CPU Auslastung 100%,kein Programm sichtbar dass das beeinflusst...

iWatch · 11.05.2015, 19:45

Hallo Leute,
mein Pc ist echt extrem langsam...Ich habe programme gelöscht bzw. spiele einfach alles sogar programme was ich benutzt habe...
Ich habe gelesen, dass es ein Virus sein könnte.
Doch ich fand nicht heraus wie man es löscht/entfernt...
Habe zwar 2.5ghz pc mit 3gb ram doch wenn ich es mit dem laptop meines bruders vergleiche müsste es doch besser sein..Das laptop meines bruders geht einwandfrei...
Er hat erst 2.3ghz mit 4gb ram aber hatte früher noch lol gezockt ging noch aber jetzt ohne,dass ich ein programm öffne..Öffne ich google chrome dauert es sehr lange dann geht es manchmal nicht etc....

Wie lösch ich es?
Will endlich wieder mit meinem pc wenigstens spielen wie vor 3-5monaten...
Ich glaube dass das Virus etwas schlimmer ist als c.a vor 1jahr...
Ich hatte windows vista und habe es mit einem key in w7 verwandelt nun wenn ich es z.b formatiere und betriebssystem wieder installieren will dann geht es nur mit vista...

schrauber · 11.05.2015, 20:16

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

iWatch · 12.05.2015, 13:41

schrauber,
habe grad paar prozessoren entfernt...LMIGuardiansvc(oder so)...Hatte meinen prozessor beeinflusst..
Nur zur Info halt habe auch andere programme im task manager entfernt..
Es ist manchmal 20-100% ist aber besser als vorher...Aber manchmal mehrmals laggts

Das ist FRST.txt das 2. Addition.txt
FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by aziz (administrator) on AZIZ-PC on 12-05-2015 14:24:18
Running from C:\Users\aziz\Downloads
Loaded Profiles: aziz (Available profiles: aziz & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\Logitech\LVMVFM\LVPrS64H.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\FastPlayer\FastPlayerUpdaterService.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\Logitech\LComMgr\Communications_Helper.exe
() C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\Logitech\LComMgr\LVComSX.exe
() C:\Program Files (x86)\eDealPop\eDealPop.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe
(Avira Operations GmbH & Co. KG) C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-x64-V5.23-delta.exe
(Microsoft Corporation) D:\02fa939e9372168c580746\mrtstub.exe
(Microsoft Corporation) C:\Windows\System32\MRT.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\fact.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [IntelliType Pro] => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogitechCommunicationsManager] => C:\Program Files (x86)\Common Files\Logitech\LComMgr\Communications_Helper.exe [284184 2006-10-31] (Logitech Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe [746520 2006-11-15] ()
HKLM-x32\...\Run: [LVCOMSX] => C:\Program Files (x86)\Common Files\Logitech\LComMgr\LVComSX.exe [244512 2006-11-15] (Logitech Inc.)
HKLM-x32\...\Run: [eDealPop] => C:\Program Files (x86)\eDealPop\eDealPop.exe [7168 2014-09-23] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKU\S-1-5-21-1719159326-2625618036-3033724306-1000\...\Run: [Facebook Update] => C:\Users\aziz\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-27] (Facebook Inc.)
HKU\S-1-5-21-1719159326-2625618036-3033724306-1000\...\Run: [SDP] => C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe [201808 2013-01-31] (Somoto)
HKU\S-1-5-21-1719159326-2625618036-3033724306-1000\...\Run: [PrinterService] => "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "
HKU\S-1-5-21-1719159326-2625618036-3033724306-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-1719159326-2625618036-3033724306-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1719159326-2625618036-3033724306-1000\...\MountPoints2: {cb48e8e9-6402-11e3-83de-00242110f779} - J:\Startme.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1719159326-2625618036-3033724306-1000] => http=127.0.0.1:33057
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1719159326-2625618036-3033724306-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1412969696&from=tugs&uid=ST31000333AS_9TE0TXQZXXXX9TE0TXQZ
HKU\S-1-5-21-1719159326-2625618036-3033724306-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKU\S-1-5-21-1719159326-2625618036-3033724306-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=8C4E00242110F779
HKU\S-1-5-21-1719159326-2625618036-3033724306-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1412969696&from=tugs&uid=ST31000333AS_9TE0TXQZXXXX9TE0TXQZ
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-1719159326-2625618036-3033724306-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP4A4A4790-1B9B-4600-8308-03012C0E9BE1&q={searchTerms}&SSPV=C21021_sp_ie
SearchScopes: HKU\S-1-5-21-1719159326-2625618036-3033724306-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-1719159326-2625618036-3033724306-1000 -> 38BEC3D63F3744D685F6402B397ABDD0 URL = hxxp://search.babylon.com/?q={searchTerms}&affID=121962&babsrc=SP_ss_din2g&mntrId=8C4E00242110F779
SearchScopes: HKU\S-1-5-21-1719159326-2625618036-3033724306-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP4A4A4790-1B9B-4600-8308-03012C0E9BE1&q={searchTerms}&SSPV=C21021_sp_ie
SearchScopes: HKU\S-1-5-21-1719159326-2625618036-3033724306-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.enhanced-search.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=8C4E00242110F779&affID=121845&tt=180613_ndt1&tsp=4921
SearchScopes: HKU\S-1-5-21-1719159326-2625618036-3033724306-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1412969696&from=tugs&uid=ST31000333AS_9TE0TXQZXXXX9TE0TXQZ&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-24] (Oracle Corporation)
BHO-x32: Lyrics Monkey -> {18CAEA74-C7E8-4D37-967F-1D01351BA398} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-15] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-15] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1412969696&from=tugs&uid=ST31000333AS_9TE0TXQZXXXX9TE0TXQZ

FireFox:
========
FF ProfilePath: C:\Users\aziz\AppData\Roaming\Mozilla\Firefox\Profiles\3cqmov72.default
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-11] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-24] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1719159326-2625618036-3033724306-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\aziz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1719159326-2625618036-3033724306-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\aziz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-02] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\aziz\AppData\Roaming\Mozilla\Firefox\Profiles\3cqmov72.default\user.js [2013-06-22]
FF SearchPlugin: C:\Users\aziz\AppData\Roaming\Mozilla\Firefox\Profiles\3cqmov72.default\searchplugins\babylon.xml [2013-06-22]
FF SearchPlugin: C:\Users\aziz\AppData\Roaming\Mozilla\Firefox\Profiles\3cqmov72.default\searchplugins\conduit-search.xml [2014-03-04]
FF SearchPlugin: C:\Users\aziz\AppData\Roaming\Mozilla\Firefox\Profiles\3cqmov72.default\searchplugins\delta.xml [2013-06-22]
FF SearchPlugin: C:\Users\aziz\AppData\Roaming\Mozilla\Firefox\Profiles\3cqmov72.default\searchplugins\holasearch.xml [2013-04-14]
FF Extension: Avira Browser Safety - C:\Users\aziz\AppData\Roaming\Mozilla\Firefox\Profiles\3cqmov72.default\Extensions\abs@avira.com [2014-10-15]
FF Extension: Movie2kDownloader - C:\Users\aziz\AppData\Roaming\Mozilla\Firefox\Profiles\3cqmov72.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012-12-13]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF HKU\S-1-5-21-1719159326-2625618036-3033724306-1000\...\Firefox\Extensions: [lyricsmonkey@mendoni.net] - C:\Program Files (x86)\LyricsMonkey\FF
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR Profile: C:\Users\aziz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-17]
CHR Extension: (Google Docs) - C:\Users\aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-17]
CHR Extension: (Google Drive) - C:\Users\aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-17]
CHR Extension: (YouTube) - C:\Users\aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-17]
CHR Extension: (Google Search) - C:\Users\aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-17]
CHR Extension: (Google Sheets) - C:\Users\aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-17]
CHR Extension: (Avira Browser Safety) - C:\Users\aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Skype Click to Call) - C:\Users\aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-27]
CHR Extension: (Google Wallet) - C:\Users\aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-17]
CHR Extension: (Quick start) - C:\Users\aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-10-11]
CHR Extension: (Gmail) - C:\Users\aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader10.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [khialnikbocfgkohdegnebhmmaifoglp] - C:\Program Files (x86)\LyricsMonkey\Chrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\aziz\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-10-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-12] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-12] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 FastPlayerUpdaterService; C:\Program Files (x86)\FastPlayer\FastPlayerUpdaterService.exe [11776 2014-12-02] () [File not signed]
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
R2 LVPrcS64; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [171808 2006-11-15] (Logitech Inc.)
S2 LVSrvLauncher; C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe [171808 2006-11-15] (Logitech Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 mysql; D:\xampp\mysql\bin\mysqld.exe --defaults-file=d:\xampp\mysql\bin\my.ini mysql

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-06] (Disc Soft Ltd)
S3 LVcKap64; C:\Windows\System32\DRIVERS\LVcKap64.sys [997408 2006-11-15] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2345120 2006-11-15] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [30496 2006-11-15] ()
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [File not signed]
S3 cpuz138; \??\C:\Users\aziz\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 X6va014; \??\C:\Windows\SysWOW64\Drivers\X6va014 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-12 14:24 - 2015-05-12 14:30 - 00023605 _____ () C:\Users\aziz\Downloads\FRST.txt
2015-05-12 14:23 - 2015-05-12 14:25 - 00000000 ____D () C:\FRST
2015-05-12 14:22 - 2015-05-12 14:22 - 02102784 _____ (Farbar) C:\Users\aziz\Downloads\FRST64.exe
2015-05-12 14:04 - 2015-05-12 14:04 - 00000056 _____ () C:\Windows\setupact.log
2015-05-12 14:04 - 2015-05-12 14:04 - 00000000 _____ () C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-12 14:30 - 2012-12-03 15:43 - 01869779 _____ () C:\Windows\WindowsUpdate.log
2015-05-12 14:24 - 2013-12-07 01:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-12 14:23 - 2013-12-07 01:05 - 00000000 ____D () C:\Users\aziz\AppData\Roaming\Avira
2015-05-12 14:20 - 2013-12-07 01:01 - 00000000 ____D () C:\ProgramData\Avira
2015-05-12 14:18 - 2014-12-25 22:15 - 00000000 ____D () C:\Users\aziz\AppData\Local\LogMeIn Hamachi
2015-05-12 14:17 - 2012-12-03 17:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-12 14:13 - 2013-12-07 01:01 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-12 14:13 - 2013-12-07 01:01 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-12 14:13 - 2010-11-21 08:50 - 10270860 _____ () C:\Windows\system32\perfh007.dat
2015-05-12 14:13 - 2010-11-21 08:50 - 03139552 _____ () C:\Windows\system32\perfc007.dat
2015-05-12 14:13 - 2009-07-14 07:13 - 00006514 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-12 14:11 - 2013-08-16 23:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-12 14:11 - 2012-12-03 16:25 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-12 14:10 - 2009-07-14 06:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-12 14:10 - 2009-07-14 06:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-12 14:05 - 2015-01-11 14:37 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-12 14:04 - 2014-09-17 18:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-12 14:04 - 2012-12-03 16:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-12 14:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-11 16:33 - 2015-02-24 12:46 - 00000000 ____D () C:\Users\aziz\AppData\Roaming\TeamViewer
2015-05-11 16:33 - 2013-02-02 23:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-11 16:19 - 2012-12-03 17:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-11 16:19 - 2012-12-03 17:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-11 16:19 - 2012-12-03 17:23 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-11 15:02 - 2013-01-27 12:57 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1719159326-2625618036-3033724306-1000UA.job
2015-05-04 14:47 - 2014-09-17 18:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

==================== Files in the root of some directories =======

2013-07-29 10:40 - 2013-07-29 10:40 - 0051992 _____ (cake bake) C:\Program Files (x86)\WDesktop.Updater.exe
2014-02-23 13:39 - 2014-05-31 12:42 - 0000132 _____ () C:\Users\aziz\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2012-12-10 20:41 - 2012-12-11 00:45 - 0002554 _____ () C:\Users\aziz\AppData\Roaming\LogBuch.txt
2014-08-20 22:43 - 1980-01-01 00:00 - 0000495 _____ () C:\Users\aziz\AppData\Roaming\mcmod.info
2014-08-20 22:43 - 1980-01-01 00:00 - 0000201 _____ () C:\Users\aziz\AppData\Roaming\pack.mcmeta
2012-12-10 20:21 - 2012-12-11 02:02 - 0003090 _____ () C:\Users\aziz\AppData\Roaming\PData.MM1
2012-12-10 20:21 - 2012-12-11 02:02 - 0003090 _____ () C:\Users\aziz\AppData\Roaming\PData.MMM
2013-04-07 15:44 - 2014-03-09 15:55 - 0011264 _____ () C:\Users\aziz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-05 21:48 - 2012-12-05 21:48 - 0000092 _____ () C:\Users\aziz\AppData\Local\fusioncache.dat
2014-10-10 22:49 - 2014-10-10 22:49 - 0627560 _____ (CMI Limited) C:\Users\aziz\AppData\Local\nsaF624.tmp
2013-05-14 21:20 - 2014-05-10 11:47 - 0000600 _____ () C:\Users\aziz\AppData\Local\PUTTY.RND
2014-03-31 17:00 - 2014-03-31 17:00 - 0004900 _____ () C:\Users\aziz\AppData\Local\recently-used.xbel
2013-03-15 11:29 - 2013-03-15 11:29 - 0007597 _____ () C:\Users\aziz\AppData\Local\Resmon.ResmonCfg
2014-09-15 17:46 - 2014-09-15 17:46 - 0000000 _____ () C:\Users\aziz\AppData\Local\{086E971D-00BE-4BBE-96CA-CC97505C8287}
2014-08-19 00:00 - 2014-08-19 00:00 - 0000000 _____ () C:\Users\aziz\AppData\Local\{D6CB1605-AEB7-4329-ADC0-1BCC6B61E7C8}
2014-09-04 10:46 - 2014-09-04 10:46 - 0000000 _____ () C:\Users\aziz\AppData\Local\{E7649133-D492-494D-BCC3-726943848641}
2012-12-10 19:32 - 2012-12-10 19:37 - 0000352 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\aziz\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 14:30

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by aziz at 2015-05-12 14:34:19
Running from C:\Users\aziz\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1719159326-2625618036-3033724306-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1719159326-2625618036-3033724306-1005 - Limited - Enabled)
aziz (S-1-5-21-1719159326-2625618036-3033724306-1000 - Administrator - Enabled) => C:\Users\aziz
Gast (S-1-5-21-1719159326-2625618036-3033724306-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1719159326-2625618036-3033724306-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe Flash Media Live Encoder 3.2 (HKLM-x32\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.12 - Belkin)
Belkin USB Wireless Adapter (x32 Version: 1.0.0.12 - Belkin) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
eDealPop version 1.0 (HKLM-x32\...\eDealPop_is1) (Version: 1.0 - eDealPop)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FilesFrog Update Checker (HKLM-x32\...\FilesFrog Update Checker) (Version:  - ) <==== ATTENTION
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Photosmart B109a-m All-in-One Driver 14.0 Rel. 6 (HKLM\...\{A253A57F-4319-49B5-B405-64587FFBCFE2}) (Version: 14.0 - HP)
Intelligent Shutdown (HKLM-x32\...\Intelligent Shutdown_is1) (Version: Aktuelle Version - IN MEDIA KG)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech QuickCam (HKLM\...\{99C878DC-D1C9-41BC-B1C6-830852966E88}) (Version: 10.40.1401 - Logitech Inc.)
Logitech® Camera-Treiber (HKLM-x32\...\QcDrv) (Version:  - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
MorphVOX Junior (HKLM-x32\...\{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}) (Version: 2.8.1 - Screaming Bee)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MVisn64 (Version: 10.40.1401 - Logitech Inc.) Hidden
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Opera Stable 28.0.1750.40 (HKLM-x32\...\Opera 28.0.1750.40) (Version: 28.0.1750.40 - Opera Software ASA)
PS_AIO_06_B109a-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-1719159326-2625618036-3033724306-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Webocton - Scriptly 0.8.95.6 (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WindowsMangerProtect20.0.0.722 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.722 - WindowsProtect LIMITED) <==== ATTENTION
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-03-2015 23:54:45 Windows Update
24-03-2015 22:12:10 Windows Update
11-05-2015 16:34:08 Windows Update
12-05-2015 14:09:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2013-02-28 01:28 - 00000878 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07C94A3F-3D11-4C9D-9AD8-77088894BB4C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1719159326-2625618036-3033724306-1000Core => C:\Users\aziz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-27] (Facebook Inc.)
Task: {080A5114-2351-4F2B-873C-66AC7A1035B2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-17] (Google Inc.)
Task: {1AAF79ED-B87B-4812-B553-3653920F086A} - System32\Tasks\{0A5D82CE-B783-4B68-86F7-C8BFFDBD78AD} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.73.126.456/de/go/help.faq.installer?LastError=1618
Task: {1FB135C9-9C78-46DC-84C8-FC4B84EDB2B3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1719159326-2625618036-3033724306-1000UA => C:\Users\aziz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-27] (Facebook Inc.)
Task: {29273CC9-A61E-429E-8718-0686F94813BD} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {2C799A78-D871-45F2-94D4-FF7D2D9CEE1A} - System32\Tasks\Opera scheduled Autoupdate 1420549293 => C:\Program Files (x86)\Opera\launcher.exe [2015-03-16] ()
Task: {373E7890-2413-48CF-8730-663C663BB12A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {3D6E32B7-73F7-4AA8-9920-02A1C7DA3429} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION
Task: {40AAA591-DB01-48F6-B145-A7E4EAC867C3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {44662E47-A5FA-4911-964B-5372E37A98CD} - System32\Tasks\{6EA6C8A7-E509-4C72-9A7E-1BFB31A66EEC} => Chrome.exe hxxp://ui.skype.com/ui/0/6.22.81.105/de/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {5A99EB35-E254-4DDB-AEF8-DC4FA7624F64} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)
Task: {60422E31-FB4E-4AAC-938A-1030930EB9C9} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {64419349-944F-4F6D-8465-EBEA1302BDD7} - System32\Tasks\{9B0A6013-C184-41C0-9805-1A8B942DB299} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/de/abandoninstall?page=tsMain
Task: {77F46543-24A9-486F-885E-05BF147DE631} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-11] (Adobe Systems Incorporated)
Task: {7B769101-693A-4C6D-B8E2-3A45166C9B0F} - System32\Tasks\{8FED3170-5629-4B93-838E-AACBE0E88C0B} => pcalua.exe -a C:\Users\aziz\Downloads\NM30.EXE -d C:\Users\aziz\Downloads
Task: {877FA1A4-71FF-44E0-8FEF-305202E3CC90} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {8857E737-B0C7-47F0-8894-FE44F2742587} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {89F8D4F9-3CD5-48D9-874C-FFF2234BBC49} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-17] (Google Inc.)
Task: {999C5E40-FA17-4402-B6DE-7AEC82C15D7F} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {D68D48EF-2CD3-4EDA-A57C-10B991442439} - System32\Tasks\{C98D023D-0B9B-4211-AEA1-BF23048F472B} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/240
Task: {EE19CD1E-A2BF-455D-891F-79294CAB7508} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F719969F-3159-4C73-A8F1-58DDB911EFD4} - System32\Tasks\{D6443B16-3A33-4855-8F7C-51720170D65A} => pcalua.exe -a E:\setup.exe -d E:\
Task: {F79DBA57-D01F-4B36-B756-02B0B6C40E5F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {F7A2DF68-B55B-48C8-91A3-E44EB8378AEE} - System32\Tasks\{D3472769-7DB6-4AB1-958F-D96B40F8C423} => pcalua.exe -a "C:\Users\aziz\Desktop\Neues Verzeichnis (2)\Easy Paint Tool SAI.exe" -d "C:\Users\aziz\Desktop\Neues Verzeichnis (2)"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1719159326-2625618036-3033724306-1000Core.job => C:\Users\aziz\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1719159326-2625618036-3033724306-1000UA.job => C:\Users\aziz\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-12-03 16:21 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-02 18:15 - 2014-12-02 18:15 - 00011776 _____ () C:\Program Files (x86)\FastPlayer\FastPlayerUpdaterService.exe
2006-11-15 21:58 - 2006-11-15 21:58 - 00746520 _____ () C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe
2014-10-10 21:35 - 2014-09-23 12:52 - 00007168 _____ () C:\Program Files (x86)\eDealPop\eDealPop.exe
2014-10-23 21:19 - 2014-10-23 21:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-04-14 21:41 - 2014-04-14 21:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2006-10-31 01:04 - 2006-10-31 01:04 - 00022040 _____ () C:\Program Files (x86)\Common Files\Logitech\LComMgr\LCMServerPS.dll
2006-11-15 22:00 - 2006-11-15 22:00 - 01078808 _____ () C:\Program Files (x86)\Logitech\QuickCam10\LAppRes.dll
2014-06-01 11:08 - 2014-06-01 11:08 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2015-03-14 21:37 - 2015-03-07 08:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-14 21:37 - 2015-03-07 08:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-14 21:37 - 2015-03-07 08:13 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll
2015-03-14 21:37 - 2015-03-07 08:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1719159326-2625618036-3033724306-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\aziz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: mysql => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{28F8E582-89FD-4B5D-94CD-E1B9AF8AFBFC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EB6C7E77-0169-410D-A719-762FC2E0D765}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{BE55C183-804F-46B3-ABB3-5484087233CA}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{1FF23AF3-BB2A-4931-A070-AD7788C69866}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{DA64D261-76BE-448E-B94C-8E116A607C1B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{6D546568-2706-4158-84D1-A83211E8945B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{DEE5AC9F-847D-4CD2-8DEA-4BEFC7ECAD75}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{27779C2C-998F-4AEE-AA56-B03398C61FCF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\rickross124\counter-strike source\hl2.exe
FirewallRules: [{4A0A7CC1-AED5-43D1-AE3A-5014D7FF2E2F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\rickross124\counter-strike source\hl2.exe
FirewallRules: [{C61CBADB-9842-489F-8035-1F37459ACFC5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\rickross124\counterstrike source beta\hl2.exe
FirewallRules: [{EB35B088-3EEE-44ED-8996-E3E6B4040845}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\rickross124\counterstrike source beta\hl2.exe
FirewallRules: [TCP Query User{2123622A-AA62-4D57-B586-63D36C1A7A73}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{F60F89C7-EC45-420E-A08E-5748F49B9649}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{6838A745-2F02-414A-9952-C5563C6F0936}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{6DB0C4F8-D36E-4EC5-844C-47A4371A58BB}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{47DA89B0-7058-448D-B9CB-EE9D33FBB334}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{ECD5613C-83D8-41E4-BFAD-C2CF8C3164F0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{FC2ABEFD-520B-4CF8-8470-02F85EDFBD38}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BE26AC1A-D7E4-4BEB-9CC9-2A208DDB3404}] => (Allow) LPort=2869
FirewallRules: [{DC0CE35A-C85B-4E8F-9D83-5474E5E37055}] => (Allow) LPort=1900
FirewallRules: [{C51DB5CD-E338-4B3B-A563-616848DC7771}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [{D2D08CC6-E256-4B4F-9FBD-6AA5340057A3}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [{B8A1B1A0-B69A-467E-82A8-687DE8D6E387}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{49ED314C-B3BA-4F33-8EBD-C68135F2BDC2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E8C31C66-1CF7-4E33-BF66-5D1BBD9C5486}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B55CE480-E5C3-4CE9-9EF0-457820054DF8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FF276572-01EC-4522-B4D2-210FF1294A51}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{68E0C4A0-4A93-4FA8-9747-E3043DA264AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{60C15FA8-EF52-412F-BE86-80B30975E3FA}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [TCP Query User{C1841C6B-D88E-468F-8E67-91CABA35A17C}C:\users\aziz\desktop\eclipse\eclipse.exe] => (Allow) C:\users\aziz\desktop\eclipse\eclipse.exe
FirewallRules: [UDP Query User{FCAA711D-F9F2-42A2-A015-A0800374263D}C:\users\aziz\desktop\eclipse\eclipse.exe] => (Allow) C:\users\aziz\desktop\eclipse\eclipse.exe
FirewallRules: [{5EEEB1D2-30CB-40D9-9A99-98AFAC723E8C}] => (Allow) C:\Users\aziz\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{CAAD8040-C600-47FF-805E-107082270811}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{DBAC0C69-B86D-4FD1-A6DD-0D1ED29314F4}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{D22E6661-44DA-4F61-9E2E-06F66FDFB40D}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [UDP Query User{D36C0350-6295-404B-97AB-25A246C28866}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [TCP Query User{4558D743-65D4-4CFA-80D5-0AD0A53E09B5}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{C99B7839-8429-4C68-A920-50024C4A1DDC}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{98C8E253-64C4-4518-8C99-3E04B3008C53}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{D111DC6A-09FA-4B33-A53C-13D51926D438}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{110CC706-936F-4256-B633-0CCE89BB9493}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{AE9E515C-A584-4B9F-AF1A-5CECCC2B24D5}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{E6612081-50ED-4F74-8757-5C8E678C4412}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{B697FF25-C1A8-441F-BBA4-28A5C9D4D0F3}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{7B61001D-1E2D-40C5-9E92-1489B87916B4}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{B9A01445-36C9-4488-85AC-BE4FB8269D61}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{85F57183-DFE1-4827-A61B-30752EC292F3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{31529F00-FA81-4F18-B64E-80D7FD18CFE0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B6793091-7E73-45BB-85E3-27D03154FB90}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3B8B2BA3-1C86-4AF4-A939-F36C85F53E1D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B6E52364-C29D-4FCB-A0D6-1B25E9C0C347}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9FAAF33E-6083-47C2-8942-A481921E9CF2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1A327A1E-3DC9-4C24-A0AF-DB66E03A4BE2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Coprozessor
Description: Coprozessor
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/12/2015 02:13:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (05/12/2015 02:13:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (05/12/2015 02:13:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (05/12/2015 02:06:32 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
   bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
   bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   bei System.Xml.XmlTextReaderImpl.Read()
   bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
   bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
   bei System.Xml.XmlDocument.Load(System.String)
   bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
   bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
   bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
   bei Avira.OE.WinCore.OeProductInfo.get_Culture()
   bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
   bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/12/2015 02:06:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
   bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
   bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   bei System.Xml.XmlTextReaderImpl.Read()
   bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
   bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
   bei System.Xml.XmlDocument.Load(System.String)
   bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
   bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
   bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
   bei Avira.OE.WinCore.OeProductInfo.get_Culture()
   bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
   bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/12/2015 02:05:42 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
   bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
   bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   bei System.Xml.XmlTextReaderImpl.Read()
   bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
   bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
   bei System.Xml.XmlDocument.Load(System.String)
   bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
   bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
   bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
   bei Avira.OE.WinCore.OeProductInfo.get_Culture()
   bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
   bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/12/2015 02:05:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2015 04:13:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (05/11/2015 04:13:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (05/11/2015 04:13:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (05/12/2015 02:10:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LMIGuardianSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/12/2015 02:08:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (05/12/2015 02:08:05 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/12/2015 02:06:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (05/12/2015 02:06:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/12/2015 02:05:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/11/2015 04:30:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LMIGuardianSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/11/2015 04:15:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Sicherheitscenter" wurde mit folgendem Fehler beendet: 
%%16389

Error: (05/11/2015 04:14:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Anwendungsinformationen" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/11/2015 04:14:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Appinfo erreicht.


Microsoft Office Sessions:
=========================
Error: (05/12/2015 02:13:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/12/2015 02:13:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (05/12/2015 02:13:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (05/12/2015 02:06:32 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
   bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
   bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   bei System.Xml.XmlTextReaderImpl.Read()
   bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
   bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
   bei System.Xml.XmlDocument.Load(System.String)
   bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
   bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
   bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
   bei Avira.OE.WinCore.OeProductInfo.get_Culture()
   bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
   bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/12/2015 02:06:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
   bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
   bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   bei System.Xml.XmlTextReaderImpl.Read()
   bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
   bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
   bei System.Xml.XmlDocument.Load(System.String)
   bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
   bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
   bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
   bei Avira.OE.WinCore.OeProductInfo.get_Culture()
   bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
   bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/12/2015 02:05:42 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
   bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
   bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   bei System.Xml.XmlTextReaderImpl.Read()
   bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
   bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
   bei System.Xml.XmlDocument.Load(System.String)
   bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
   bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
   bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
   bei Avira.OE.WinCore.OeProductInfo.get_Culture()
   bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
   bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/12/2015 02:05:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2015 04:13:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/11/2015 04:13:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (05/11/2015 04:13:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz
Percentage of memory in use: 94%
Total physical RAM: 3071.24 MB
Available physical RAM: 179.13 MB
Total Pagefile: 6141.43 MB
Available Pagefile: 3009.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:106.43 GB) (Free:34.22 GB) NTFS
Drive d: () (Fixed) (Total:824.99 GB) (Free:824.74 GB) NTFS
Drive j: (DBAN) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 357C92B2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=106.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=825 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

schrauber · 13.05.2015, 11:11

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

FilesFrog Update Checker

WindowsMangerProtect20.0.0.722 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.722 - WindowsProtect LIMITED) <==== ATTENTION
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

CPU Auslastung 100%,kein Programm sichtbar dass das beeinflusst...

Plagegeister aller Art und deren Bekämpfung: CPU Auslastung 100%,kein Programm sichtbar dass das beeinflusst...