Hey danke für die Antwort also hier der neue Scan:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by sahdkajs (administrator) on SAHDKAJS-PC on 04-02-2015 15:05:39
Running from C:\Users\sahdkajs\Downloads
Loaded Profiles: sahdkajs (Available profiles: sahdkajs & Music)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Englisch (USA)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Client Connect LTD) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Client Connect LTD) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\update.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\updrgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\update.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2749442998-3716350225-1559413844-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2749442998-3716350225-1559413844-1000\...\MountPoints2: {75cb5c61-3820-11e4-91fc-001d60c1e542} - J:\AUTOPLAY.EXE
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll [219408 2015-01-28] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk
ShortcutTarget: simplicheck.lnk -> C:\Program Files\simplitec\simplicheck\simplicheck.exe (simplitec)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2749442998-3716350225-1559413844-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\sahdkajs\AppData\Roaming\Mozilla\Firefox\Profiles\u6jcx7mp.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3330189&octid=EB_ORIGINAL_CTID&ISID=MC32EABB7-953C-4891-AB30-D24F1D0B8A50&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP898C22DD-92EF-421F-A769-1CBF537B9723
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3330189&octid=EB_ORIGINAL_CTID&ISID=MC32EABB7-953C-4891-AB30-D24F1D0B8A50&SearchSource=55&CUI=&UM=6&UP=SP898C22DD-92EF-421F-A769-1CBF537B9723&SSPV=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\sahdkajs\AppData\Roaming\Mozilla\Firefox\Profiles\u6jcx7mp.default\searchplugins\trovi-search.xml
FF Extension: Adblock Plus - C:\Users\sahdkajs\AppData\Roaming\Mozilla\Firefox\Profiles\u6jcx7mp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-26]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-27]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\sahdkajs\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\sahdkajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-23]
CHR Extension: (Google Drive) - C:\Users\sahdkajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-23]
CHR Extension: (YouTube) - C:\Users\sahdkajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-23]
CHR Extension: (Google-Suche) - C:\Users\sahdkajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-23]
CHR Extension: (Avira Browserschutz) - C:\Users\sahdkajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-23]
CHR Extension: (Google Wallet) - C:\Users\sahdkajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-23]
CHR Extension: (Google Mail) - C:\Users\sahdkajs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [348032 2015-02-04] ()
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [3505936 2015-01-28] (Client Connect LTD)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4590968 2012-09-05] (Native Instruments GmbH)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17536800 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-11-30] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-06-17] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-09-09] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-06-17] (Avira GmbH)
S3 SynasUSB; C:\Windows\System32\drivers\SynasUSB.sys [18432 2006-11-23] (SIA Syncrosoft) [File not signed]
S3 ZOOM_R16MTR; C:\Windows\System32\Drivers\zmr16usbaudio.sys [80384 2010-06-16] (Zoom Corporation.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 05:25 - 2015-02-04 05:26 - 00034211 _____ () C:\Users\sahdkajs\Downloads\Addition.txt
2015-02-04 05:25 - 2015-02-04 05:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\sahdkajs\Downloads\revosetup95.exe
2015-02-04 05:25 - 2015-02-04 05:25 - 00001226 _____ () C:\Users\sahdkajs\Desktop\Revo Uninstaller.lnk
2015-02-04 05:25 - 2015-02-04 05:25 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-02-04 05:24 - 2015-02-04 15:05 - 00011300 _____ () C:\Users\sahdkajs\Downloads\FRST.txt
2015-02-04 05:23 - 2015-02-04 15:05 - 00000000 ____D () C:\FRST
2015-02-04 05:23 - 2015-02-04 05:23 - 01122304 _____ (Farbar) C:\Users\sahdkajs\Downloads\FRST.exe
2015-02-04 02:54 - 2015-02-04 03:01 - 00000000 ____D () C:\Users\sahdkajs\Documents\DayZ
2015-02-04 02:54 - 2015-02-04 02:59 - 00000000 ____D () C:\Users\sahdkajs\AppData\Local\DayZ
2015-02-04 02:54 - 2015-02-04 02:54 - 00000000 ____D () C:\Program Files\Common Files\BattlEye
2015-02-04 00:59 - 2015-02-04 00:59 - 00000000 ____D () C:\Users\sahdkajs\Documents\Celemony
2015-02-04 00:59 - 2015-02-04 00:59 - 00000000 ____D () C:\Users\sahdkajs\AppData\Roaming\Celemony Software GmbH
2015-02-04 00:51 - 2015-02-04 00:57 - 00000000 ____D () C:\Users\sahdkajs\AppData\Roaming\Audacity
2015-02-02 23:50 - 2015-02-03 23:55 - 00000000 ____D () C:\Users\sahdkajs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-02 20:52 - 2015-02-02 20:52 - 00000000 ____D () C:\Users\Music\AppData\Local\avaxvavya
2015-02-02 17:42 - 2015-02-04 05:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-29 23:52 - 2015-01-29 23:52 - 19731050 _____ () C:\Users\Music\Desktop\nothingsl.wav
2015-01-28 15:20 - 2015-01-28 15:20 - 16852415 _____ () C:\Users\Music\Downloads\wetransfer-2b0e11.zip
2015-01-27 20:05 - 2015-01-27 20:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-26 19:36 - 2015-01-26 19:36 - 00000000 ____D () C:\Users\Music\AppData\Local\Google
2015-01-23 02:30 - 2015-01-27 18:45 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-23 02:30 - 2015-01-23 02:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-23 02:29 - 2015-02-04 15:00 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-23 02:29 - 2015-02-04 05:44 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-23 02:29 - 2015-01-23 02:30 - 00000000 ____D () C:\Users\sahdkajs\AppData\Local\Google
2015-01-23 02:29 - 2015-01-23 02:30 - 00000000 ____D () C:\Program Files\Google
2015-01-18 03:01 - 2015-01-18 03:01 - 00288306 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2015-01-18 03:01 - 2015-01-18 03:01 - 00000000 ____D () C:\Program Files\MSXML 4.0
2015-01-18 03:00 - 2015-01-18 03:01 - 00290468 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2015-01-17 22:28 - 2015-01-17 22:28 - 00000000 ____D () C:\Users\Music\AppData\Roaming\simplitec
2015-01-17 19:05 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-17 19:05 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-17 19:05 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-17 19:05 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-17 19:05 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-17 19:05 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 00:52 - 2015-01-14 00:52 - 00000000 ____D () C:\Users\sahdkajs\AppData\Roaming\simplitec
2015-01-13 22:36 - 2015-01-13 22:36 - 00000000 ____D () C:\Users\Music\Documents\MAGIX
2015-01-13 22:35 - 2015-01-28 17:03 - 00000000 ____D () C:\ProgramData\simplitec
2015-01-13 22:35 - 2015-01-13 22:36 - 00000000 ____D () C:\ProgramData\MAGIX
2015-01-13 22:35 - 2015-01-13 22:35 - 00001069 _____ () C:\Users\Public\Desktop\simplicheck.lnk
2015-01-13 22:35 - 2015-01-13 22:35 - 00001065 _____ () C:\Users\Public\Desktop\MAGIX Foto Designer 7.lnk
2015-01-13 22:35 - 2015-01-13 22:35 - 00000000 ____D () C:\Users\Music\AppData\Roaming\MAGIX
2015-01-13 22:35 - 2015-01-13 22:35 - 00000000 ____D () C:\Users\Music\AppData\Local\MAGIX
2015-01-13 22:35 - 2015-01-13 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
2015-01-13 22:35 - 2015-01-13 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2015-01-13 22:35 - 2015-01-13 22:35 - 00000000 ____D () C:\Program Files\simplitec
2015-01-13 22:35 - 2015-01-13 22:35 - 00000000 ____D () C:\Program Files\MAGIX
2015-01-13 22:35 - 2015-01-13 22:35 - 00000000 ____D () C:\Program Files\Common Files\MAGIX Services
2015-01-13 22:34 - 2015-01-13 22:34 - 24003400 _____ (MAGIX AG) C:\Users\Music\Downloads\foto_designer_7011_23mb_d.exe
2015-01-13 22:28 - 2015-01-13 22:28 - 00002142 _____ () C:\Users\Music\AppData\Local\recently-used.xbel
2015-01-13 22:27 - 2015-01-13 22:27 - 00841650 _____ () C:\Users\Music\Documents\Unbenannt.xcf
2015-01-13 22:23 - 2015-01-13 22:23 - 00038553 _____ () C:\Users\Music\Downloads\fibel_vienna.zip
2015-01-13 21:54 - 2015-01-13 22:27 - 00000000 ____D () C:\Users\Music\AppData\Local\gtk-2.0
2015-01-13 21:52 - 2015-01-13 21:52 - 00000000 ____D () C:\Users\Music\.thumbnails
2015-01-13 21:48 - 2015-01-13 22:33 - 00000000 ____D () C:\Users\Music\.gimp-2.8
2015-01-13 21:48 - 2015-01-13 21:48 - 00000000 ____D () C:\Users\Music\AppData\Local\gegl-0.2
2015-01-13 21:48 - 2015-01-13 21:48 - 00000000 ____D () C:\Users\Music\AppData\Local\fontconfig
2015-01-13 21:46 - 2015-01-13 21:46 - 00202074 _____ () C:\Users\Music\Downloads\livin-hell_carnivalee-freakshow.zip
2015-01-13 21:46 - 2015-01-13 21:46 - 00001051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-01-13 21:44 - 2015-01-13 21:46 - 00000000 ____D () C:\Program Files\GIMP 2
2015-01-13 21:40 - 2015-01-13 21:41 - 91670064 _____ (The GIMP Team ) C:\Users\Music\Downloads\gimp-2.8.14-setup.exe
2015-01-13 02:58 - 2015-01-13 02:58 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-13 02:57 - 2015-01-13 02:57 - 00638888 _____ (Oracle Corporation) C:\Users\sahdkajs\Downloads\jxpiinstall(1).exe
2015-01-13 02:56 - 2015-01-13 02:56 - 00638888 _____ (Oracle Corporation) C:\Users\sahdkajs\Downloads\jxpiinstall.exe
2015-01-13 02:51 - 2015-01-13 02:51 - 00000000 __SHD () C:\Users\sahdkajs\AppData\Local\EmieBrowserModeList
2015-01-13 00:06 - 2015-02-02 17:45 - 00000000 ____D () C:\Users\sahdkajs\AppData\Local\Adobe
2015-01-13 00:06 - 2015-01-13 00:06 - 00000216 _____ () C:\Users\sahdkajs\Desktop\Magic Barrage - Bitferno.url
2015-01-12 22:14 - 2015-01-12 22:20 - 524894245 _____ () C:\Users\sahdkajs\Downloads\l4d2_the_bloody_moors_4.0.zip
2015-01-06 20:21 - 2015-01-06 20:27 - 59117106 _____ () C:\Users\sahdkajs\Desktop\L4d_HelmsDeep.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 15:04 - 2006-12-31 23:44 - 02008261 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 15:00 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 15:00 - 2009-07-14 05:39 - 00063176 _____ () C:\Windows\setupact.log
2015-02-04 15:00 - 2007-01-01 01:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-04 05:51 - 2009-07-14 05:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 05:51 - 2009-07-14 05:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 05:43 - 2010-11-20 22:48 - 00203228 _____ () C:\Windows\PFRO.log
2015-02-04 04:20 - 2014-06-26 21:45 - 00000000 ____D () C:\Program Files\Steam
2015-02-04 04:06 - 2014-06-26 17:52 - 00007669 _____ () C:\Users\sahdkajs\AppData\Local\Resmon.ResmonCfg
2015-02-04 02:50 - 2014-08-12 14:10 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-04 01:02 - 2014-12-23 19:05 - 00000000 ____D () C:\Users\sahdkajs\Desktop\Music stuff
2015-02-03 01:48 - 2014-12-01 20:26 - 00000000 ____D () C:\Users\sahdkajs\AppData\Roaming\TS3Client
2015-02-03 00:45 - 2014-11-28 01:01 - 00282296 _____ () C:\Windows\system32\PnkBstrB.xtr
2015-02-03 00:45 - 2014-11-28 01:00 - 00139048 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2015-02-03 00:45 - 2014-11-28 00:59 - 00282296 _____ () C:\Windows\system32\PnkBstrB.exe
2015-02-03 00:44 - 2014-11-28 00:59 - 00215128 _____ () C:\Windows\system32\PnkBstrB.ex0
2015-02-02 21:40 - 2014-06-26 21:45 - 00000000 ____D () C:\Program Files\Common Files\Steam
2015-02-02 20:52 - 2014-07-26 13:15 - 00000000 ____D () C:\Program Files\SearchProtect
2015-02-02 20:49 - 2014-11-17 21:21 - 00000000 ____D () C:\Users\Music\Desktop\bounces
2015-02-02 18:36 - 2014-06-26 23:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-02 18:36 - 2014-06-26 23:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-01 20:27 - 2010-11-20 22:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-01 04:32 - 2014-12-23 19:44 - 00000000 ____D () C:\Users\Music\AppData\Roaming\Celemony Software GmbH
2015-01-31 23:15 - 2014-06-26 18:22 - 00000000 ____D () C:\Cubase Install
2015-01-29 18:06 - 2014-12-23 19:31 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-29 18:06 - 2014-06-26 01:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-29 18:05 - 2014-06-26 01:25 - 00000000 ____D () C:\Program Files\Avira
2015-01-29 17:58 - 2014-06-26 01:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-18 03:05 - 2014-06-26 10:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-18 03:01 - 2014-06-26 10:42 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-17 18:58 - 2009-07-14 05:33 - 00270872 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-14 00:53 - 2007-01-01 02:00 - 00059752 _____ () C:\Users\sahdkajs\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-13 23:02 - 2014-06-26 18:06 - 00059752 _____ () C:\Users\Music\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-13 00:06 - 2014-06-26 02:11 - 00000000 ____D () C:\Users\sahdkajs\AppData\Roaming\Adobe
==================== Files in the root of some directories =======
2014-11-28 01:00 - 2014-11-28 01:00 - 0138056 _____ () C:\Users\sahdkajs\AppData\Roaming\PnkBstrK.sys
2014-06-26 17:52 - 2015-02-04 04:06 - 0007669 _____ () C:\Users\sahdkajs\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\Music\AppData\Local\Temp\6853.exe
C:\Users\Music\AppData\Local\Temp\928.exe
C:\Users\Music\AppData\Local\Temp\avgnt.exe
C:\Users\Music\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Music\AppData\Local\Temp\nshDC5F.exe
C:\Users\Music\AppData\Local\Temp\nsm24A.exe
C:\Users\Music\AppData\Local\Temp\nsr6AE.exe
C:\Users\Music\AppData\Local\Temp\nstC0F3.exe
C:\Users\Music\AppData\Local\Temp\nswDFC9.exe
C:\Users\Music\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Music\AppData\Local\Temp\setup.exe
C:\Users\Music\AppData\Local\Temp\SyncrosoftLicenseControlSetup.exe
C:\Users\sahdkajs\AppData\Local\Temp\avgnt.exe
C:\Users\sahdkajs\AppData\Local\Temp\nsy120E.exe
C:\Users\sahdkajs\AppData\Local\Temp\nsy35B8.exe
C:\Users\sahdkajs\AppData\Local\Temp\nvStInst.exe
C:\Users\sahdkajs\AppData\Local\Temp\SPSetup.exe
C:\Users\sahdkajs\AppData\Local\Temp\uttDED0.tmp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-03 02:11
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
Und hier der Addition text: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2015
Ran by sahdkajs at 2015-02-04 15:10:11
Running from C:\Users\sahdkajs\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2749442998-3716350225-1559413844-1000\...\uTorrent) (Version: 3.4.2.31515 - BitTorrent Inc.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira (HKLM\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Battlefield: Bad Company 2 (HKLM\...\Steam App 24960) (Version: - DICE)
Brothers In Arms EiB (HKLM\...\BrothersInArmsEiB) (Version: - Ubisoft)
CVPiano-Modeled (HKLM\...\CVPiano-Modeled) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DayZ (HKLM\...\Steam App 221100) (Version: - Bohemia Interactive)
Free YouTube to MP3 Converter version 3.12.44.908 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.44.908 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Grewe Scanner-Interface 7 (HKLM\...\{B1C3F49A-DE7D-1AC1-0913-039C1A8B9B82}) (Version: 7 - Grewe Computertechnik GmbH)
Heroes of Might and Magic 3 Complete (HKLM\...\Heroes of Might and Magic 3 Complete_is1) (Version: - GOG.com)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve)
LucasArts' The Infernal Machine (HKLM\...\LucasArts' The Infernal Machine) (Version: - )
Magic Barrage - Bitferno (HKLM\...\Steam App 335150) (Version: - Gameguyz)
MAGIX Foto Designer 7 (HKLM\...\MAGIX_{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}) (Version: 7.0.1.1 - MAGIX AG)
MAGIX Foto Designer 7 (Version: 7.0.1.1 - MAGIX AG) Hidden
Melodyne 3.1 (HKLM\...\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}) (Version: 3.1.0200 - Celemony Software GmbH)
Melodyne 3.1 (Version: 3.1.0200 - Celemony Software GmbH) Hidden
Melodyne Runtime 4.1 (x86) (HKLM\...\{02875304-0DD9-465A-986E-A3438ACDC623}) (Version: 1.0.1 - Celemony Software GmbH )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments B4 II (HKLM\...\Native Instruments B4 II) (Version: - )
Native Instruments Controller Editor (HKLM\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
Native Instruments Guitar Rig Mobile I/O (HKLM\...\Native Instruments Guitar Rig Mobile I/O) (Version: - Native Instruments)
Native Instruments Guitar Rig Session I/O (HKLM\...\Native Instruments Guitar Rig Session I/O) (Version: - Native Instruments)
Native Instruments Kontakt 5 (HKLM\...\Native Instruments Kontakt 5) (Version: 5.3.1.37 - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
Native Instruments Service Center (HKLM\...\Native Instruments Service Center) (Version: - Native Instruments)
No More Room in Hell (HKLM\...\Steam App 224260) (Version: - No More Room in Hell Team)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM\...\Steam App 24240) (Version: - OVERKILL Software)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
R16_R24 Driver (HKLM\...\{19CF1A77-C522-4082-8A2B-A9952EE9E372}) (Version: 1.15.0000 - ZOOM)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Search Protect (HKLM\...\SearchProtect) (Version: 2.20.2.12 - Client Connect LTD) <==== ATTENTION
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
SimCity 4 Deluxe (HKLM\...\Steam App 24780) (Version: - EA - Maxis)
simplitec simplicheck (HKLM\...\{DF103EDA-7937-4966-8EFB-5EF5C38301F2}) (Version: 1.3.9.0 - simplitec GmbH)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version: - Valve)
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
Steinberg Cubase 5 (HKLM\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
Superior Drummer Installer (HKLM\...\{009AC76E-1A66-4682-82B7-417E77F3C648}) (Version: 2.3.0 - Toontrack)
Syncrosoft Lizenz Kontrolle (HKLM\...\Syncrosoft License Control) (Version: - SIA Syncrosoft)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Tropico 4 (HKLM\...\Steam App 57690) (Version: - Haemimont Games)
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Worms Armageddon (HKLM\...\Steam App 217200) (Version: - Team17 Digital Ltd.)
Yet Another Zombie Defense (HKLM\...\Steam App 270550) (Version: - Awesome Games Studio)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
02-02-2015 22:40:38 Scheduled Checkpoint
04-02-2015 02:49:49 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
04-02-2015 05:33:13 Revo Uninstaller's restore point - Search Protect
04-02-2015 05:38:10 Revo Uninstaller's restore point - Search Protect
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0DB21E4C-18DE-4198-B7A6-AC0C28B22426} - System32\Tasks\avaxvavya => C:\Users\Music\AppData\Local\avaxvavya\avaxvavya.exe [2015-01-28] ()
Task: {51409F0A-87F9-4EB4-8E17-A2FECD8029B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {7563F980-1681-4AB0-B1A8-B16647D37939} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {84402F5D-E371-443A-A17E-2AE4A18EC951} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-02] (Adobe Systems Incorporated)
Task: {A86DEE55-D162-4431-B4E5-32DD48821A3D} - System32\Tasks\{75259BE3-1B85-4F80-8DAC-3D85E9553D9D} => pcalua.exe -a "C:\Program Files\Steam\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "C:\Program Files\Steam\SteamApps\common\Left 4 Dead 2\left4dead2\addons" -c C:\PROGRA~1\Steam\STEAMA~1\common\LEFT4D~1\LEFT4D~1\addons\HELMS_~1.VPK
Task: {D206030A-ED17-428A-9CC1-0867211A74C8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-11-28 00:59 - 2014-11-30 16:59 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2007-01-01 01:52 - 2014-07-02 20:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-01-27 20:05 - 2015-01-27 20:05 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2749442998-3716350225-1559413844-500 - Administrator - Disabled)
Guest (S-1-5-21-2749442998-3716350225-1559413844-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2749442998-3716350225-1559413844-1003 - Limited - Enabled)
Music (S-1-5-21-2749442998-3716350225-1559413844-1001 - Administrator - Enabled) => C:\Users\Music
sahdkajs (S-1-5-21-2749442998-3716350225-1559413844-1000 - Administrator - Enabled) => C:\Users\sahdkajs
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/04/2015 03:00:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2015 03:00:13 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (02/04/2015 05:45:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2015 05:44:44 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.Ser...
Error: (02/04/2015 05:33:12 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Access is denied.
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {025cd91e-7a04-4c59-8897-d2d87dc0e13e}
Error: (02/04/2015 04:52:06 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.Ser...
Error: (02/04/2015 04:23:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2015 00:59:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/04/2015 00:58:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Melodyne.exe, Version: 3.1.2.0, Zeitstempel: 0x451d1512
Name des fehlerhaften Moduls: Melodyne.exe, Version: 3.1.2.0, Zeitstempel: 0x451d1512
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000e6957
ID des fehlerhaften Prozesses: 0x1428
Startzeit der fehlerhaften Anwendung: 0xMelodyne.exe0
Pfad der fehlerhaften Anwendung: Melodyne.exe1
Pfad des fehlerhaften Moduls: Melodyne.exe2
Berichtskennung: Melodyne.exe3
Error: (02/04/2015 00:58:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Melodyne.exe, Version: 3.1.2.0, Zeitstempel: 0x451d1512
Name des fehlerhaften Moduls: Melodyne.exe, Version: 3.1.2.0, Zeitstempel: 0x451d1512
Ausnahmecode: 0xc0000005
Fehleroffset: 0x002c82cd
ID des fehlerhaften Prozesses: 0x1acc
Startzeit der fehlerhaften Anwendung: 0xMelodyne.exe0
Pfad der fehlerhaften Anwendung: Melodyne.exe1
Pfad des fehlerhaften Moduls: Melodyne.exe2
Berichtskennung: Melodyne.exe3
System errors:
=============
Error: (02/03/2015 11:48:34 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 10.0.0.4 mit dem Computer mit der
Netzwerkhardwareadresse 04-A1-51-89-2B-37 ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.
Error: (02/03/2015 04:03:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Search Protect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 20000 Millisekunden durchgeführt: Restart the service.
Error: (02/03/2015 05:39:11 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.
Error: (02/02/2015 10:05:29 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (02/02/2015 05:39:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/02/2015 05:39:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (02/02/2015 05:37:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/01/2015 09:20:35 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.
Error: (01/29/2015 06:13:47 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 29.01.2015 um 18:06:21 unerwartet heruntergefahren.
Error: (01/29/2015 06:11:40 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Microsoft Office Sessions:
=========================
Error: (02/04/2015 03:00:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2015 03:00:13 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (02/04/2015 05:45:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2015 05:44:44 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.Ser...
Error: (02/04/2015 05:33:12 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {025cd91e-7a04-4c59-8897-d2d87dc0e13e}
Error: (02/04/2015 04:52:06 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.Ser...
Error: (02/04/2015 04:23:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2015 00:59:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\Steinberg\Cubase 5\VSTPlugIns\Tools\Auto-Tune+Time_VST.dll
Error: (02/04/2015 00:58:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Melodyne.exe3.1.2.0451d1512Melodyne.exe3.1.2.0451d1512c0000005000e6957142801d0400d58bfe560C:\Program Files\Celemony\Melodyne.3.0\Melodyne.exeC:\Program Files\Celemony\Melodyne.3.0\Melodyne.exe9b475bc0-ac00-11e4-94ed-001d60c1e542
Error: (02/04/2015 00:58:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Melodyne.exe3.1.2.0451d1512Melodyne.exe3.1.2.0451d1512c0000005002c82cd1acc01d0400d46888140C:\Program Files\Celemony\Melodyne.3.0\Melodyne.exeC:\Program Files\Celemony\Melodyne.3.0\Melodyne.exe91c9ea40-ac00-11e4-94ed-001d60c1e542
==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
Percentage of memory in use: 32%
Total physical RAM: 3582.52 MB
Available physical RAM: 2429.27 MB
Total Pagefile: 7163.34 MB
Available Pagefile: 5649.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.51 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:235.97 GB) NTFS
Drive e: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:379.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 5663D131)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
So funktioniert es:
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
dann auf 
und dann auf 
.