| Jan thePanda | 04.05.2015 17:55 |
Hey,
so habe das jetzt hoffentlich alles gemacht. Hier der FRST Scan:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by DanielR (administrator) on DANIEL on 04-05-2015 18:35:38
Running from C:\Users\DanielR\Downloads
Loaded Profiles: DanielR (Available profiles: DanielR)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-07-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [6311104 2014-07-27] (FNet Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1458189435-3400168002-60951032-1001\...\Run: [TeamSpeak 3 Client] => C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe [10725320 2014-08-28] (TeamSpeak Systems GmbH)
HKU\S-1-5-21-1458189435-3400168002-60951032-1001\...\Run: [Spotify Web Helper] => C:\Users\DanielR\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-23] (Spotify Ltd)
HKU\S-1-5-21-1458189435-3400168002-60951032-1001\...\Run: [Spotify] => C:\Users\DanielR\AppData\Roaming\Spotify\Spotify.exe [7168568 2015-04-23] (Spotify Ltd)
Startup: C:\Users\DanielR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-12-20]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DanielR\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DanielR\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DanielR\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DanielR\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DanielR\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DanielR\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DanielR\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DanielR\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1458189435-3400168002-60951032-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-02] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-02] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-02] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.de/?gfe_rd=cr&ei=QefcU9aPOcSK8Qeat4HwBw&gws_rd=ssl"
CHR Profile: C:\Users\DanielR\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\DanielR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-02]
CHR Extension: (Google Drive) - C:\Users\DanielR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-02]
CHR Extension: (YouTube) - C:\Users\DanielR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-02]
CHR Extension: (Google Search) - C:\Users\DanielR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-02]
CHR Extension: (Avira Browser Safety) - C:\Users\DanielR\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-23]
CHR Extension: (Bookmark Manager) - C:\Users\DanielR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\DanielR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\DanielR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-02]
CHR Extension: (Gmail) - C:\Users\DanielR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-02]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-12-20] (Adobe Systems) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [936832 2015-03-08] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-13] (Avira Operations GmbH & Co. KG)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-09-28] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-07-27] (FNet Co., Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-04 18:35 - 2015-05-04 18:36 - 00013190 _____ () C:\Users\DanielR\Downloads\FRST.txt
2015-05-04 18:35 - 2015-05-04 18:35 - 00000000 ____D () C:\FRST
2015-05-04 18:34 - 2015-05-04 18:34 - 02101248 _____ (Farbar) C:\Users\DanielR\Downloads\FRST64.exe
2015-05-03 19:51 - 2015-05-03 19:51 - 00279504 _____ () C:\Windows\Minidump\050315-17953-01.dmp
2015-05-03 19:28 - 2015-05-03 19:33 - 00000000 ____D () C:\AdwCleaner
2015-05-03 19:28 - 2015-05-03 19:28 - 02204160 _____ () C:\Users\DanielR\Downloads\adwcleaner_4.203.exe
2015-05-03 18:24 - 2015-05-03 18:25 - 00279504 _____ () C:\Windows\Minidump\050315-17593-01.dmp
2015-05-02 22:19 - 2015-05-02 22:19 - 00279504 _____ () C:\Windows\Minidump\050215-22562-01.dmp
2015-05-01 12:03 - 2015-05-01 12:03 - 00279504 _____ () C:\Windows\Minidump\050115-22218-01.dmp
2015-04-30 12:30 - 2015-04-30 12:30 - 00279504 _____ () C:\Windows\Minidump\043015-23500-01.dmp
2015-04-30 11:07 - 2015-05-03 19:51 - 463586065 _____ () C:\Windows\MEMORY.DMP
2015-04-30 11:07 - 2015-05-03 19:51 - 00000000 ____D () C:\Windows\Minidump
2015-04-30 11:07 - 2015-04-30 11:07 - 00279504 _____ () C:\Windows\Minidump\043015-28593-01.dmp
2015-04-15 21:05 - 2015-04-15 21:05 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 18:46 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 18:46 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 18:46 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-15 18:46 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 18:46 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-15 18:46 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 18:46 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 18:46 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 18:46 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 18:46 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 18:46 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 18:46 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 18:46 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-15 18:46 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 18:46 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 18:46 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-15 18:46 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-15 18:46 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-15 18:46 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-15 18:46 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 18:46 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-15 18:46 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-15 18:46 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 18:46 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 18:46 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 18:46 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 18:46 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 18:46 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 18:46 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 18:46 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 18:46 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-15 18:46 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-15 18:46 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 18:46 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 18:46 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 18:46 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 18:46 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 18:46 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 18:46 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 18:46 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 18:46 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 18:46 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 18:46 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 18:46 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 18:46 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 18:46 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 18:46 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 18:46 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 18:46 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-15 18:46 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 18:46 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 18:46 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 18:46 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 18:46 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-15 18:46 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-15 18:46 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 18:46 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 18:46 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 18:46 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-15 18:46 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 18:46 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 18:46 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 18:46 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 18:46 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 18:46 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 18:46 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-15 18:46 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 18:46 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 18:46 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 18:46 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-15 18:46 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-05 15:26 - 2015-04-05 15:27 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 15:26 - 2015-04-05 15:26 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-04 18:35 - 2014-08-02 16:13 - 00000000 ____D () C:\Users\DanielR\AppData\Roaming\TS3Client
2015-05-04 18:34 - 2014-07-27 16:14 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6FA6DA67-01BF-4EE7-BDEE-3058CDE2500B}
2015-05-04 18:33 - 2014-07-27 16:15 - 00000000 ____D () C:\Users\DanielR\AppData\Roaming\ClassicShell
2015-05-04 18:31 - 2014-08-02 15:25 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-04 18:31 - 2014-07-27 16:12 - 01554978 _____ () C:\Windows\WindowsUpdate.log
2015-05-04 18:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-04 18:30 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-03 20:31 - 2014-07-27 16:12 - 00000000 ____D () C:\Users\DanielR
2015-05-03 19:56 - 2014-03-18 12:03 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-03 19:56 - 2014-03-18 11:25 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-05-03 19:56 - 2014-03-18 11:25 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-05-03 19:51 - 2013-08-22 16:46 - 00027998 _____ () C:\Windows\setupact.log
2015-05-03 19:51 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-03 19:47 - 2014-08-02 15:25 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-03 18:35 - 2014-07-27 16:18 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1458189435-3400168002-60951032-1001
2015-05-03 18:30 - 2015-01-18 16:33 - 00000000 ____D () C:\Users\DanielR\AppData\Roaming\Spotify
2015-05-03 18:30 - 2015-01-18 16:33 - 00000000 ____D () C:\Users\DanielR\AppData\Local\Spotify
2015-05-03 18:30 - 2014-09-27 12:44 - 00000000 ____D () C:\Users\DanielR\Desktop\Berichtshefte
2015-05-03 17:40 - 2014-08-02 15:32 - 00000000 ____D () C:\Users\DanielR\AppData\Roaming\.minecraft
2015-05-02 12:50 - 2014-08-02 15:25 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-30 11:07 - 2014-03-18 03:50 - 00388214 _____ () C:\Windows\PFRO.log
2015-04-23 14:32 - 2014-08-02 16:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-21 19:30 - 2014-08-21 22:51 - 00000000 ____D () C:\Users\DanielR\AppData\Local\Arma 3
2015-04-18 18:24 - 2015-03-29 12:29 - 00000000 ____D () C:\Users\DanielR\AppData\Local\Arma 3 Launcher
2015-04-16 18:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-04-16 18:02 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-16 17:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 17:38 - 2015-02-07 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-16 17:38 - 2014-11-23 16:12 - 00001151 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-16 17:38 - 2014-11-23 16:10 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-16 17:38 - 2014-07-27 16:17 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-15 21:05 - 2015-03-11 22:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 21:05 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-15 19:00 - 2014-08-02 15:53 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 18:58 - 2014-08-02 15:53 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 18:46 - 2014-11-13 14:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-04-14 01:24 - 2014-08-02 20:05 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2014-08-02 20:05 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-07 18:31 - 2014-11-23 16:12 - 00000000 ____D () C:\Users\DanielR\AppData\Roaming\Avira
2015-04-07 18:30 - 2014-11-23 16:10 - 00000000 ____D () C:\ProgramData\Avira
2015-04-06 11:23 - 2014-09-27 12:44 - 00000000 ___RD () C:\Users\DanielR\Dropbox
2015-04-06 11:23 - 2014-09-27 12:41 - 00000000 ____D () C:\Users\DanielR\AppData\Roaming\Dropbox
2015-04-05 20:51 - 2014-09-27 12:44 - 00001071 _____ () C:\Users\DanielR\Desktop\Dropbox.lnk
2015-04-05 20:51 - 2014-09-27 12:42 - 00000000 ____D () C:\Users\DanielR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-04 11:18 - 2015-01-18 16:33 - 00001859 _____ () C:\Users\DanielR\Desktop\Spotify.lnk
2015-04-04 11:18 - 2015-01-18 16:33 - 00001845 _____ () C:\Users\DanielR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
Some content of TEMP:
====================
C:\Users\DanielR\AppData\Local\Temp\avgnt.exe
C:\Users\DanielR\AppData\Local\Temp\bcccabfdhcdd.exe
C:\Users\DanielR\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptnnckw.dll
C:\Users\DanielR\AppData\Local\Temp\Quarantine.exe
C:\Users\DanielR\AppData\Local\Temp\raptrpatch.exe
C:\Users\DanielR\AppData\Local\Temp\raptr_stub.exe
C:\Users\DanielR\AppData\Local\Temp\sqlite3.dll
C:\Users\DanielR\AppData\Local\Temp\_is8107.exe
C:\Users\DanielR\AppData\Local\Temp\_is8C81.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-27 18:30
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
Dann die Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by DanielR at 2015-05-04 18:36:16
Running from C:\Users\DanielR\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1458189435-3400168002-60951032-500 - Administrator - Disabled)
DanielR (S-1-5-21-1458189435-3400168002-60951032-1001 - Administrator - Enabled) => C:\Users\DanielR
Gast (S-1-5-21-1458189435-3400168002-60951032-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1458189435-3400168002-60951032-1006 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{EE0B4480-194D-C725-EDF8-6CE3FC4DDC89}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - )
Brother MFL-Pro Suite MFC-J430W (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.0.19.0 - Brother Industries, Ltd.)
Camtasia Studio 8 (HKLM-x32\...\{C4E35316-77F1-4EBD-9785-C72E55B1D219}) (Version: 8.4.2.1768 - TechSmith Corporation)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
DayZ Commander (HKLM-x32\...\{7B2CA5E9-763C-4FCE-81EE-13E81ABFE908}) (Version: 0.92.115 - Dotjosh Studios)
Dropbox (HKU\S-1-5-21-1458189435-3400168002-60951032-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Dxtory version 2.0.122 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.122 - Dxtory Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
Landwirtschafts Simulator 2013 (HKLM-x32\...\FarmingSimulator2013DE_is1) (Version: 1.0 - GIANTS Software)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Spotify (HKU\S-1-5-21-1458189435-3400168002-60951032-1001\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Stronghold 2 (HKLM-x32\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.40.1000 - Firefly Studios)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.38 - ASRock Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1458189435-3400168002-60951032-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\DanielR\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458189435-3400168002-60951032-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\DanielR\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458189435-3400168002-60951032-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DanielR\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458189435-3400168002-60951032-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DanielR\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458189435-3400168002-60951032-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DanielR\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458189435-3400168002-60951032-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DanielR\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458189435-3400168002-60951032-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DanielR\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458189435-3400168002-60951032-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DanielR\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458189435-3400168002-60951032-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DanielR\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458189435-3400168002-60951032-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DanielR\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
14-04-2015 18:26:13 Geplanter Prüfpunkt
21-04-2015 19:11:50 Geplanter Prüfpunkt
01-05-2015 13:09:48 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {252F9859-6AC2-4789-811B-FFB66E5E3926} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {388E993E-1D54-4DFA-A540-70A48D43EE74} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {6E87D6F4-3A30-4B30-A3DD-CA0459D6DE30} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {76742429-B862-4DD9-9859-2B3F3870E7C2} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {81BC42F3-B037-454E-9C76-DA3790B39E3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02] (Google Inc.)
Task: {9CEECAC8-CC31-4D9E-BC68-E938205F3CD4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02] (Google Inc.)
Task: {B35E5C85-D1D6-46AB-8BE2-934251B9BF54} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2015-05-02 12:50 - 2015-04-28 04:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-05-02 12:50 - 2015-04-28 04:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1458189435-3400168002-60951032-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\DanielR\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "XFastUSB"
HKU\S-1-5-21-1458189435-3400168002-60951032-1001\...\StartupApproved\Run: => "TeamSpeak 3 Client"
HKU\S-1-5-21-1458189435-3400168002-60951032-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1458189435-3400168002-60951032-1001\...\StartupApproved\Run: => "Spotify Web Helper"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3AD422DD-521D-44AD-8E87-BE3A4F847BAF}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{3F90C910-922A-4FD4-A4EE-5300629EB3F6}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7E999E1B-9DE4-4304-8AAC-29DA90344B6C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{70FF8548-9083-434E-A57F-10DE45F99DDB}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{B40C3E67-C577-46A0-91CA-B2BA3B12ECF6}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{3EED284D-E70B-4E83-A104-71462E9AF15F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{DA893FC8-1DAA-4D3F-94B5-3D4EAFA15551}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{88E22CA6-362F-4462-A498-2506A21AA94E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1CCAC297-70A3-4AAC-83F8-445D7C221CDD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{8C67454A-F12A-429E-A4D5-98973182A4C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{58640482-52EF-435B-8016-C34FE0478ED0}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{738E38F4-3FBF-4C89-9E2A-EE3DAE720425}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{015C6E6D-BC69-494F-9FDD-8BFC540F696A}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{48815DDE-9958-4D61-AF56-CBD330DE8EF5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{25C937AF-DCE5-4E8F-8DEB-B4CB7AB1B535}] => (Allow) LPort=8317
FirewallRules: [{41486DD1-BDC4-4DFF-9831-0C28A78FB7BC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4E276699-CD09-41F9-825E-6742322FD12B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{03B2DAA1-CE10-49E5-9C97-3942DAE19901}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{5A330D88-CAA2-4A65-8AB3-4F975E211283}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{78683241-582F-4118-96D8-A2934E56B1BC}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\FarmingSimulator2013.exe
FirewallRules: [{8C7C6E60-8BA4-4EBE-91C3-1F3A758A086E}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\FarmingSimulator2013.exe
FirewallRules: [{A467ED1E-3E9F-4E31-96D1-2B466ACB8AD7}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{AF5525EE-760A-46C8-87C2-8CC4499E65D2}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{88746680-4971-4697-9D46-DECA60CC8FFB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{E5885147-2AD8-4053-A0D0-5239961D2B94}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{3FE471D1-A62A-4103-9F38-A385B360F99F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{A2FF0712-D91F-45EC-B4D5-377D4995B985}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{4CE7D903-8D87-41E2-ABF4-95EED9838E33}] => (Allow) C:\Users\DanielR\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E892AA3F-6153-4197-8369-1F57BB18F7DA}] => (Allow) C:\Users\DanielR\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4CEF37DB-D0B1-4688-86F6-BE57F9E024E8}] => (Allow) D:\install\data\Disk1\setup.exe
FirewallRules: [{F92C3646-64CB-4603-BD1E-22FA792BF8D2}] => (Allow) D:\install\data\Disk1\setup.exe
FirewallRules: [{07E22279-3603-4418-AC6F-91F9CB38B5F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{EC651504-5636-4B62-920E-867C7F45AD9F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{C62A79DE-B23A-42DF-83A5-FD244B5E92F4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{7500405B-530F-403A-8E1C-C3B14E304250}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{CAEE4D09-8BE4-4044-BC3B-F20F0D512DCA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe
FirewallRules: [{C389294A-F561-4B3A-8128-FCF3B0A72985}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe
FirewallRules: [{30AA8551-735F-4D90-B1BB-EEB5CEC3F93A}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold 2\Stronghold2.exe
FirewallRules: [{120C7E3E-AF91-4429-9582-8EB46CD075B6}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold 2\Stronghold2.exe
FirewallRules: [TCP Query User{82A93256-5906-4044-83F0-35CBC0CAB239}C:\users\danielr\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\danielr\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4B2A5E93-B4BC-46AF-907B-B1A71508CFEE}C:\users\danielr\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\danielr\appdata\roaming\spotify\spotify.exe
FirewallRules: [{98EBDA80-00BB-4833-AA6C-A78214BA7869}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/16/2015 05:36:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.29.22350, Zeitstempel: 0x54a3dd0d
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504ade
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00014598
ID des fehlerhaften Prozesses: 0x708
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3
Vollständiger Name des fehlerhaften Pakets: Avira.OE.ServiceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Avira.OE.ServiceHost.exe5
Error: (04/16/2015 05:36:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.IOException
Stapel:
bei System.IO.__Error.WinIOError(Int32, System.String)
bei System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
bei System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
bei Avira.OE.WinCore.Utility.FileLocker.Lock(System.String)
bei Avira.OE.ServiceHost.Updater.ApplyUpdate(System.String, System.String)
bei Avira.OE.ServiceHost.UpdateManager.DownloadCompleted(System.Object, Avira.OE.WinCore.Interface.DownloadFileBaseArgs)
bei Avira.OE.WinCore.Utility.FileDownloader.Completed(System.Object, System.ComponentModel.AsyncCompletedEventArgs)
bei System.Net.WebClient.OnDownloadFileCompleted(System.ComponentModel.AsyncCompletedEventArgs)
bei System.Net.WebClient.DownloadFileOperationCompleted(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (04/16/2015 05:35:32 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei S...
Error: (04/14/2015 09:12:45 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei S...
Error: (04/13/2015 08:03:22 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei S...
Error: (04/13/2015 07:08:18 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei S...
Error: (04/12/2015 08:26:54 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei S...
Error: (04/12/2015 03:27:45 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei S...
Error: (04/11/2015 05:07:02 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei S...
Error: (04/08/2015 09:10:27 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei S...
System errors:
=============
Error: (05/03/2015 07:51:52 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff801480e02ec, 0xffffd0015b3377c0, 0x0000000000000000)C:\Windows\MEMORY.DMP050315-17953-01
Error: (05/03/2015 07:51:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 03.05.2015 um 19:34:11 unerwartet heruntergefahren.
Error: (05/03/2015 07:34:55 PM) (Source: DCOM) (EventID: 10016) (User: Daniel)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DanielDanielRS-1-5-21-1458189435-3400168002-60951032-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (05/03/2015 07:33:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/03/2015 07:33:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/03/2015 07:33:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/03/2015 07:33:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/03/2015 07:33:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/03/2015 07:33:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Realtek Audio Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/03/2015 07:33:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (04/16/2015 05:36:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.29.2235054a3dd0dKERNELBASE.dll6.3.9600.1741554504adee04343520001459870801d0785ae8cca5f0C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\Windows\SYSTEM32\KERNELBASE.dll4d5fa819-e44e-11e4-8266-d05099061a37
Error: (04/16/2015 05:36:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.IOException
Stapel:
bei System.IO.__Error.WinIOError(Int32, System.String)
bei System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
bei System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
bei Avira.OE.WinCore.Utility.FileLocker.Lock(System.String)
bei Avira.OE.ServiceHost.Updater.ApplyUpdate(System.String, System.String)
bei Avira.OE.ServiceHost.UpdateManager.DownloadCompleted(System.Object, Avira.OE.WinCore.Interface.DownloadFileBaseArgs)
bei Avira.OE.WinCore.Utility.FileDownloader.Completed(System.Object, System.ComponentModel.AsyncCompletedEventArgs)
bei System.Net.WebClient.OnDownloadFileCompleted(System.ComponentModel.AsyncCompletedEventArgs)
bei System.Net.WebClient.DownloadFileOperationCompleted(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (04/16/2015 05:35:32 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei S...
Error: (04/14/2015 09:12:45 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei S...
Error: (04/13/2015 08:03:22 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei S...
Error: (04/13/2015 07:08:18 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei S...
Error: (04/12/2015 08:26:54 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei S...
Error: (04/12/2015 03:27:45 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei S...
Error: (04/11/2015 05:07:02 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei S...
Error: (04/08/2015 09:10:27 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei S...
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4430 CPU @ 3.00GHz
Percentage of memory in use: 20%
Total physical RAM: 8121.66 MB
Available physical RAM: 6454.94 MB
Total Pagefile: 16313.66 MB
Available Pagefile: 14442.97 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.17 GB) (Free:690.19 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0022A8BF)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Und zuletzt der/das? Dump: Code:
==================================================
Dump File : 050315-17953-01.dmp
Crash Time : 03.05.2015 19:51:06
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff801`480e02ec
Parameter 3 : ffffd001`5b3377c0
Parameter 4 : 00000000`00000000
Caused By Driver : atikmdag.sys
Caused By Address : atikmdag.sys+b12ec
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+150ca0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\050315-17953-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 9600
Dump File Size : 279.504
Dump File Time : 03.05.2015 19:51:51
==================================================
Erstaunt mich das du damit etwas anfangen kannst. :balla: |
FRST 32-Bit | FRST 64-Bit