)
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.0.115 - MSI)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.43148 - TeamViewer)
The Witcher 3: Wild Hunt - Alternative Look for Ciri (HKLM-x32\...\Alternative Look for Ciri_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Alternative Look for Triss (HKLM-x32\...\Alternative Look for Triss_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Alternative Look for Yennefer (HKLM-x32\...\Alternative Look for Yennefer_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Ballad Heroes - Neutral Gwent Card Set (HKLM-x32\...\Ballad Heroes - Neutral Gwent Card Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Elite Crossbow Set (HKLM-x32\...\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Finisher Animations (HKLM-x32\...\New Finisher Animations_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract - Skellige's Most Wanted (HKLM-x32\...\New Quest - Contract: Skellige's Most Wanted_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Fool's Gold (HKLM-x32\...\New Quest - Fool's Gold_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Scavenger Hunt - Wolf School Gear (HKLM-x32\...\New Quest - Scavenger Hunt: Wolf School Gear_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Where the Cat and Wolf Play... (HKLM-x32\...\New Quest - Where the Cat and Wolf Play..._is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Nilfgaardian Armor Set (HKLM-x32\...\Nilfgaardian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Skellige Armor Set (HKLM-x32\...\Skellige Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
War Thunder Launcher 1.0.1.278 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - 2013 Gaijin Entertainment Corporation)
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.116 - MSI)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> d:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {2DDE40A1-B5C9-4E30-B49A-056A855363D0} - System32\Tasks\Search Filter Host => C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.exe [2016-03-01] (IvoSoft)
Task: {5CDC7D13-A92F-4C6A-9037-DFA121DFEAA2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {6167180D-AC7E-4C68-8CC9-023DBC147E37} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {6EB11A62-09BE-4E9B-83D4-6A882DE1ED34} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {8497BBEE-475E-4265-AAA8-F224139C7BA0} - System32\Tasks\Super Charger => C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe [2011-07-06] (MSI)
Task: {C5C53FF5-B82F-4F17-AE3C-81D0F93E55D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DB2708DA-72B3-456B-A231-CAA7741EFF08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-11] (Adobe Systems Incorporated)
Task: {DBCDFCAF-D9E9-40F1-AF62-1F1C50B250EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {E4737B22-8F2C-4315-9743-9053915C8DBA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {EC19B7C3-4AAF-4DEF-9968-077FFE35F30A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {EC4FE598-9EC1-4664-A6F2-59D0338E59D0} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {F854E768-B92F-45F6-9F15-D807D339052F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-30 20:54 - 2015-12-09 02:52 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2014-07-30 10:04 - 2015-12-16 15:53 - 00126072 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-05-31 20:12 - 2015-02-10 14:08 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
2015-05-15 09:45 - 2015-12-09 02:53 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-05-31 20:12 - 2015-02-18 13:11 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2016-03-14 18:17 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\shag\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupreg: Super-Charger => C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{6B1F38FA-F6F9-4ABD-B206-E8C90B977830}] => (Allow) C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B7325FFE-3ADA-4DA1-9DE8-3A2DCA7F5A3B}] => (Allow) C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{07D86DA9-61A3-47CB-B1A6-0513D4F06B65}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FDD9CBBE-0ABD-4667-9596-44E879C79778}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{86E3BE82-CA85-440E-B4B2-B2664B446D92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{11DDDDE2-F308-40AF-8D9D-0E2072E70150}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3163EBD-DDB7-4275-AC6D-8C732590173F}] => (Block) %ProgramFiles% (x86)\SQUARE ENIX\Tombraider\TombRaider.exe
FirewallRules: [TCP Query User{73C838EF-603A-4CF2-A23E-2041E1CFCD82}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{E71ACD03-DA48-431D-949F-BF986E2AC015}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [{4BBC53DD-4D5D-4C50-B909-22E10583A056}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{469D4751-7DFA-4A7C-B361-434CEB6A5A81}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{5BB1082F-2E2D-4EE6-944B-DC344AA5B470}C:\eucasoft\meta.exe] => (Allow) C:\eucasoft\meta.exe
FirewallRules: [UDP Query User{A2668BF5-70B4-4A1E-BDF8-5AB545E14AD3}C:\eucasoft\meta.exe] => (Allow) C:\eucasoft\meta.exe
FirewallRules: [TCP Query User{E3CEC154-48F6-4462-86A3-FA11B8C6E49A}C:\eucasoft\eucasoft.exe] => (Allow) C:\eucasoft\eucasoft.exe
FirewallRules: [UDP Query User{6ABB59E9-B8AC-4332-BD91-82B6FA02BCBC}C:\eucasoft\eucasoft.exe] => (Allow) C:\eucasoft\eucasoft.exe
FirewallRules: [TCP Query User{C38681B1-F9C5-4091-9454-BB9C91B9C217}C:\eucasoft\eucaprn.exe] => (Allow) C:\eucasoft\eucaprn.exe
FirewallRules: [UDP Query User{B68FAD45-EBB9-418D-9418-289EC845D24E}C:\eucasoft\eucaprn.exe] => (Allow) C:\eucasoft\eucaprn.exe
FirewallRules: [TCP Query User{3DC74B91-28FD-420E-AD76-7684D5631DE6}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [UDP Query User{E199CF05-61AE-482C-ADCD-46BC0D125AF6}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [TCP Query User{36345DBD-FF4D-463E-947F-2FB5E8F97CE1}E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe] => (Block) E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe
FirewallRules: [UDP Query User{3C8D0343-259F-44B4-9BF4-9116E1EDCF55}E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe] => (Block) E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe
FirewallRules: [TCP Query User{4A3487F5-0DF9-465C-859C-B2E3CB28767D}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{D243A6A0-89AA-47B7-8C5F-EE81A220C3CB}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{D746F088-F43E-4AD9-9FD0-782FFFF44266}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{C1409997-93DC-4B19-8C85-BE34ADE9EC79}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{BB497C68-00F8-4212-B457-64BD9CE73233}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{8D7CAD06-081F-4293-9AFA-A574B67C0766}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{68094F16-F5E3-4BFE-B7E7-0086A112EDFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1D18F698-41EF-4FF1-B72D-D7D764974717}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CF8BFAAF-E0E6-4FBE-9260-2B26188DFB50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{697C2CFB-27E5-4A1B-83B2-D908CF8D0F1F}D:\program files (x86)\rayman legends\rayman legends.exe] => (Block) D:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{4415CC36-28EC-477F-8CA5-84335AD7A691}D:\program files (x86)\rayman legends\rayman legends.exe] => (Block) D:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [{E3D7CB83-5E5C-47E5-8FE7-0E543DEF0773}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{763A8944-677E-40D8-A3BF-36F032CAE895}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DC6F0895-BCFA-477C-8FAA-6D8FAE970845}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{2527224D-47C0-479D-A667-612AF086AD65}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [TCP Query User{D6BCEDD8-4D78-4A28-8B5E-6D6A755083BE}D:\program files (x86)\warthunder\aces.exe] => (Allow) D:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{018EDE3C-20A5-4DEC-83DC-A0F4035CA4F3}D:\program files (x86)\warthunder\aces.exe] => (Allow) D:\program files (x86)\warthunder\aces.exe
FirewallRules: [{E89F95BB-3F00-4592-BF46-D7A0247E3238}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A453AEC4-A7B7-4DA7-B840-7087754DDBF5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AD67C548-8E7C-40B0-A74F-BA65ACD252C3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rush\rush.exe
FirewallRules: [{1B6D63C6-DF1F-46D9-944A-4534CF00CE52}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rush\rush.exe
FirewallRules: [{90FC0048-BB3C-42A3-838C-93D2305165A5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{D2515F04-7392-4710-8C0B-11C44D9D5051}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{7EAC378D-BC60-44E4-8D20-97726450695B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{CA140986-66FC-4FD1-BD7B-4C731BA13B0D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{E6B3BB6E-1BC0-4659-A1C4-0E907310097A}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A5024DE2-F094-4A6B-B3CE-205B577386AF}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{928EC490-B5EE-4BC5-B83D-0877319F5188}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{18A7466B-1BA1-4EBA-8E1D-2AF3988F32B8}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{596BBFE3-EC8B-41A2-896B-BFC6212DD615}] => (Allow) D:\Program Files (x86)\OriginGames\Dead Space\Dead Space.exe
FirewallRules: [{482F736C-0431-441B-892B-ADD6495FE0B5}] => (Allow) D:\Program Files (x86)\OriginGames\Dead Space\Dead Space.exe
FirewallRules: [TCP Query User{3AC563F9-56E0-4D00-AA38-E94904A971D9}D:\program files (x86)\valve\portal 2\portal2.exe] => (Block) D:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [UDP Query User{CE925544-FD60-47B6-9BB2-776A0331FDBA}D:\program files (x86)\valve\portal 2\portal2.exe] => (Block) D:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [TCP Query User{5B653E1C-7A11-48EC-9DBE-A5A6CB0BE297}D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{CFFFAA87-8C93-421C-9379-BEC740574581}D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [TCP Query User{6F9B727C-9EFD-4404-AA37-4AD93A12B836}D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe
FirewallRules: [UDP Query User{C2D99373-F636-44F6-95F8-91527CB4F5C9}D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe
FirewallRules: [TCP Query User{C542631D-D296-4DD5-A464-85B3CB755448}D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe] => (Block) D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe
FirewallRules: [UDP Query User{3EE0E562-25EE-4679-B1F2-206503432AD1}D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe] => (Block) D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe
FirewallRules: [TCP Query User{B78239F5-94BD-4F90-9F9B-BBE7B1F4F294}D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [UDP Query User{BAB1384F-46C8-4EA3-8AE8-F8FDC3DC2678}D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [{6A8DAA67-50D6-4693-9A05-E987BE0BC205}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{F1084AB7-A049-4C1E-A87E-69EA97D45F5A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [TCP Query User{10A90911-6943-486F-B637-EBF581F06F38}D:\program files (x86)\tera\tera-launcher.exe] => (Allow) D:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [UDP Query User{578E97A2-CE4F-4099-B0C8-66F332017191}D:\program files (x86)\tera\tera-launcher.exe] => (Allow) D:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [{66D14BBE-0EA6-415C-9ECD-21364CA004B2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{3E85FEBD-4AEB-45AF-BDAC-E6C9F4F5702D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{69287390-3691-457C-A38B-CC9337E9E2A5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{E7240E72-D750-43AC-91CA-09B8B47924DF}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{5FC65538-FA6D-49E2-89F9-6FCDEE0078BD}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{1D9830DA-43E2-45B8-BC15-4DB65EB7890C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{F600BCAF-ADBB-4F5D-B30B-9316781C151B}C:\users\shag\appdata\local\temp\gw2.exe] => (Allow) C:\users\shag\appdata\local\temp\gw2.exe
FirewallRules: [UDP Query User{41FA0A67-7849-47E9-8705-46E3EE198D57}C:\users\shag\appdata\local\temp\gw2.exe] => (Allow) C:\users\shag\appdata\local\temp\gw2.exe
FirewallRules: [TCP Query User{A3884C3A-1703-41EC-ABE3-45DD9E7CE962}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{78536A0E-367B-49EF-BC0A-2FA83E57D071}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{0F3E8BC1-14C2-481A-98AB-B244B4F084C5}D:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) D:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{BA93D511-5C13-403C-BFB6-40893AF03417}D:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) D:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [{EBFA0E67-670C-4DF3-A88E-B4A8DDF8AA98}] => (Allow) D:\Program Files (x86)\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [{C269B6F7-1883-40EB-B878-9EF8A9EB172E}] => (Allow) D:\Program Files (x86)\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [TCP Query User{D889D8F7-55CC-445A-8E3E-C0B52B5CDF93}D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Block) D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [UDP Query User{46EE6606-D08C-4C75-ACF2-6CEB161D465F}D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Block) D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [TCP Query User{52DC2877-88F2-42CC-A0CA-E3979AC92D06}D:\program files (x86)\ubisoft\driver san francisco\driver.exe] => (Block) D:\program files (x86)\ubisoft\driver san francisco\driver.exe
FirewallRules: [UDP Query User{4B4DB25B-416E-4147-A842-D107757F7375}D:\program files (x86)\ubisoft\driver san francisco\driver.exe] => (Block) D:\program files (x86)\ubisoft\driver san francisco\driver.exe
FirewallRules: [TCP Query User{65ADDC17-D41E-43CF-8F91-0D1A5E64D260}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [UDP Query User{4FCCBC6A-ECB2-4D49-A0C7-06AA70EDCD31}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [TCP Query User{4727CA4A-F3CF-4D4C-BE94-77013DB3E561}D:\gog games\oddworld - new 'n' tasty\nnt.exe] => (Block) D:\gog games\oddworld - new 'n' tasty\nnt.exe
FirewallRules: [UDP Query User{16F3CC54-81C2-4D68-AC5B-A5F110F39B09}D:\gog games\oddworld - new 'n' tasty\nnt.exe] => (Block) D:\gog games\oddworld - new 'n' tasty\nnt.exe
FirewallRules: [{1EDBCBD6-77FE-4354-AFC1-82B6EEF9C166}] => (Allow) d:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{E95D1DBC-A572-4898-977A-09355E2080D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B6D7FDC2-79E5-443F-B573-ADBE5AE02395}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CC4C363A-92C1-483D-A1F8-D8D10344E52C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{09E746F3-3FA8-46A1-8D39-D2FAA689C686}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{20DEB04C-991B-4CE0-BF6E-832CFE776471}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{318028F5-A87E-4579-9378-43E2C20672BB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{2E5D2FF7-7055-42A5-BA32-6F6F01B54240}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{AA87FFA5-9C61-4FAA-8885-C7C06558CA9F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{F99BA5FE-DD38-41F4-A72E-CE7D43AD47E6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{CBF93050-29C7-4CAA-9A0D-5ED1DD81E6EB}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{52E17C41-63A9-4BE2-8174-4167278F4903}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3BEA036E-82D0-4D77-920E-8482907A261F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{5EA49FF2-A58C-43FF-A927-0A95BC6FCD49}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{60D3597B-38BF-4726-B37B-D84C6033C47A}] => (Allow) D:\Program Files (x86)\OriginGames\SimCity\SimCity\SimCity.exe
FirewallRules: [{FF9D86C5-9E1C-4141-A59B-AAA7CF001273}] => (Allow) D:\Program Files (x86)\OriginGames\SimCity\SimCity\SimCity.exe
FirewallRules: [{0EA73370-3A10-4766-A12F-38F0627859C8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F72DC3C7-0503-41A5-9041-0B676C1641F6}] => (Allow) d:\Program Files (x86)\Brother\Brmfl14e\FAXRX.EXE
FirewallRules: [{2DEEF5AC-1862-4BFF-85D2-38570B129251}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{28C6BC4A-6416-4AB8-9D95-58BFF751A037}D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Block) D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
FirewallRules: [UDP Query User{A3AB2A72-C4C0-4F06-A7EE-35C0A00F8240}D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Block) D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
FirewallRules: [TCP Query User{148864F7-C1E4-43C7-8550-2BD665282F51}D:\program files (x86)\the beginner's guide\beginnersguide.exe] => (Block) D:\program files (x86)\the beginner's guide\beginnersguide.exe
FirewallRules: [UDP Query User{C2EF76C4-BCF3-48FB-B86F-7B9BA0048225}D:\program files (x86)\the beginner's guide\beginnersguide.exe] => (Block) D:\program files (x86)\the beginner's guide\beginnersguide.exe
FirewallRules: [{8D43ABC5-5B12-4069-A956-405E2BDADA0D}] => (Allow) C:\Program Files (x86)\Ubisoft\Anno 2205\Bin\Win64\Anno2205.exe
FirewallRules: [TCP Query User{94CB0C90-4707-4792-A2D5-C25AF29D2469}D:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) D:\program files (x86)\funcom\age of conan\conanpatcher.exe
FirewallRules: [UDP Query User{97F8F9D2-7879-4A76-8105-5F4D34C015FA}D:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) D:\program files (x86)\funcom\age of conan\conanpatcher.exe
FirewallRules: [TCP Query User{99C24D58-9BFA-4554-9E71-00D636CD7E73}D:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconan.exe
FirewallRules: [UDP Query User{4047640F-E7E9-40FE-BA37-92EA829E5E29}D:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconan.exe
FirewallRules: [TCP Query User{427ECFE4-217A-4173-992A-9C438892908B}D:\program files (x86)\funcom\age of conan\ageofconandx10.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconandx10.exe
FirewallRules: [UDP Query User{156CF8DA-5855-45EC-BB9D-FF170F6A355E}D:\program files (x86)\funcom\age of conan\ageofconandx10.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconandx10.exe
FirewallRules: [{64B10E9D-6428-4CFA-90EB-011BF57188B4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{703D5913-0510-4C51-8CD3-10C7E1EA0EE6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A37ABBA-07A0-432C-BCD4-096215DA9189}] => (Allow) D:\Program Files\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{9794E91D-9859-47DE-B442-972C8D67A12B}] => (Allow) D:\Program Files\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{E3EB6327-951D-427C-962D-A9D15D80D3BC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{056185A1-5BA0-4BD6-A258-82BA88A67103}D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe] => (Block) D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe
FirewallRules: [UDP Query User{0E5A04DE-1325-45DA-9DA5-912070B8C4F0}D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe] => (Block) D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe
==================== Wiederherstellungspunkte =========================
14-02-2013 01:40:44 Windows Update
14-02-2013 03:00:19 Windows Update
17-03-2013 17:59:43 Removed Java(TM) 6 Update 39
17-03-2013 18:02:58 Installed Java 7 Update 17
17-03-2013 18:20:27 Windows Update
11-03-2016 21:47:57 Removed RollerCoaster Tycoon® 3
12-03-2016 17:51:16 JRT Pre-Junkware Removal
13-03-2016 12:42:33 Removed Adobe Photoshop Lightroom 4.4 64-bit.
13-03-2016 13:17:48 Entfernt Railroad Tycoon 3
13-03-2016 13:19:16 Voodoo Chronicles wurde entfernt.
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: AODDriver4.01
Description: AODDriver4.01
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.01
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/14/2016 06:34:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 2.3.125.0, Zeitstempel: 0x5612a56b
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x1730
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (03/14/2016 06:23:53 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (03/14/2016 06:18:56 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (03/14/2016 05:12:57 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (03/14/2016 01:58:26 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (03/14/2016 07:14:23 AM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (03/14/2016 06:46:06 AM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (03/13/2016 04:46:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a6a196
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ac04
ID des fehlerhaften Prozesses: 0xf7c
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Error: (03/13/2016 04:38:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a6a196
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ac04
ID des fehlerhaften Prozesses: 0x1698
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Error: (03/13/2016 03:08:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a6a196
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ac04
ID des fehlerhaften Prozesses: 0x1228
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Systemfehler:
=============
Error: (03/14/2016 06:24:03 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%303.
Error: (03/14/2016 06:24:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (03/14/2016 06:24:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Email-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (03/14/2016 06:23:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (03/14/2016 06:23:52 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Planer" wurde mit folgendem dienstspezifischem Fehler beendet: %%305.
Error: (03/14/2016 06:22:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/14/2016 06:22:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/14/2016 06:22:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/14/2016 06:22:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/14/2016 06:22:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
==================== Speicherinformationen ===========================
Prozessor: AMD Phenom(tm) II X4 965 Processor
Prozentuale Nutzung des RAM: 31%
Installierter physikalischer RAM: 8178.14 MB
Verfügbarer physikalischer RAM: 5610.54 MB
Summe virtueller Speicher: 14176.34 MB
Verfügbarer virtueller Speicher: 11715 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:12.2 GB) NTFS
Drive d: (Programme) (Fixed) (Total:833.85 GB) (Free:259.51 GB) NTFS
Drive e: (Safe) (Fixed) (Total:1863.01 GB) (Free:4.9 GB) NTFS
Drive f: (Daten) (Fixed) (Total:208.46 GB) (Free:12.35 GB) NTFS
Drive g: (Win7) (Fixed) (Total:97.56 GB) (Free:16.33 GB) NTFS
Drive h: (WinXP) (Fixed) (Total:24.41 GB) (Free:1.13 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive i: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: B45C1AEF)
Partition 2: (Active) - (Size=1863 GB) - (Type=05)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C68DC68D)
Partition 1: (Active) - (Size=24.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=208.5 GB) - (Type=OF Extended)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 90486699)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AFD27FD7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
noch ein kleiner Hinweis am Rande. Seit wir angefangen haben, funktionieren meine Media-Tasten an meiner Logitech MK320 Tastatur nicht mehr. Bei allen Media-Player Tasten öffnet sich Google im Browser mit folgender URL: https://www.google.de/?gws_rd=ssl Kann das ein Nebeneffekt der Tools sein, die wir verwendet haben? Gruß shag48 |
|
15.03.2016, 14:36
| #10 |
| /// TB-Ausbilder | Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht Servus, ja, kann ein Nebeneffekt der Tools sein, wobei ich gerade nicht weiß, was da "fälschlicherweise" entfernt wurde, dass diese Tasten nicht mehr gehen. Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers |
|
15.03.2016, 19:41
| #11 |
| | Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht Hi, nach 7 Scans in Folge, mal ein Zwischenergebniss. Zur Info. Während den ersten 3 Scans war mein Browser geöffnet während des Scans. Dabei habe ich aber keine neuen Seiten besucht, oder Links angeklickt. Bei den nächsten 3 Scans habe ich den Browser geschlossen gelassen und auch sonst nichts am PC gemacht. Seit dem 4. Scan findet er nur noch einen Eintrag und verlangt nicht mehr nach einem Neustart zum entfernen. Das gleiche auch bei Scan 5 und 6. Neustart habe ich trotzdem jedesmal gemacht. Scan 7 läuft gerade, während ich den Post verfasse. Hier die Ergebnisse: Scan 1: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.03.15.05
rootkit: v2016.03.12.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17914
shag :: SHAG-PC [administrator]
15.03.2016 17:54:57
mbar-log-2016-03-15 (17-54-57).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 455058
Time elapsed: 12 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell (Hijack.ShellA.Gen) -> Data: explorer.exe,"C:\Users\shag\AppData\Roaming\clientmon.exe" -> Delete on reboot. [c948a5e32f6afd39fe74cd59867d7e82]
Registry Data Items Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,"C:\Windows\system32\clientmon.exe") Good: (userinit.exe) -> Replace on reboot. [f61b355311880d2904ecfb1ee61f42be]
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\shag\AppData\Local\Temp\svhost.exe (RiskWare.HeuristicsReservedWordExploit) -> Delete on reboot. [2de4f8902c6d61d5344f360635cf9070]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.03.15.05
rootkit: v2016.03.12.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17914
shag :: SHAG-PC [administrator]
15.03.2016 18:12:11
mbar-log-2016-03-15 (18-12-11).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 454791
Time elapsed: 12 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,"C:\Windows\system32\clientmon.exe") Good: (userinit.exe) -> Replace on reboot. [9879dbadf4a50135d51b4ccd4abba45c]
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\shag\AppData\Local\Temp\svhost.exe (RiskWare.HeuristicsReservedWordExploit) -> Delete on reboot. [937e73159dfcd85e552e51eb11f35ea2]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.03.15.05
rootkit: v2016.03.12.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17914
shag :: SHAG-PC [administrator]
15.03.2016 18:26:31
mbar-log-2016-03-15 (18-26-31).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 454961
Time elapsed: 12 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,"C:\Windows\system32\clientmon.exe") Good: (userinit.exe) -> Replace on reboot. [868bc9bff8a184b219d7ac6d46bf37c9]
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\shag\AppData\Local\Temp\svhost.exe (RiskWare.HeuristicsReservedWordExploit) -> Delete on reboot. [91800b7dcecba49294ef8eaefa0a31cf]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.03.15.05
rootkit: v2016.03.12.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17914
shag :: SHAG-PC [administrator]
15.03.2016 18:41:55
mbar-log-2016-03-15 (18-41-55).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 454759
Time elapsed: 12 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,"C:\Windows\system32\clientmon.exe") Good: (userinit.exe) -> Replace on reboot. [759cf692d8c13df9a94745d44fb6d62a]
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.03.15.05
rootkit: v2016.03.12.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17914
shag :: SHAG-PC [administrator]
15.03.2016 18:55:14
mbar-log-2016-03-15 (18-55-14).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 454814
Time elapsed: 12 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,"C:\Windows\system32\clientmon.exe") Good: (userinit.exe) -> Replace on reboot. [e22f9aeec6d3d4628a66849513f29b65]
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.03.15.05
rootkit: v2016.03.12.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17914
shag :: SHAG-PC [administrator]
15.03.2016 19:11:26
mbar-log-2016-03-15 (19-11-26).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 454816
Time elapsed: 12 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,"C:\Windows\system32\clientmon.exe") Good: (userinit.exe) -> Replace on reboot. [e9285236f1a84fe713ddfe1b53b259a7]
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.03.15.05
rootkit: v2016.03.12.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17914
shag :: SHAG-PC [administrator]
15.03.2016 19:25:48
mbar-log-2016-03-15 (19-25-48).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 454960
Time elapsed: 12 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,"C:\Windows\system32\clientmon.exe") Good: (userinit.exe) -> Replace on reboot. [e829d0b8405988ae618f4ccd8184857b]
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
16.03.2016, 14:26
| #12 |
| /// TB-Ausbilder | Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht Servus, und jetzt ComboFix: Scan mit Combofix
|
|
16.03.2016, 20:19
| #13 |
| | Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht Hi, hier der Combo-Fix Log: Code:
ATTFilter ComboFix 16-03-14.01 - shag 16.03.2016 20:10:33.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8178.6434 [GMT 1:00]
ausgeführt von:: c:\users\shag\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\shag\AppData\Roaming\clientmon.exe
c:\users\shag\AppData\Roaming\windows
c:\users\shag\AppData\Roaming\windows\Applications\SearchIndex\SearchIndex.7z
c:\users\shag\AppData\Roaming\windows\Applications\SearchIndex\SearchIndex.exe
c:\windows\SysWow64\tmpC66D.tmp
c:\windows\SysWow64\tmpC66E.tmp
c:\windows\SysWow64\tmpED6A.tmp
c:\windows\SysWow64\tmpED6B.tmp
c:\windows\UNWISE.EXE
D:\setup.exe
E:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2016-02-16 bis 2016-03-16 ))))))))))))))))))))))))))))))
.
.
2016-03-15 16:54 . 2016-03-15 18:38 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2016-03-15 16:54 . 2016-03-15 18:25 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-14 17:19 . 2016-03-14 17:19 -------- d-sh--r- c:\programdata\274335
2016-03-13 12:20 . 2016-03-13 12:20 82816 ----a-w- c:\users\shag\AppData\Roaming\pcouffin.sys
2016-03-12 16:39 . 2016-03-14 17:22 -------- d-----w- c:\program files (x86)\AdwCleaner
2016-03-11 20:53 . 2016-03-14 17:37 -------- d-----w- C:\FRST
2016-03-11 20:31 . 2016-03-15 18:24 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-11 20:31 . 2016-03-11 20:32 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2016-03-11 20:31 . 2015-10-05 08:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-03-11 20:31 . 2015-10-05 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-03-11 20:20 . 2016-03-11 20:20 -------- d-----w- c:\programdata\Malwarebytes
2016-03-05 11:03 . 2016-03-05 11:03 -------- d-----w- c:\users\shag\AppData\Roaming\cerasus.media
2016-03-01 20:22 . 2016-03-01 15:25 3793920 ----a-w- c:\windows\SysWow64\clientmon.exe
2016-03-01 20:11 . 2016-03-12 16:51 -------- d-sh--r- c:\programdata\274435
2016-03-01 18:55 . 2016-03-01 18:55 -------- d-----w- c:\programdata\dbdata
2016-02-29 19:27 . 2016-02-29 21:37 -------- d-----w- c:\users\shag\AppData\Roaming\Factorio
2016-02-25 07:09 . 2016-02-25 07:09 -------- d-----w- c:\users\shag\AppData\Local\_3_
2016-02-23 20:01 . 2016-02-23 19:59 110176 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-64.dll
2016-02-23 20:00 . 2016-02-23 20:00 -------- d-----w- c:\program files (x86)\Common Files\Java
2016-02-23 19:59 . 2016-02-23 20:01 -------- d-----w- c:\users\shag\.oracle_jre_usage
2016-02-23 19:17 . 2016-02-23 20:09 -------- d-----w- c:\users\shag\.litwrl
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-11 21:57 . 2013-03-18 19:25 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-03-11 21:57 . 2013-03-18 19:25 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-02-23 19:59 . 2015-03-13 17:22 110176 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2016-02-18 07:09 . 2013-04-02 20:33 140448 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-10-14 02:44 . 2013-10-14 02:44 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"iCloud"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloud.exe" [2015-04-26 43816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2013-5-31 69120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 JetDrive WindowsClosingService;JetDrive WindowsClosingService;c:\windows\System32\WindowsClosingService;c:\windows\SYSNATIVE\WindowsClosingService [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 cancel;cancel;c:\program files (x86)\MSI\Super-Charger\cancel_64.sys;c:\program files (x86)\MSI\Super-Charger\cancel_64.sys [x]
R3 cpuz130;cpuz130;c:\users\shag\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\shag\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 GalaxyClientService;GalaxyClientService;d:\program files (x86)\GalaxyClient\GalaxyClientService.exe;d:\program files (x86)\GalaxyClient\GalaxyClientService.exe [x]
R3 GalaxyCommunication;GalaxyCommunication;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jetdrive;jddrv;c:\windows\system32\DRIVERS\jddrv.sys;c:\windows\SYSNATIVE\DRIVERS\jddrv.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;d:\program files (x86)\MSI\Live Update\NTIOLib_X64.sys;d:\program files (x86)\MSI\Live Update\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;j:\ntiolib_x64.sys;j:\NTIOLib_X64.sys [x]
R3 Origin Client Service;Origin Client Service;d:\program files (x86)\Origin\OriginClientService.exe;d:\program files (x86)\Origin\OriginClientService.exe [x]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys;c:\windows\SYSNATIVE\drivers\SndTAudio.sys [x]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS;c:\windows\SYSNATIVE\DRIVERS\SNTUSB64.SYS [x]
R3 tmhidusb;Thrustmaster HID USB Driver;c:\windows\system32\DRIVERS\tmhidusb.sys;c:\windows\SYSNATIVE\DRIVERS\tmhidusb.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 iRacingService;iRacing.com Helper Service;d:\program files (x86)\iRacing\iRacingService.exe;d:\program files (x86)\iRacing\iRacingService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 tmInstall;Thrustmaster Device Driver Installer;d:\program files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE;d:\program files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [x]
S2 zntport64;zntport64;c:\eucasoft\zntport64.sys;c:\eucasoft\zntport64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-15 13:42 1106072 ----a-w- c:\program files (x86)\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-12-18 15:42 286904 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
2016-03-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-18 21:57]
.
2016-03-13 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
- c:\users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 15:54]
.
2016-03-16 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
- c:\users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 15:54]
.
2016-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14 13:34]
.
2016-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14 13:34]
.
2016-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
- c:\users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-25 13:39]
.
2016-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
- c:\users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-25 13:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-10-25 7512680]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-12-09 1846016]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-12-09 2771576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-08-13 170256]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-AOD - c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-Alternative Look for Ciri_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins010.exe
AddRemove-Alternative Look for Triss_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins006.exe
AddRemove-Alternative Look for Yennefer_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins004.exe
AddRemove-Avira Antivirus - c:\program files (x86)\Avira\AntiVir Desktop\setup.exe
AddRemove-Ballad Heroes - Neutral Gwent Card Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins008.exe
AddRemove-BDE Information Utility - c:\windows\UNWISE.EXE
AddRemove-Beard and Hairstyle Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins002.exe
AddRemove-Elite Crossbow Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins015.exe
AddRemove-Malwarebytes Anti-Malware_is1 - c:\program files (x86)\ Malwarebytes Anti-Malware \unins000.exe
AddRemove-New Finisher Animations_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins014.exe
AddRemove-New Quest - Contract Missing Miners_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins003.exe
AddRemove-New Quest - Contract: Skellige's Most Wanted_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins011.exe
AddRemove-New Quest - Fool's Gold_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins007.exe
AddRemove-New Quest - Scavenger Hunt: Wolf School Gear_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins009.exe
AddRemove-New Quest - Where the Cat and Wolf Play..._is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins013.exe
AddRemove-Nilfgaardian Armor Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins005.exe
AddRemove-Skellige Armor Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins012.exe
AddRemove-Temerian Armor Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins001.exe
AddRemove-{5F34CFF7-094A-4403-83B4-542938FE988E} - c:\programdata\{EF483DD0-9B7B-46F0-95DD-4B56E6939CF3}\setup.exe
AddRemove-{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1 - i:\winki\unins001.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\JetDrive WindowsClosingService]
"ImagePath"="c:\windows\System32\WindowsClosingService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.032"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.abr"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.ani"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.apd"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.bay"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Bitmap"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.cs1"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.cur"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.dcx"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.dib"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.djv"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.djvu"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.emf"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.eps"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.erf"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.fff"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Gif"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.hdr"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.icl"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.icn"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.iw4"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.j2c"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.j2k"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jbr"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jfif"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jif"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jp2"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jpc"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jpk"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jpx"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.mef"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.mos"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pbr"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pct"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pcx"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pic"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pict"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Png"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.psd"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.psp"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pspbrush"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pspimage"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.rle"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.rwl"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.srw"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.tga"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.thm"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.ttc"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.ttf"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60po"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60pp"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60ppf"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.wbm"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.wbmp"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.wmf"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.xif"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.xmp"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\SecuROM\License information*]
"datasecu"=hex:db,dd,1b,fe,64,41,0c,60,9c,8b,4f,a0,df,c0,01,1e,8b,76,02,d1,e2,
a8,75,5a,1c,44,9f,89,55,2b,af,f1,80,58,22,66,ca,d4,87,43,55,2d,dc,4b,a6,2c,\
"rkeysecu"=hex:3a,78,12,f5,27,2d,b9,ea,ca,fe,57,1e,41,a1,96,25
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2016-03-16 20:15:03
ComboFix-quarantined-files.txt 2016-03-16 19:15
.
Vor Suchlauf: 15 Verzeichnis(se), 12.206.526.464 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 11.637.702.656 Bytes frei
.
- - End Of File - - 93345B509C77EC4C2F70923F0DF1778B
5F8B5082F3482CC06B72EC5806598AE9
|
|
17.03.2016, 14:55
| #14 |
| /// TB-Ausbilder | Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht Servus, Combofix-Skript
|
|
17.03.2016, 15:44
| #15 |
| | Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht Hi, hier der Inhalt der ComboFix Logdatei: Code:
ATTFilter ComboFix 16-03-14.01 - shag 17.03.2016 15:36:51.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8178.5863 [GMT 1:00]
ausgeführt von:: c:\users\shag\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\shag\Desktop\CFScript.txt
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\SysWow64\clientmon.exe"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\274335
c:\windows\SysWow64\clientmon.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2016-02-17 bis 2016-03-17 ))))))))))))))))))))))))))))))
.
.
2016-03-17 14:39 . 2016-03-17 14:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-17 14:39 . 2016-03-17 14:39 -------- d-----w- c:\users\Coco\AppData\Local\temp
2016-03-17 14:39 . 2016-03-17 14:39 -------- d-----w- c:\users\Besuch\AppData\Local\temp
2016-03-15 16:54 . 2016-03-15 18:38 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2016-03-15 16:54 . 2016-03-15 18:25 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-13 12:20 . 2016-03-13 12:20 82816 ----a-w- c:\users\shag\AppData\Roaming\pcouffin.sys
2016-03-12 16:39 . 2016-03-14 17:22 -------- d-----w- c:\program files (x86)\AdwCleaner
2016-03-11 20:53 . 2016-03-14 17:37 -------- d-----w- C:\FRST
2016-03-11 20:31 . 2016-03-15 18:24 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-11 20:31 . 2016-03-11 20:32 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2016-03-11 20:31 . 2015-10-05 08:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-03-11 20:31 . 2015-10-05 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-03-11 20:20 . 2016-03-11 20:20 -------- d-----w- c:\programdata\Malwarebytes
2016-03-05 11:03 . 2016-03-05 11:03 -------- d-----w- c:\users\shag\AppData\Roaming\cerasus.media
2016-03-01 20:11 . 2016-03-12 16:51 -------- d-sh--r- c:\programdata\274435
2016-03-01 18:55 . 2016-03-01 18:55 -------- d-----w- c:\programdata\dbdata
2016-02-29 19:27 . 2016-02-29 21:37 -------- d-----w- c:\users\shag\AppData\Roaming\Factorio
2016-02-25 07:09 . 2016-02-25 07:09 -------- d-----w- c:\users\shag\AppData\Local\_3_
2016-02-23 20:01 . 2016-02-23 19:59 110176 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-64.dll
2016-02-23 20:00 . 2016-02-23 20:00 -------- d-----w- c:\program files (x86)\Common Files\Java
2016-02-23 19:59 . 2016-02-23 20:01 -------- d-----w- c:\users\shag\.oracle_jre_usage
2016-02-23 19:17 . 2016-02-23 20:09 -------- d-----w- c:\users\shag\.litwrl
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-11 21:57 . 2013-03-18 19:25 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-03-11 21:57 . 2013-03-18 19:25 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-02-23 19:59 . 2015-03-13 17:22 110176 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2016-02-18 07:09 . 2013-04-02 20:33 140448 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-10-14 02:44 . 2013-10-14 02:44 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 199488 ----a-w- c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"iCloud"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloud.exe" [2015-04-26 43816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2013-5-31 69120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 JetDrive WindowsClosingService;JetDrive WindowsClosingService;c:\windows\System32\WindowsClosingService;c:\windows\SYSNATIVE\WindowsClosingService [x]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 cancel;cancel;c:\program files (x86)\MSI\Super-Charger\cancel_64.sys;c:\program files (x86)\MSI\Super-Charger\cancel_64.sys [x]
R3 cpuz130;cpuz130;c:\users\shag\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\shag\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 GalaxyClientService;GalaxyClientService;d:\program files (x86)\GalaxyClient\GalaxyClientService.exe;d:\program files (x86)\GalaxyClient\GalaxyClientService.exe [x]
R3 GalaxyCommunication;GalaxyCommunication;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jetdrive;jddrv;c:\windows\system32\DRIVERS\jddrv.sys;c:\windows\SYSNATIVE\DRIVERS\jddrv.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;d:\program files (x86)\MSI\Live Update\NTIOLib_X64.sys;d:\program files (x86)\MSI\Live Update\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;j:\ntiolib_x64.sys;j:\NTIOLib_X64.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
R3 Origin Client Service;Origin Client Service;d:\program files (x86)\Origin\OriginClientService.exe;d:\program files (x86)\Origin\OriginClientService.exe [x]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys;c:\windows\SYSNATIVE\drivers\SndTAudio.sys [x]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS;c:\windows\SYSNATIVE\DRIVERS\SNTUSB64.SYS [x]
R3 tmhidusb;Thrustmaster HID USB Driver;c:\windows\system32\DRIVERS\tmhidusb.sys;c:\windows\SYSNATIVE\DRIVERS\tmhidusb.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 iRacingService;iRacing.com Helper Service;d:\program files (x86)\iRacing\iRacingService.exe;d:\program files (x86)\iRacing\iRacingService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 tmInstall;Thrustmaster Device Driver Installer;d:\program files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE;d:\program files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [x]
S2 zntport64;zntport64;c:\eucasoft\zntport64.sys;c:\eucasoft\zntport64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-15 13:42 1106072 ----a-w- c:\program files (x86)\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-12-18 15:42 286904 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
2016-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-18 21:57]
.
2016-03-13 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
- c:\users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 15:54]
.
2016-03-17 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
- c:\users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 15:54]
.
2016-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14 13:34]
.
2016-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14 13:34]
.
2016-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
- c:\users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-25 13:39]
.
2016-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
- c:\users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-25 13:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37 236352 ----a-w- c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-10-25 7512680]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [BU]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-12-09 1846016]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-12-09 2771576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-08-13 170256]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Alternative Look for Ciri_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins010.exe
AddRemove-Alternative Look for Triss_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins006.exe
AddRemove-Alternative Look for Yennefer_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins004.exe
AddRemove-Avira Antivirus - c:\program files (x86)\Avira\AntiVir Desktop\setup.exe
AddRemove-Ballad Heroes - Neutral Gwent Card Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins008.exe
AddRemove-BDE Information Utility - c:\windows\UNWISE.EXE
AddRemove-Beard and Hairstyle Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins002.exe
AddRemove-Elite Crossbow Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins015.exe
AddRemove-Malwarebytes Anti-Malware_is1 - c:\program files (x86)\ Malwarebytes Anti-Malware \unins000.exe
AddRemove-New Finisher Animations_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins014.exe
AddRemove-New Quest - Contract Missing Miners_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins003.exe
AddRemove-New Quest - Contract: Skellige's Most Wanted_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins011.exe
AddRemove-New Quest - Fool's Gold_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins007.exe
AddRemove-New Quest - Scavenger Hunt: Wolf School Gear_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins009.exe
AddRemove-New Quest - Where the Cat and Wolf Play..._is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins013.exe
AddRemove-Nilfgaardian Armor Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins005.exe
AddRemove-Skellige Armor Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins012.exe
AddRemove-Temerian Armor Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins001.exe
AddRemove-{5F34CFF7-094A-4403-83B4-542938FE988E} - c:\programdata\{EF483DD0-9B7B-46F0-95DD-4B56E6939CF3}\setup.exe
AddRemove-{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1 - i:\winki\unins001.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\JetDrive WindowsClosingService]
"ImagePath"="c:\windows\System32\WindowsClosingService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.032"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.abr"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.ani"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.apd"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.bay"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Bitmap"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.cs1"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.cur"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.dcx"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.dib"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.djv"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.djvu"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.emf"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.eps"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.erf"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.fff"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Gif"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.hdr"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.icl"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.icn"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.iw4"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.j2c"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.j2k"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jbr"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jfif"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jif"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jp2"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jpc"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jpk"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jpx"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.mef"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.mos"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pbr"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pct"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pcx"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pic"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pict"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Png"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.psd"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.psp"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pspbrush"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pspimage"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.rle"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.rwl"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.srw"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.tga"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.thm"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.ttc"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.ttf"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60po"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60pp"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60ppf"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.wbm"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.wbmp"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.wmf"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.xif"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.xmp"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\SecuROM\License information*]
"datasecu"=hex:db,dd,1b,fe,64,41,0c,60,9c,8b,4f,a0,df,c0,01,1e,8b,76,02,d1,e2,
a8,75,5a,1c,44,9f,89,55,2b,af,f1,80,58,22,66,ca,d4,87,43,55,2d,dc,4b,a6,2c,\
"rkeysecu"=hex:3a,78,12,f5,27,2d,b9,ea,ca,fe,57,1e,41,a1,96,25
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2016-03-17 15:42:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2016-03-17 14:42
ComboFix2.txt 2016-03-16 19:15
.
Vor Suchlauf: 20 Verzeichnis(se), 12.279.435.264 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 12.042.121.216 Bytes frei
.
- - End Of File - - 8E230A1FF08D1E243396CC42E8725111
5F8B5082F3482CC06B72EC5806598AE9
|
|
| Themen zu Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht |
| antivir, antivirus, bonjour, canon, converter, dnsapi.dll, error, fehlermeldung, firefox, flash player, google, hijack, home, homepage, installation, mozilla, mp3, prozesse, realtek, registry, rundll, scan, software, system, udp, uplay, usb, windows |
Linear-Darstellung
