Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 03.06.2016, 15:03   #1
Deuterium
 
Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an - Standard

Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an



Einen guten Tag wünsche ich allen,

ich habe gestern Abend einen Anruf bekommen, dass von meiner E-Mail-Adresse bei Yahoo Spam-Mails verschickt wurden. Als ich nachgeschaut habe, habe ich gesehen, dass die Mail von einer fremden Adresse kam, die aber meinen vollen Namen enthielt und dass zudem Adressen aus meinem Adressbuch verwendet wurden. Bei einem Scan mit Avast wurde mir Win32:Hupigon-ONX als Trojaner angezeigt mit dem Dateinamen C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb

Eine Suche mit dem ESET Online Scanner hat keine Ergebnisse gezeigt, Scans mit AdwCleaner und Anti-Malware haben dagegen relativ viele Ergebnisse gezeigt. Ich bin daher ein bisschen in Sorge, dass sich einige Viren oder sonstige Schadprogramme auf meinem PC befinden. Allerdings wollte ich mich vor dem Löschen erst mal an euch wenden, bevor ich irgendetwas unnötigerweise lösche.

Hier die Logfiles

FRST

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-06-2016
durchgeführt von ***** (Administrator) auf ***** (03-06-2016 11:46:12)
Gestartet von D:\
Geladene Profile: ***** (Verfügbare Profile: ***** & *****)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) D:\itunes (1)\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() Q:\140066.enu\Office14\WINWORDC.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() Q:\140066.enu\Office14\OffSpon.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Malwarebytes) D:\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6469736 2012-03-06] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => D:\itunes (1)\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4243168 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Plugin Install] => D:\Quicktime\Plugins\DeleteMe1.exe
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-24] (AVAST Software)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975760 2015-11-03] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-12] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2013-02-10]
ShortcutTarget: Audible Download Manager.lnk -> D:\Audible\Bin\AudibleDownloadHelper.exe (Keine Datei)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

ProxyServer: [S-1-5-21-1078192431-239819200-2145751044-1000] => http=5.133.176.199:3128
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F8CE8708-5C3F-48FF-996E-AFF92665AD4C}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {07D56749-CE28-4EAD-98CF-98486A8E78D3} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10557
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> {F16D5BEA-D5EC-4187-88A0-7223A4DA5CC4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10557
BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Users\*****\Desktop\Expat Shield\HssIE\ExpatIE_64.dll => Keine Datei
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-12] (AVAST Software)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => Keine Datei
BHO-x32: Kein Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> Keine Datei
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: Kein Name -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-22] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-12] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-22] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Keine Datei
Toolbar: HKLM-x32 - Kein Name - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -  Keine Datei
Toolbar: HKU\S-1-5-21-1078192431-239819200-2145751044-1000 -> Kein Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104
FF Homepage: google.de
FF NetworkProxy: "backup.ftp", "212.29.229.21"
FF NetworkProxy: "backup.ftp_port", 80
FF NetworkProxy: "backup.socks", "212.29.229.21"
FF NetworkProxy: "backup.socks_port", 80
FF NetworkProxy: "backup.ssl", "212.29.229.21"
FF NetworkProxy: "backup.ssl_port", 80
FF NetworkProxy: "ftp", "198.50.129.9"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "119.4.115.51"
FF NetworkProxy: "gopher_port", 80
FF NetworkProxy: "http", "198.50.129.9"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "198.50.129.9"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "198.50.129.9"
FF NetworkProxy: "ssl_port", 3128
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-16] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-06-07] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-06-07] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> D:\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-08]
FF Extension: Modify Headers - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2016-04-27]
FF Extension: Video DownloadHelper - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-24]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: DownThemAll! - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-04-15]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2014-05-27] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-13]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2016-06-01]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\*****\AppData\Local\funmoods-speeddial.crx <nicht gefunden>
CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\*****\AppData\Local\funmoods.crx <nicht gefunden>
CHR HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\*****\AppData\Local\funmoods-speeddial.crx <nicht gefunden>
CHR HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\*****\AppData\Local\funmoods.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\*****\AppData\Local\funmoods-speeddial.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\*****\AppData\Local\funmoods.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-12]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-12] (AVAST Software)
R2 Intel(R) Small Business Advantage; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [49376 2012-02-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2120712 2016-04-28] (Electronic Arts)
S2 SkypeUpdate; D:\Skype\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies)
R2 SystemStore; C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [50176 2012-05-21] () [Datei ist nicht signiert]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-12] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [111104 2009-02-09] (Guillemot Corporation) [Datei ist nicht signiert]
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-03] (Malwarebytes)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527360 2007-09-10] (PixArt Imaging Inc.) [Datei ist nicht signiert]
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-07-23] (Duplex Secure Ltd.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-04-19] (Anchorfree Inc.)
U5 usbser; C:\Windows\System32\Drivers\usbser.sys [32768 2010-11-21] (Microsoft Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-03 11:46 - 2016-06-03 11:46 - 00000000 ____D C:\FRST
2016-06-03 11:32 - 2016-06-03 11:44 - 00022232 _____ C:\Users\*****\Desktop\mbam.txt
2016-06-03 11:18 - 2016-06-03 11:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-03 11:18 - 2016-06-03 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-06-03 11:17 - 2016-06-03 11:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-03 11:17 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-03 11:17 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-03 11:17 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-02 21:21 - 2016-06-02 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 16
2016-06-01 21:34 - 2016-06-02 15:15 - 00000000 ____D C:\Users\*****\Documents\Citavi 5
2016-06-01 21:34 - 2016-06-01 21:47 - 00000000 ____D C:\Users\*****\AppData\Roaming\Swiss Academic Software
2016-06-01 21:34 - 2016-06-01 21:34 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2016-06-01 21:34 - 2016-06-01 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 5
2016-06-01 21:32 - 2016-06-01 21:32 - 00000000 ____D C:\Users\*****\AppData\Local\Downloaded Installations
2016-05-31 18:22 - 2016-05-31 18:22 - 00135152 _____ C:\Users\*****\AppData\Local\recently-used.xbel
2016-05-30 23:41 - 2016-05-30 23:41 - 00000000 ____D C:\Users\Public\CyberLink
2016-05-30 23:41 - 2016-05-30 23:41 - 00000000 ____D C:\Users\*****\Documents\CyberLink
2016-05-30 23:40 - 2016-05-30 23:40 - 00000000 ____D C:\Users\*****\AppData\Local\Cyberlink
2016-05-30 23:33 - 2016-06-03 01:50 - 00000000 ____D C:\Program Files (x86)\CyberLink
2016-05-30 23:33 - 2016-05-30 23:33 - 00000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2016-05-30 23:30 - 2016-06-03 01:50 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2016-05-30 23:30 - 2016-05-30 23:41 - 00000000 ____D C:\ProgramData\CyberLink
2016-05-30 23:30 - 2016-05-30 23:30 - 00000000 ____D C:\ProgramData\install_clap
2016-05-26 00:28 - 2016-06-02 20:11 - 00149015 _____ C:\Users\*****\Desktop\2016_06rechnung_5616687642.pdf
2016-05-11 11:35 - 2016-05-11 11:35 - 00000000 ____D C:\Users\*****\AppData\Roaming\com.bby.cinemanowca
2016-05-11 01:18 - 2016-05-15 12:14 - 00000000 ____D C:\Users\*****\Desktop\Rupp 2013

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-03 10:43 - 2015-08-05 14:55 - 00000000 ____D C:\Users\*****\Desktop\Neuer Ordner (6)
2016-06-03 10:24 - 2009-07-14 06:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-03 10:24 - 2009-07-14 06:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-03 10:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-03 02:18 - 2013-03-25 22:46 - 00000000 ____D C:\Users\*****\AppData\Roaming\SoftGrid Client
2016-06-03 01:50 - 2012-04-20 17:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-03 00:08 - 2014-07-30 23:58 - 00000000 ____D C:\ProgramData\Origin
2016-06-02 21:22 - 2013-12-18 02:18 - 00000000 ____D C:\Users\*****\AppData\Roaming\vlc
2016-06-02 21:21 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-02 15:35 - 2014-09-10 00:10 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-02 00:05 - 2016-05-03 14:14 - 00000000 ____D C:\Users\*****\Desktop\BA-Arbeit Kapitel
2016-06-01 17:04 - 2011-04-12 09:43 - 00701778 _____ C:\Windows\system32\perfh007.dat
2016-06-01 17:04 - 2011-04-12 09:43 - 00150420 _____ C:\Windows\system32\perfc007.dat
2016-06-01 17:04 - 2009-07-14 07:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-01 17:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-31 22:27 - 2016-01-28 12:27 - 00000000 ____D C:\Users\*****\.gimp-2.8
2016-05-31 18:22 - 2014-01-07 20:51 - 00000000 ____D C:\Users\*****\AppData\Local\gtk-2.0
2016-05-30 16:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-22 11:45 - 2012-09-17 12:04 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-05-19 18:40 - 2015-11-06 00:00 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-18 00:02 - 2016-04-26 13:39 - 00000000 ____D C:\Users\*****\Desktop\Transkripte für BA-Arbeit
2016-05-16 11:14 - 2013-03-11 20:15 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-16 11:14 - 2013-03-11 20:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-15 14:31 - 2015-11-13 18:50 - 00000000 ____D C:\Users\*****\AppData\Local\Clan_prefs
2016-05-13 01:11 - 2014-12-27 13:45 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-09 22:58 - 2014-05-27 21:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-09 22:56 - 2015-04-29 12:02 - 00000000 ____D C:\Users\*****\dwhelper
2016-05-09 13:48 - 2015-05-29 22:41 - 00000000 __SHD C:\AI_RecycleBin
2016-05-08 16:56 - 2015-12-26 13:16 - 00000000 ____D C:\Users\*****\AppData\Local\UnrealEngine
2016-05-08 11:45 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-04 00:17 - 2016-04-12 22:56 - 00000000 ____D C:\Users\*****\Desktop\KGS

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-02-24 00:43 - 2016-03-28 16:51 - 0001456 _____ () C:\Users\*****\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2016-05-31 18:22 - 2016-05-31 18:22 - 0135152 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2015-06-07 02:41 - 2015-06-07 02:41 - 0007605 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg
2014-06-08 16:27 - 2016-05-15 02:23 - 0002703 _____ () C:\ProgramData\flcd_proxy.log
2013-03-30 00:02 - 2013-03-30 00:14 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-28 00:28

==================== Ende von FRST.txt ============================
         

Addition

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-06-2016
durchgeführt von ***** (2016-06-03 11:46:36)
Gestartet von D:\
Windows 7 Professional Service Pack 1 (X64) (2012-04-20 15:20:37)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1078192431-239819200-2145751044-500 - Administrator - Disabled)
Gast (S-1-5-21-1078192431-239819200-2145751044-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1078192431-239819200-2145751044-1003 - Limited - Enabled)
***** (S-1-5-21-1078192431-239819200-2145751044-1000 - Administrator - Enabled) => C:\Users\*****
Mcx1-*****-PC (S-1-5-21-1078192431-239819200-2145751044-1001 - Limited - Enabled) => C:\Users\Mcx1-*****-PC

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Access 97rt PAN EURO G (HKLM-x32\...\Access 97rt PAN EURO G) (Version:  - )
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ANSTOSS 3 (HKLM-x32\...\ANSTOSS 3_is1) (Version:  - )
Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2253 - AVAST Software)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.1.08005 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.1.08005 - Cisco Systems, Inc.) Hidden
Citavi 5  (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.3.1.0 - Swiss Academic Software)
CLAN (HKLM-x32\...\{00868CD9-BEB1-4D2C-8307-4AD82C48501A}) (Version: 2.11.00 - CMU)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.8.0.0 - Electronic Arts)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Fallout (HKLM-x32\...\GOGPACKFALLOUT_is1) (Version: 2.0.0.14 - GOG.com)
Fallout 2 (HKLM-x32\...\GOGPACKFALLOUT2_is1) (Version: 2.0.0.12 - GOG.com)
FIFA 16 (HKLM-x32\...\{28FA2805-7992-4A28-844B-040C57204718}) (Version: 1.42.13482.16 - Electronic Arts)
Fragen-Lern-CD 4.3 (HKLM-x32\...\de.3m5.wendel.flcd.FLCDB.FC622282278C06838B5CD08883589F2C8AB9EEDC.1) (Version: 4.3.5 - Wendel-Verlag GmbH)
Fragen-Lern-CD 4.3 (x32 Version: 4.3.5 - Wendel-Verlag GmbH) Hidden
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) Small Business Advantage (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version:  - Intel(R) Corporation)
Intel(R) Update Manager (x32 Version: 1.0.0.34813 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.6134.5007 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6586 - Realtek Semiconductor Corp.)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix)
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.5 - Electronic Arts)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Yu-Gi-Oh! The Dawn of a New Era Version 5.0.18.3673 (HKLM-x32\...\{1F276EF8-ACD8-4805-845C-BA1FC14DCB3B}_is1) (Version: 5.0.18.3673 - Kaiba Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0071A13B-6B94-46F2-9FB6-ADE22483D5A5} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for *****-PC => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: {0CC6A309-3F84-4134-8FFB-9171C1FE2932} - System32\Tasks\{1DBE5654-06A6-4930-B238-0DF98147764A} => pcalua.exe -a C:\Users\*****\AppData\Local\TNT2\2.0.0.1627\TNT2User.exe -c /UNINSTALL PARTNER=10557
Task: {172DF47C-9163-4CC4-AB32-7BB276417631} - System32\Tasks\{45912AD4-8F33-4D8D-9554-A80AA320F031} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe
Task: {1AE6AEA5-5C3E-4F4B-BC06-6AAD7A21D250} - System32\Tasks\{173E985D-BE0F-4425-BDB3-341AF9AB4146} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\6\SSBCUninstall.exe
Task: {2191EFF0-B8A4-4E70-AB0C-A64B67600B84} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {2585F3CA-5711-4D62-B6F5-A199FED58DC7} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {2B2EA069-9304-4BDF-AF20-4B017C27CC4C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {2B428C53-209C-48C4-A188-624C9CA70FF9} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3C96134A-FC2F-4E4B-9EF9-2700AD0D00E6} - System32\Tasks\{66823191-2EB3-47EC-A19A-02C731EA27C2} => pcalua.exe -a E:\dx7ager.exe -d E:\
Task: {3E76700B-2384-4F18-834F-35983FBB8F26} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-12] (AVAST Software)
Task: {4ABB64DA-07A2-46BD-A64B-3E69D48CEC3E} - System32\Tasks\{8CE18D4A-43FB-4D4B-BD63-0B634CDFAFA1} => pcalua.exe -a D:\Installer.exe -d D:\
Task: {4C7DC039-C318-4A43-B7A9-728234D2A737} - System32\Tasks\{AF90126A-79C8-4274-AD4E-38A1B3BDC08D} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe
Task: {5CEE0A7A-9A24-42B3-A8C4-B264A07E3434} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6672CE13-36D9-4D89-A012-3893126F7B86} - System32\Tasks\{3F24D816-EF75-43E8-9F64-50F1E3DB735E} => pcalua.exe -a C:\Users\*****\Desktop\PESEdit.com_2012_Patch_3.3.1\Installer.exe -d C:\Users\*****\Desktop\PESEdit.com_2012_Patch_3.3.1
Task: {7466DEB7-CB2E-42E6-8A50-621C46C0643E} - System32\Tasks\{60731E58-7FFB-4725-8A0E-4938AF74C082} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe
Task: {803F5571-B947-425E-A2A9-40FFBEC293E0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {83CE7615-E7E2-40A5-A872-AC1C004B734C} - System32\Tasks\{79A0981F-23F9-4972-A067-D5910A7DAAE0} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Task: {883A3927-A45D-4675-BF91-F2EFFA4ACB36} - System32\Tasks\{3670FBCA-2A3C-470A-B293-977CB288DA46} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -c -runfromtemp -l0x0407 -removeonly
Task: {91981B81-7214-48D1-A774-78CBDD928779} - System32\Tasks\{045A154F-0301-4AE9-858C-C7E12566F748} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {99519820-DA6F-4713-802E-8FF328DFC9A2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {A5ED77AC-6AED-406F-9953-2B16D36EB5F3} - System32\Tasks\{EE93492B-829F-46B8-8BA2-7225EA8C38FE} => C:\Program Files (x86)\microsoft-office-enterprise-2007-trial-version.exe
Task: {AB7F177B-533D-4559-A658-B5260C43D430} - System32\Tasks\{05376299-63E3-40B4-B000-3BAC939D67C1} => pcalua.exe -a C:\Users\*****\Desktop\epson375890eu.exe -d C:\Users\*****\Desktop
Task: {BA07FC55-F1EB-4D5A-8725-902184DD8A13} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1078192431-239819200-2145751044-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {BCAB8935-3339-458D-8B1B-0C0E79442CB0} - System32\Tasks\{B1D11270-DC0A-443F-A2C2-7886CB6545AC} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
Task: {C04C3B6E-DB4A-4790-9455-7A5DB41505BC} - System32\Tasks\{5877E4B1-A854-461D-A464-83E4E03E4047} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Task: {C515F816-D0D4-48C2-81DE-84D0EAB44AC6} - System32\Tasks\{87B8B25C-F246-4C50-A323-E5115EC007AB} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
Task: {D2100B8D-CFCF-4F46-B4C7-38B6BF8FF944} - System32\Tasks\avastBCLRestart_firefox.exe => Firefox.exe 
Task: {D31D2427-00AE-4BC4-8DF4-2F9F421DDFBA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {DB898384-D1F3-4649-9244-0A6C28D7214B} - System32\Tasks\{C4C55CCC-9DBF-451F-B551-657EA06F68C0} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
Task: {DC416041-539F-4378-B0DE-9585A0443A5A} - System32\Tasks\{D3869556-B4D2-45ED-9BB6-9B033BF40786} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\3\SSCDUninstall.exe
Task: {E69AC183-3C16-4AB6-BE2C-67EEFE889F79} - System32\Tasks\{8FE250CF-A532-4D2A-89E2-D971EBC570C8} => pcalua.exe -a C:\Users\*****\Desktop\epson29817eu.exe -d C:\Users\*****\Desktop
Task: {E88DA03D-B7F8-4978-9C38-D24035CD37F9} - System32\Tasks\{6E7BB2E2-DB0B-46AD-A7FD-CD4EBAE55CA1} => Firefox.exe hxxp://ui.skype.com/ui/0/7.6.64.105/de/abandoninstall?page=tsProgressBar
Task: {EB234CD3-AE7B-4C04-BA18-B6510C3CA55B} - System32\Tasks\{BCDD38EF-0904-43CC-B055-D9F7168A70CD} => D:\StreamTransport\StreamTransport.exe
Task: {F2679F97-D496-4E85-BCBD-70F9956D2763} - System32\Tasks\{B08A6FA7-7E3B-4CDF-8D07-44CDA2804BD1} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {F560CC06-3682-441B-A3E7-77352D1C586D} - System32\Tasks\{78685E25-AE26-47B9-BD42-866A20EDC10B} => pcalua.exe -a C:\Users\*****\Downloads\streaming_optimizer_setup.exe -d C:\Users\*****\Downloads

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-21 15:42 - 2012-05-21 15:42 - 00050176 _____ () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
2012-02-07 21:54 - 2012-02-07 21:54 - 00078624 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2015-11-03 12:21 - 2015-11-03 12:21 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-02-12 14:29 - 2016-02-12 14:29 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-12 14:29 - 2016-02-12 14:29 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-02 11:15 - 2016-06-02 11:15 - 02984152 _____ () C:\Program Files\AVAST Software\Avast\defs\16060200\algo.dll
2016-04-14 18:04 - 2016-04-14 18:04 - 00509344 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2012-05-21 15:42 - 2012-05-21 15:42 - 00020480 _____ () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.Infrastructure.dll
2016-01-15 13:06 - 2016-01-15 13:06 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-04-20 17:58 - 2012-02-21 06:09 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-04-20 18:00 - 2012-02-27 13:00 - 00030432 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\ProcessPrivileges.dll
2012-04-20 18:00 - 2012-02-27 13:00 - 00215264 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\System.ComponentModel.Composition.dll
2012-04-20 18:00 - 2012-02-27 13:00 - 00051424 _____ () C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Interop.TaskScheduler.dll
2016-05-16 11:14 - 2016-05-16 11:14 - 19427520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\*****\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{94298785-BBE7-4803-9808-176D43C4E216}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9688D9CD-38B3-4C6C-85A2-93D8171E3856}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{A6853C33-7D72-4FBC-8627-2A87A55919CA}D:\alien arena 7_53\crx.exe] => (Block) D:\alien arena 7_53\crx.exe
FirewallRules: [UDP Query User{E0A83EAB-E379-46B6-827E-F0CB77D07E10}D:\alien arena 7_53\crx.exe] => (Block) D:\alien arena 7_53\crx.exe
FirewallRules: [TCP Query User{01277258-7A3B-4271-9FE7-D4C8607EFA3C}D:\pes 2012\pes2012.exe] => (Allow) D:\pes 2012\pes2012.exe
FirewallRules: [UDP Query User{05AF7882-6A87-4B7F-985A-466333B07AC9}D:\pes 2012\pes2012.exe] => (Allow) D:\pes 2012\pes2012.exe
FirewallRules: [TCP Query User{D4FD44CC-6F86-465D-9660-EE25780533C4}D:\titan quest\titan quest.exe] => (Allow) D:\titan quest\titan quest.exe
FirewallRules: [UDP Query User{F5DB8AF0-02B2-47B5-B66A-FD4CD46F78C6}D:\titan quest\titan quest.exe] => (Allow) D:\titan quest\titan quest.exe
FirewallRules: [TCP Query User{ABDBE795-B056-45E6-9256-94B5C1A48326}D:\konami\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\konami\pro evolution soccer 2012\pes2012.exe
FirewallRules: [UDP Query User{6B65D548-037A-4A83-8228-4BE7B053A9CC}D:\konami\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\konami\pro evolution soccer 2012\pes2012.exe
FirewallRules: [{4A90897E-CD4A-4603-A076-2F7603EC17D8}] => (Block) D:\konami\pro evolution soccer 2012\pes2012.exe
FirewallRules: [{8F60A005-04AB-475E-A786-8BFE92808589}] => (Block) D:\konami\pro evolution soccer 2012\pes2012.exe
FirewallRules: [TCP Query User{49375053-5C68-432F-9781-AC33999F0008}D:\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\pro evolution soccer 2012\pes2012.exe
FirewallRules: [UDP Query User{4AD3975C-C6E2-4052-AC09-49C919E916C0}D:\pro evolution soccer 2012\pes2012.exe] => (Allow) D:\pro evolution soccer 2012\pes2012.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{76CCD08E-FDC4-45B3-BBE4-7F35660D2830}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6177E29A-7E97-423E-9E31-7D391AC1DB6F}] => (Allow) C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{AF591D2A-0520-4C36-93B3-14AEDAF3A549}] => (Allow) C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{F983E86F-E76F-4B3D-A004-ACA22CB80938}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{9E4C7613-42CC-4CE2-A645-F2BF96921709}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [TCP Query User{30B4081A-2283-41D8-9FBB-B08E8024C881}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{36FD5D36-DF53-4F09-9EDD-152F3F4BA620}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{09310F29-FC7C-4CB4-AB3C-5CA3164757C9}D:\orbitdownloader\orbitnet.exe] => (Allow) D:\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{EB6E2773-E0F1-4B00-9466-22FB253C88ED}D:\orbitdownloader\orbitnet.exe] => (Allow) D:\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{E34E6481-9AD7-43AC-AD41-2D8092EDD9CB}D:\orbitdownloader\orbitnet.exe] => (Block) D:\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{B6D4044F-D5C8-4087-9B41-7C656EFD9149}D:\orbitdownloader\orbitnet.exe] => (Block) D:\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{FD68BD03-E04C-4AF5-AEEE-5DAB69C75FB0}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{C43B7741-5F17-4FBD-BD41-891C55C5ACAD}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{E59ABD5C-70B2-4F9C-9BB8-B01DBD44F9EF}E:\fscommand\updater.exe] => (Allow) E:\fscommand\updater.exe
FirewallRules: [UDP Query User{98E8DCE4-788A-4E6B-93D6-5579ED579B1E}E:\fscommand\updater.exe] => (Allow) E:\fscommand\updater.exe
FirewallRules: [TCP Query User{E71AEEB1-01BD-41AA-8F36-CFF524807B0C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{A8BDF807-1C34-419B-A7F5-0D1075FD766C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{DF9C7B38-72C8-4905-BF17-15E3D33793AC}D:\sopcast\sopcast.exe] => (Allow) D:\sopcast\sopcast.exe
FirewallRules: [UDP Query User{0394E352-ADD2-4B0C-B227-441231BCE97D}D:\sopcast\sopcast.exe] => (Allow) D:\sopcast\sopcast.exe
FirewallRules: [{8DC61941-EEDE-4959-9AA0-EAD07FDC4DE9}] => (Allow) D:\steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{7D198C55-19F3-4229-8FD4-E8894F94A13D}] => (Allow) D:\steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F74C777F-9F65-4418-9779-CBFA100AE30E}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{98DFE08A-1684-455A-A9A4-6264C9E3F784}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{77167C1C-9004-42E2-9BA7-1FBC770B7E89}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{C324AD62-C264-434E-AD50-8685C9A654C5}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{46242EFF-72ED-474C-A15E-17507B313216}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{DFD8F70A-D886-49EE-BDA7-ECAB1088734E}C:\users\*****\desktop\neuer ordner (2)\vbalink.exe] => (Allow) C:\users\*****\desktop\neuer ordner (2)\vbalink.exe
FirewallRules: [UDP Query User{5D149EAF-08DC-4881-953D-68177630FAE6}C:\users\*****\desktop\neuer ordner (2)\vbalink.exe] => (Allow) C:\users\*****\desktop\neuer ordner (2)\vbalink.exe
FirewallRules: [{98C691AC-BCA1-43BD-9DF9-86705F0542F8}] => (Allow) D:\Samsung\npsasvr.exe
FirewallRules: [{64A1F775-9F00-4698-BB1C-30234E5E4C75}] => (Allow) D:\Samsung\npsasvr.exe
FirewallRules: [{2FF169A4-6B8B-47B4-8724-AE2FCC1B5015}] => (Allow) D:\Samsung\npsvsvr.exe
FirewallRules: [{F35D6A8D-B3A8-4C01-8956-EBA0A2DF5B1B}] => (Allow) D:\Samsung\npsvsvr.exe
FirewallRules: [{C93155AD-0155-461F-9200-3B8A9E14577B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BF829D10-FEE8-4A39-895B-5A270CB8193F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{556741C3-6B18-407D-A36B-2E33091DB2CD}] => (Allow) D:\npsasvr.exe
FirewallRules: [{E36BC25E-DAF0-4A7E-89B8-6EEB3D37F4C7}] => (Allow) D:\npsasvr.exe
FirewallRules: [{4068BB2E-1E2B-4B35-A5F3-830CC0C31A87}] => (Allow) D:\npsvsvr.exe
FirewallRules: [{06CE6F3F-592D-40F3-9352-212C5AF4B359}] => (Allow) D:\npsvsvr.exe
FirewallRules: [{9EA2F439-5C3C-4CC5-A09F-71ABF4F3AB84}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{A69E688A-D28D-4D8A-92D0-74756BE0349B}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{0A5FCF11-E7F2-4F81-9F43-71AF4D6374F6}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{9D2AAA30-7887-4F75-B937-F8B714C15C8C}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{7ECB53BC-7C99-47EC-83B1-9E05FC1B6A23}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{97DB5C82-F495-4902-ACD7-510997B2EE11}] => (Allow) D:\StreamTransport\StreamTransport.exe
FirewallRules: [{716BC0D0-1D25-43E9-A230-8EA33CE2D2A5}] => (Allow) D:\Realplayer\realplay.exe
FirewallRules: [{08418CE3-8F62-44A4-8427-9FEBFFE542FB}] => (Allow) D:\Realplayer\realplay.exe
FirewallRules: [{4DB46D3E-89B2-4A48-97DA-D4B31BB69641}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{2B73FA99-F875-4992-9F10-37F78CD7C608}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{839203F3-6FB1-4A71-A6D8-55A3530559BE}D:\maniaplanet\maniaplanet.exe] => (Allow) D:\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{931D8042-D7F8-4BAC-AF66-577D7C07848B}D:\maniaplanet\maniaplanet.exe] => (Allow) D:\maniaplanet\maniaplanet.exe
FirewallRules: [{24D79C9B-F04D-4DD1-9AC8-DE551E973D29}] => (Allow) D:\Samsung\npsasvr.exe
FirewallRules: [{DB568B39-2853-4E83-86ED-072619304E66}] => (Allow) D:\Samsung\npsasvr.exe
FirewallRules: [{9BC2BE4F-CBA0-452C-ADB7-C843FAEC4C4B}] => (Allow) D:\Samsung\npsvsvr.exe
FirewallRules: [{58F6E409-1128-40CF-A0B4-CCF101E13DB9}] => (Allow) D:\Samsung\npsvsvr.exe
FirewallRules: [{8C338048-DB27-4E2D-AB8A-EF82FE816AD8}] => (Allow) D:\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{4A2AAC95-CF70-474E-8F42-93ADB0BBACEA}] => (Allow) D:\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{2FF460ED-3A3F-42C9-B13C-C4F4BCFCA5FB}] => (Allow) D:\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{9F962D63-AAB8-4A21-9AB1-AAB1E92CD4DF}] => (Allow) D:\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{7BD7B874-0A59-4FC8-8A51-FCCBEDB68F2B}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{9E5E263C-06E1-47A5-A607-570E8913142E}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [TCP Query User{AF1BE002-5DF9-49DB-9145-04F4668498F6}D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [UDP Query User{F4D10470-C05D-491B-BB38-A505DC6CCC69}D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [{CB0C0078-85B0-4BF4-BBC0-630D2D2202DC}] => (Block) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [{59363F5C-D949-438C-8544-4D249C34DC65}] => (Block) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [{C70883A0-C343-41E3-B6BD-7D75865A5D5B}] => (Allow) D:\Skype\Phone\Skype.exe
FirewallRules: [{7A33FBBA-2C4D-4668-9632-DF6FC4552E40}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{70753751-3DB1-40ED-8051-0596499DD5B1}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{E6DDD641-730A-4647-AD3B-E24C9EBCCB4B}] => (Allow) D:\steam\bin\steamwebhelper.exe
FirewallRules: [{182BB2E6-6C64-471C-8223-2505E76A5767}] => (Allow) D:\steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{230FAD66-FB36-4227-A0C8-BF67D7A62877}D:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [UDP Query User{A2D05491-07CD-4924-8153-BC7A29505700}D:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [{DAAF45B6-8A2F-473C-9BB7-04244E6D50CF}] => (Block) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [{5B58AC55-CA8F-452E-B796-F9E7DF687BDB}] => (Block) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [{547129D6-5A14-46E5-B11B-3F6E0BB6B0A4}] => (Allow) D:\steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{CD4EAC82-11C2-41B7-86B1-5FC4CF7619D2}] => (Allow) D:\steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{7A2DA5E6-C4A7-4F59-B65D-AC48A61064E1}] => (Allow) D:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [{187A1EF0-5558-447C-ABEE-625AC07A723B}] => (Allow) D:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [{1EFB4A3A-6113-464D-9528-6EFA205A6E65}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ADFE4FBE-FA82-47D6-BE12-EBA70E0FEABF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C4698300-FE10-4715-ABB4-759C70195532}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{565E985C-046A-435D-9649-07DF5E0AAC93}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{120151B5-E836-42AA-A43F-F12932CF806B}] => (Allow) D:\steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{CD028901-4F2F-450B-91FE-A8B8511A3286}] => (Allow) D:\steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{E57FF4CC-B1B1-4B8F-BD57-76A4C85D51E4}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{6E64CD84-569D-4E8E-A92A-1C23B704609A}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [TCP Query User{9493AB36-6106-4E5A-8BDF-7EBAC795628B}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{BF076DB4-D3A7-4E77-AAF4-3839952B55CE}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{D876D33F-1264-49BE-9A61-B16E46CAF5E6}] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{BC86322E-CB9C-41A2-9B64-10C49211D7DE}] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{80AB14D5-B8B1-404B-B0EF-C5A0771A73C4}D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [UDP Query User{616A93E8-729A-4587-9737-1CCCC073ED67}D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [{853CB42B-6954-4CB0-A55F-85113F6167D9}] => (Block) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [{79697550-E990-4CB2-B1D3-DDD86435FDD1}] => (Block) D:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe
FirewallRules: [TCP Query User{C987FDDC-F65B-449B-BFF2-4FA740BC63A7}D:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [UDP Query User{73F40D76-BDD1-4270-82AD-B45115637DA7}D:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [{B3907EE7-BC18-4B43-AFF5-F98C05A393B4}] => (Block) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [{5D0EC131-F3A2-441C-879B-65985643F81C}] => (Block) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [{2F0557AB-20B4-46A3-B1FA-D078CCA96F34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B2952665-C19C-4084-AFBA-A48D1D4A9B3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2B0839F3-9AAE-466B-845D-9F77E52F6AC2}] => (Allow) D:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
FirewallRules: [{3B7FB2AB-AAF6-4B4D-83CB-B6CBD1D7C406}] => (Allow) D:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
FirewallRules: [TCP Query User{333F4A8D-430F-4B7E-ADF2-59365C8CF461}D:\jdownloader v2.0\jdownloader2.exe] => (Allow) D:\jdownloader v2.0\jdownloader2.exe
FirewallRules: [UDP Query User{EB132654-F851-4A98-8A41-0EB2F2AE92C3}D:\jdownloader v2.0\jdownloader2.exe] => (Allow) D:\jdownloader v2.0\jdownloader2.exe
FirewallRules: [{D86ACBF1-3A3D-4A4D-84CB-5EB369FC731F}] => (Block) D:\jdownloader v2.0\jdownloader2.exe
FirewallRules: [{23BFFDB7-A160-4F4E-B04B-287A8C85404D}] => (Block) D:\jdownloader v2.0\jdownloader2.exe
FirewallRules: [TCP Query User{A072177C-7188-4EB4-9846-1CD55AD8E934}D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe] => (Allow) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [UDP Query User{87EFAD7E-30EF-4BB3-BD5F-5856BD2137FB}D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe] => (Allow) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [{767A0D3E-6CDA-4093-A469-3A663F938684}] => (Block) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [{616DC7E5-3F34-4A8B-B0FA-6103B60F28FC}] => (Block) D:\yu-gi-oh! the dawn of a new era\ygopro\ygopro.exe
FirewallRules: [{29D906A8-E74A-4DA3-ACBC-45028C63EA40}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AC24542D-87FB-4406-A45F-253E11FBC154}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{99A9A41A-755D-43C9-8C04-46EB23AFF018}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{14AADFB8-C9E9-45A1-8A3C-41637D7193A0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{867181B9-03AF-45B7-8A7F-766A660EB38E}] => (Allow) D:\itunes (1)\iTunes.exe
FirewallRules: [TCP Query User{445EBC5A-5F72-45F8-9CDE-396279860252}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{48A911E9-B5BC-47ED-B564-05B06D084A4B}D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) D:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{CA96D09B-8060-4B2D-81B8-E34C4152E478}] => (Allow) D:\steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{315A886A-E2EB-418F-A831-FA16E3DF8731}] => (Allow) D:\steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{50FC1106-9F83-42E5-8EEB-61B864B36071}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [{81B05483-E256-4251-B0F4-B14AC17CA6DB}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe

==================== Wiederherstellungspunkte =========================

03-06-2016 11:43:57 Windows Modules Installer

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/03/2016 10:27:09 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.

Error: (06/03/2016 10:17:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2016 01:28:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/03/2016 01:28:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/02/2016 09:51:13 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.

Error: (06/02/2016 09:41:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2016 05:14:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Steam.exe, Version 3.42.16.13 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7d0

Startzeit: 01d1bcca1f38bce6

Endzeit: 27

Anwendungspfad: D:\steam\Steam.exe

Berichts-ID: a546ba08-28d4-11e6-b68b-00059a3c7a00

Error: (06/02/2016 01:15:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/02/2016 01:15:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/02/2016 11:25:58 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.


Systemfehler:
=============
Error: (06/03/2016 10:17:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen

Error: (06/03/2016 10:16:19 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/02/2016 09:41:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen

Error: (06/02/2016 09:38:45 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/02/2016 08:41:40 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (06/02/2016 01:17:52 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (06/02/2016 11:15:56 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen

Error: (06/02/2016 11:14:50 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/01/2016 01:09:12 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (06/01/2016 11:32:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Prozentuale Nutzung des RAM: 42%
Installierter physikalischer RAM: 8130.21 MB
Verfügbarer physikalischer RAM: 4700.46 MB
Summe virtueller Speicher: 8930.34 MB
Verfügbarer virtueller Speicher: 5280.95 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:50 GB) (Free:2.08 GB) NTFS
Drive d: () (Fixed) (Total:415.66 GB) (Free:39.64 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1FE31042)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=415.7 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

Malwarebytes Anti-Malware

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 03.06.2016
Suchlaufzeit: 11:19
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.06.03.01
Rootkit-Datenbank: v2016.05.27.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: *****

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 337625
Abgelaufene Zeit: 10 Min., 14 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 96
Adware.1ClickDownload, HKLM\SOFTWARE\CLASSES\APPID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}, , [b2db9e5a0f8aaa8cd6065b288280a060], 
Adware.1ClickDownload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}, , [b2db9e5a0f8aaa8cd6065b288280a060], 
Adware.1ClickDownload, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}, , [b2db9e5a0f8aaa8cd6065b288280a060], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}, , [3e4ffbfd9afffc3a125c2a52d9292bd5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\escort.escortIEPane.1, , [3e4ffbfd9afffc3a125c2a52d9292bd5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\escort.escortIEPane, , [3e4ffbfd9afffc3a125c2a52d9292bd5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane, , [3e4ffbfd9afffc3a125c2a52d9292bd5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\escort.escortIEPane, , [3e4ffbfd9afffc3a125c2a52d9292bd5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane.1, , [3e4ffbfd9afffc3a125c2a52d9292bd5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\escort.escortIEPane.1, , [3e4ffbfd9afffc3a125c2a52d9292bd5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}, , [3e4ffbfd9afffc3a125c2a52d9292bd5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}, , [e8a5c731e3b67fb7d19f44389b670bf5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore.1, , [e8a5c731e3b67fb7d19f44389b670bf5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoodsApp.appCore, , [e8a5c731e3b67fb7d19f44389b670bf5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoodsApp.appCore, , [e8a5c731e3b67fb7d19f44389b670bf5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoodsApp.appCore, , [e8a5c731e3b67fb7d19f44389b670bf5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoodsApp.appCore.1, , [e8a5c731e3b67fb7d19f44389b670bf5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoodsApp.appCore.1, , [e8a5c731e3b67fb7d19f44389b670bf5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}, , [e8a5c731e3b67fb7d19f44389b670bf5], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}, , [4b42bc3ccdcc979f037016663ac860a0], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\f, , [4b42bc3ccdcc979f037016663ac860a0], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\f, , [4b42bc3ccdcc979f037016663ac860a0], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\f, , [4b42bc3ccdcc979f037016663ac860a0], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}, , [4b42bc3ccdcc979f037016663ac860a0], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}, , [e6a7c53341580a2c630997e55aa821df], 
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, , [4a435c9c693053e3bfaedca0f210837d], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, , [4a435c9c693053e3bfaedca0f210837d], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoods.funmoodsHlpr, , [4a435c9c693053e3bfaedca0f210837d], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoods.funmoodsHlpr.1, , [4a435c9c693053e3bfaedca0f210837d], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.funmoodsHlpr, , [4a435c9c693053e3bfaedca0f210837d], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.funmoodsHlpr.1, , [4a435c9c693053e3bfaedca0f210837d], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.funmoodsHlpr, , [4a435c9c693053e3bfaedca0f210837d], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.funmoodsHlpr.1, , [4a435c9c693053e3bfaedca0f210837d], 
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}, , [4a435c9c693053e3bfaedca0f210837d], 
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, , [1c714cac6633d561343ba2da3fc37f81], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoods.dskBnd, , [1c714cac6633d561343ba2da3fc37f81], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\funmoods.dskBnd.1, , [1c714cac6633d561343ba2da3fc37f81], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.dskBnd, , [1c714cac6633d561343ba2da3fc37f81], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\funmoods.dskBnd.1, , [1c714cac6633d561343ba2da3fc37f81], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.dskBnd, , [1c714cac6633d561343ba2da3fc37f81], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\funmoods.dskBnd.1, , [1c714cac6633d561343ba2da3fc37f81], 
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, , [1c714cac6633d561343ba2da3fc37f81], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, , [7419ef097c1de94d0445038be61d47b9], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [0885f503e4b5c076e16a1b7302019b65], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, , [632a2fc9aeebb97dd772ef9fca39e11f], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [b6d79563f5a413239caf2d6138cbcf31], 
PUP.Optional.RegCleanPro, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, , [46471cdc1683e0563386217bba492ad6], 
PUP.Optional.InstallCore, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\InstallCore, , [d2bb1fd9841551e564bce1b1d52e5ca4], 
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, , [a1ec758332671422d96dd1bdb54e946c], 
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [abe28573a0f9ce68c1863f4fcb38966a], 
PUP.Optional.TNT, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F16D5BEA-D5EC-4187-88A0-7223A4DA5CC4}, , [c4c9aa4ea4f59b9b329acdd6927150b0], 
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [0c81c0389bfe43f359eecdc1de252ed2], 

Registrierungswerte: 30
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, Funmoods Toolbar, , [1c714cac6633d561343ba2da3fc37f81]
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}, , [17767c7c7f1ac76f313ebfbd986aed13], 
PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, , [0885f503e4b5c076e16a1b7302019b65]
PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [b6d732c66c2d251119323d514ab943bd]
PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, , [45487781c6d3f04643089df1c93a6997]
PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [6d208573693096a053f8c4ca62a1ee12]
PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, hxxp://start.funmoods.com/favicon.ico, , [94f9c5330c8d3ff77fcc1c721ae9a55b]
PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, , [2e5f46b2a0f9b185a7a4d4ba6f94cc34]
PUP.Optional.FunMoods, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, hxxp://start.funmoods.com/favicon.ico, , [fd90c533bddcb97d0d3edfaf857e0cf4]
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, , [b6d79563f5a413239caf2d6138cbcf31]
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [008d1fd925743ff777d4018d46bdb24e]
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, , [187528d0fe9b49edba910c82d231946c]
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [2766ec0c6d2c3df90a414846798a20e0]
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, hxxp://start.funmoods.com/favicon.ico, , [fc917e7a03962e0860eb3658a3600ff1]
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, , [1c71c038e4b5f640a1aac3cb05fee818]
PUP.Optional.FunMoods, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, hxxp://start.funmoods.com/favicon.ico, , [8607c0384851211545065f2f20e3c43c]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, hxxp://start.funmoods.com/favicon.ico, , [abe28573a0f9ce68c1863f4fcb38966a]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, , [335a1ddb8019f73fb88f4d41a261aa56]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [385536c29009e353ef5835595ea5cc34]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [1c718078ddbcfe3865e2137b808352ae]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, hxxp://start.funmoods.com/favicon.ico, , [f89515e31f7a330379ce1876dd269d63]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, , [1a730aee1881b4820047f39be221f30d]
PUP.Optional.TNT, HKU\S-1-5-21-1078192431-239819200-2145751044-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F16D5BEA-D5EC-4187-88A0-7223A4DA5CC4}|OSDFileURL, file:///C:/Users/*****/AppData/Local/TNT2/Profiles/10557/yah10557.xml, , [c4c9aa4ea4f59b9b329acdd6927150b0]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, hxxp://start.funmoods.com/favicon.ico, , [0c81c0389bfe43f359eecdc1de252ed2]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Funmoods, , [6825e0181782b87e88bfb4dab94a2dd3]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [1677c434910843f3b5926a24a16213ed]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\PROGRA~2\Funmoods\1.5.23.22\FavIcon.ico, , [7d100deb1c7dd95d2b1c820c17ec926e]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=softpb&chnl=softpb&cd=2XzutAtN2Y1L1Qzuzz0Czzzy0AyD0C0CyDyE0FtDtAzyyByDtN0D0TzutBtDtCtBtDyBtDyB&cr=277113800, , [8c0124d44c4d93a3d374bad4ae558d73]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, hxxp://start.funmoods.com/favicon.ico, , [67263bbdd3c6e74fcf78a7e717ecb050]
PUP.Optional.FunMoods, HKU\S-1-5-21-1078192431-239819200-2145751044-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Funmoods, , [8b022ecabddca096a2a5cdc144bf837d]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         

AdwCleaner

Code:
ATTFilter
# AdwCleaner v5.119 - Bericht erstellt am 03/06/2016 um 14:02:03
# Aktualisiert am 30/05/2016 von Xplode
# Datenbank : 2016-05-30.3 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (X64)
# Benutzername : ***** - *****PC
# Gestartet von : D:\AdwCleaner_5.119.exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

Ordner gefunden : C:\ProgramData\9768c88e73e60ecb
Ordner gefunden : C:\ProgramData\Application Data\9768c88e73e60ecb
Ordner gefunden : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Ordner gefunden : C:\Program Files (x86)\Common Files\Tobit
Ordner gefunden : C:\Users\*****\AppData\Roaming\GrabPro
Ordner gefunden : C:\Users\*****\AppData\Roaming\ProgSense
Ordner gefunden : C:\Users\*****\AppData\Local\CrashRpt

***** [ Dateien ] *****

Datei gefunden : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zaghk6zr.default-1403462312104\invalidprefs.js

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

Wert gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel gefunden : HKLM\SOFTWARE\Classes\f
Schlüssel gefunden : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel gefunden : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel gefunden : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel gefunden : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Schlüssel gefunden : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Sample.BrowserHandler
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Schlüssel gefunden : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{F5A29F21-B121-48A0-A317-737AF8BB106A}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Wert gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Wert gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Schlüssel gefunden : HKCU\Software\APN PIP
Schlüssel gefunden : HKCU\Software\Conduit
Schlüssel gefunden : HKCU\Software\InstallCore
Schlüssel gefunden : HKCU\Software\OCS
Schlüssel gefunden : HKCU\Software\ProgSense
Schlüssel gefunden : HKCU\Software\UpToDown
Schlüssel gefunden : HKCU\Software\Yahoo\Companion
Schlüssel gefunden : HKCU\Software\Yahoo\YFriendsBar
Schlüssel gefunden : HKCU\Software\delta
Schlüssel gefunden : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Schlüssel gefunden : HKLM\SOFTWARE\Yahoo\Companion
Schlüssel gefunden : HKLM\SOFTWARE\systweak
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\APN PIP
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Conduit
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\InstallCore
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\OCS
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\ProgSense
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\UpToDown
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Yahoo\Companion
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Yahoo\YFriendsBar
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\delta
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\AppDataLow\Software\Yahoo\Companion
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Daten gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel gefunden : HKU\S-1-5-21-1078192431-239819200-2145751044-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel gefunden : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatSrv
Schlüssel gefunden : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ExpatWd

***** [ Internetbrowser ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [10784 Bytes] - [03/06/2016 14:00:22]
C:\AdwCleaner\AdwCleaner[S2].txt - [10688 Bytes] - [03/06/2016 14:02:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [10762 Bytes] ##########
         

Geändert von Deuterium (03.06.2016 um 15:15 Uhr)

 

Themen zu Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an
anti-malware, avast, datei, dnsapi.dll, eset, fremden, gehackt, guten, logfiles, löschen, microsoft, namen, online, relativ, scan, scanner, schadprogramme, suche, trojaner, verschickt, viren, win, win32, windows, windows 7, wrapper, yahoo




Ähnliche Themen: Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an


  1. E-Mail Account gehackt?
    Überwachung, Datenschutz und Spam - 28.10.2015 (57)
  2. Spam Mail vom eigenen Yahoo Account erhalten - Account gehackt?
    Log-Analyse und Auswertung - 28.08.2015 (8)
  3. Windows 7: Kaspersky findet C:\$RECYCLEBIN Trojaner und E-Mail account gehackt?
    Log-Analyse und Auswertung - 14.07.2014 (13)
  4. E-Mail Account gehackt - unauthorisierte Mails von meinem Account werden verschickt
    Log-Analyse und Auswertung - 19.04.2014 (5)
  5. E-Mail-Account auf Mac gehackt ?
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (5)
  6. Mail account gehackt?
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (11)
  7. E-Mail Account gehackt? mailer-daemon@gmx.de
    Plagegeister aller Art und deren Bekämpfung - 24.07.2013 (17)
  8. AOL E-Mail Account gehackt?
    Überwachung, Datenschutz und Spam - 08.07.2013 (23)
  9. Mail Account gehackt?
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (23)
  10. Gmx Mail Account gehackt? Virus?
    Plagegeister aller Art und deren Bekämpfung - 10.04.2013 (38)
  11. Amazon + E-mail account gehackt
    Log-Analyse und Auswertung - 26.02.2013 (13)
  12. E- Mail Account gehackt?
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (82)
  13. Mail Account gehackt? Was ist tokenserver?
    Überwachung, Datenschutz und Spam - 10.06.2012 (87)
  14. AOL E-Mail Account gehackt? Nr. 2
    Überwachung, Datenschutz und Spam - 14.02.2012 (0)
  15. In Yahoo Mail Account gehackt
    Log-Analyse und Auswertung - 18.01.2012 (18)
  16. E-Mail Account gehackt
    Plagegeister aller Art und deren Bekämpfung - 13.05.2011 (28)
  17. Amazon Account gehackt + E-mail gehackt !
    Plagegeister aller Art und deren Bekämpfung - 05.05.2008 (16)

Zum Thema Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an - Einen guten Tag wünsche ich allen, ich habe gestern Abend einen Anruf bekommen, dass von meiner E-Mail-Adresse bei Yahoo Spam-Mails verschickt wurden. Als ich nachgeschaut habe, habe ich gesehen, dass - Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an...
Archiv
Du betrachtest: Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.