WIN 7, Werbung (neue Tabs und Banner) im Chrome

M-K-D-B · 14.12.2015, 21:02

Servus,

vor ESET noch das ausführen:

Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool

Setze einen Haken bei folgenden Einträgen

Flush DNS
Reset IE Proxy Settings
Reset FF Proxy Settings

Klicke Go und poste den Inhalt der Result.txt.

Tobi_tobi200 · 15.12.2015, 16:17

Hallo,

hier das Ergebnis der MTB.txt:

Code:

ATTFilter

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Tobias Breunig (administrator) on 14-12-2015 at 21:20:18
Running from "C:\Users\Tobias Breunig\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: LIFEBOOK AH552/SL Manufacturer: FUJITSU
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows-IP-Konfiguration

Der DNS-Aufl�sungscache wurde geleert.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.


**** End of log ****

und hier die 5 Logdateien:
- FRST-fixlog
- HitmanPro
- ESET
- FRST und Addition

FRST-fixlog

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
durchgeführt von Tobias Breunig (2015-12-14 14:39:12) Run:2
Gestartet von C:\Users\Tobias Breunig\Desktop
Geladene Profile: Tobias Breunig (Verfügbare Profile: Tobias Breunig)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1993335669-2350816491-440414337-1000\Products\D5E237E4775EA154B91BBC6EA4C2CBF2
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1993335669-2350816491-440414337-1000\Software\DownloadProtect
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1C6F51F8-BCE6-4702-8952-6A8233359FBC}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{1C6F51F8-BCE6-4702-8952-6A8233359FBC}
HKLM\...\Run: [] => [X]
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
FF user.js: detected! => C:\Users\Tobias Breunig\AppData\Roaming\Mozilla\Firefox\Profiles\mkj9e44c.default\user.js [2015-12-13]
FF HKLM-x32\...\Firefox\Extensions: [{CB8D7E75-0E4F-4736-8932-A234BB9AA20B}] - C:\Windows\Installer\{78D5F8F0-2B61-4216-AF61-8CF22B8BA388}\{CB8D7E75-0E4F-4736-8932-A234BB9AA20B}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{78D5F8F0-2B61-4216-AF61-8CF22B8BA388}\{CB8D7E75-0E4F-4736-8932-A234BB9AA20B}.xpi [2015-12-13]
C:\Windows\Installer\{78D5F8F0-2B61-4216-AF61-8CF22B8BA388}
C:\Program Files (x86)\{E0FF77F1-B84F-42A5-82E1-69FE8DB457AA}
C:\Program Files\{F9508DF9-8AB4-48B3-A071-64E62767D234}
FirewallRules: [{78440674-051A-4C82-BA18-FE7A31188EBC}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end

*****************

Prozess erfolgreich geschlossen.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1993335669-2350816491-440414337-1000\Products\D5E237E4775EA154B91BBC6EA4C2CBF2 => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1993335669-2350816491-440414337-1000\Software\DownloadProtect => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1C6F51F8-BCE6-4702-8952-6A8233359FBC} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{1C6F51F8-BCE6-4702-8952-6A8233359FBC} => Schlüssel nicht gefunden. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
C:\Windows\system32\GroupPolicy\Machine => erfolgreich verschoben
C:\Windows\system32\GroupPolicy\GPT.ini => erfolgreich verschoben
"HKLM\SOFTWARE\Policies\Google" => Schlüssel erfolgreich entfernt
C:\Users\Tobias Breunig\AppData\Roaming\Mozilla\Firefox\Profiles\mkj9e44c.default\user.js => erfolgreich verschoben
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{CB8D7E75-0E4F-4736-8932-A234BB9AA20B} => Wert erfolgreich entfernt
C:\Windows\Installer\{78D5F8F0-2B61-4216-AF61-8CF22B8BA388}\{CB8D7E75-0E4F-4736-8932-A234BB9AA20B}.xpi => erfolgreich verschoben
C:\Windows\Installer\{78D5F8F0-2B61-4216-AF61-8CF22B8BA388} => erfolgreich verschoben
C:\Program Files (x86)\{E0FF77F1-B84F-42A5-82E1-69FE8DB457AA} => erfolgreich verschoben
C:\Program Files\{F9508DF9-8AB4-48B3-A071-64E62767D234} => erfolgreich verschoben
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{78440674-051A-4C82-BA18-FE7A31188EBC} => Wert erfolgreich entfernt

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1993335669-2350816491-440414337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1993335669-2350816491-440414337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


=========  ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl�sungscache wurde geleert.

========= Ende von CMD: =========


=========  netsh winsock reset =========


Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.


========= Ende von CMD: =========

EmptyTemp: => 90.5 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 14:40:03 ====

HitmanPro

Code:

ATTFilter

HitmanPro 3.7.12.253
www.hitmanpro.com

   Computer name . . . . : TOBIASBREUNIG
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : TobiasBreunig\Tobias Breunig
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-12-14 14:50:29
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 12m 56s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 2
   Traces  . . . . . . . : 11

   Objects scanned . . . : 2.238.895
   Files scanned . . . . : 36.562
   Remnants scanned  . . : 340.527 files / 1.861.806 keys

Suspicious files ____________________________________________________________

   C:\Users\Tobias Breunig\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.369.024 bytes
      Age  . . . . . . . : 7.9 days (2015-12-06 18:16:34)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : DD61D2EA4C8059F67734E11221DED682276773D0361CB530D346E4C01C0A0176
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Tobias Breunig\Desktop\FRST64.exe
      Size . . . . . . . : 2.369.536 bytes
      Age  . . . . . . . : 1.1 days (2015-12-13 11:38:21)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : DA99294D230BFD43933396FCF6793C63585398F95787EBB2413E1695660901EA
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-1993335669-2350816491-440414337-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Tobias Breunig\Desktop\FRST64.exe


Malware remnants ____________________________________________________________

   HKLM\SOFTWARE\Classes\AppID\{BAB04997-93AD-4C13-805A-0409199700BB}\ (BuenoSearch)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BAB04997-93AD-4C13-805A-0409199700BB}\ (BuenoSearch)

Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival\IMShowVolumeOnArrival (iMesh)
   HKLM\SOFTWARE\RegisteredApplications\iMesh (iMesh)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival\IMShowVolumeOnArrival (iMesh)
   HKLM\SOFTWARE\Wow6432Node\RegisteredApplications\iMesh (iMesh)
   HKU\S-1-5-21-1993335669-2350816491-440414337-1000\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4\ (FLV Player)
   HKU\S-1-5-21-1993335669-2350816491-440414337-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113} (FLV Player)

Das Ergebnis von ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b8875fbfa38483459978c94fa2285d2e
# end=init
# utc_time=2015-12-14 03:14:26
# local_time=2015-12-14 04:14:26 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=37126
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
Update Finalize
Updated modules version: 27191
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b8875fbfa38483459978c94fa2285d2e
# end=init
# utc_time=2015-12-14 08:38:37
# local_time=2015-12-14 09:38:37 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 27194
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b8875fbfa38483459978c94fa2285d2e
# end=updated
# utc_time=2015-12-14 08:40:02
# local_time=2015-12-14 09:40:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b8875fbfa38483459978c94fa2285d2e
# engine=27194
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-12-14 11:14:41
# local_time=2015-12-15 12:14:41 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2172149 201764731 0 0
# scanned=397722
# found=13
# cleaned=0
# scan_time=9279
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=F8935573391555518C560A87DA9D48A7AFB964A9 ft=1 fh=d5f378fbab67b337 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias Breunig\AppData\Local\DownloadGuide\Offers\vis-freeware.exe.vir"
sh=843DF0FD9F9C356D5336452FCC2B3374A2BD06DC ft=1 fh=137ef7008edb618f vn="Win32/Toolbar.Conduit.R evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tobias Breunig\AppData\Roaming\OpenCandy\1EC01ED62E0F4CC5AF0F42F830B7FAC2\SSStub_SearchProtect_p1v0.exe.vir"
sh=79E3795622006F525CF22F1F0E1414701EF196C5 ft=0 fh=0000000000000000 vn="Variante von Win64/Agent.BR Trojaner" ac=I fn="C:\FRST\Quarantine.zip"
sh=538554A0FAAA89C02DA49A279EF931B306B86506 ft=1 fh=8875adce3e5b5647 vn="Variante von Win64/Agent.BR Trojaner" ac=I fn="C:\FRST\Quarantine\C\Windows\system32\wlanhlpd.exe.xBAD"
sh=DC4C53C540CAB6E0D5316DDF251A22B8C1AF041A ft=0 fh=0000000000000000 vn="JS/ExtenBro.Agent.BB Trojaner" ac=I fn="C:\Users\Tobias Breunig\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnppeiljbkkeallfigddpgpciocagkoa\1.0.13_0\js\content.js"
sh=FF4E317A0126720C01EF9BE68348CE4A19FB2C3F ft=1 fh=44bc904a624e0583 vn="Win32/Toolbar.Conduit.S evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Tobias Breunig\Downloads\FreeMP4VideoConverter_5.0.20.1031.exe"
sh=7449DC3627212F2BE14A238BE75509455BA3D26A ft=1 fh=9ea4df96efeb6444 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Tobias Breunig\Downloads\FreeYouTubeToMP3Converter.exe"
sh=E8CD33623287C08C7CC3662A042E45522654BB30 ft=1 fh=7cd3b160b0dbd4bd vn="Win32/Toolbar.Conduit.S evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Tobias Breunig\Downloads\FreeYouTubeToMP3Converter37.exe"
sh=1DC26BBEAFBAF69A274CAFE534156EACE3A49A8D ft=1 fh=07386e4897eae14b vn="Win32/InstallMonetizer.AQ evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Tobias Breunig\Downloads\PDFCreator-2_0_2-setup.exe"
sh=883D2C5D8554CB094FFF92955AE6A6A6F55C98B8 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Tobias Breunig\Downloads\wz190gev-32.msi"
sh=69948DCD1A77D2488CFE067BBEDBFE992C94408F ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Tobias Breunig\Downloads\wz200gev-64.msi"
sh=69948DCD1A77D2488CFE067BBEDBFE992C94408F ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Windows\Installer\4aa3336.msi"

und abschließend die beiden von FRST:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
durchgeführt von Tobias Breunig (Administrator) auf TOBIASBREUNIG (15-12-2015 16:00:03)
Gestartet von C:\Users\Tobias Breunig\Desktop
Geladene Profile: Tobias Breunig (Verfügbare Profile: Tobias Breunig)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Nico Mak Computing) C:\Program Files\WinZip\WZUpdateNotifier.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAHWindow64.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNAutoCon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_228_ActiveX.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [589176 2011-12-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe [76104 2012-01-17] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [205168 2011-10-03] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158024 2011-10-01] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23368 2011-10-01] (FUJITSU LIMITED)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareTray.exe [9574112 2015-11-19] ()
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-30] (FUJITSU LIMITED)
HKLM-x32\...\Run: [DeskUpdateNotifier] => c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [102968 2013-02-26] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [255208 2012-03-21] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [starter4g] => C:\Windows\starter4g.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1993335669-2350816491-440414337-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-1993335669-2350816491-440414337-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-1993335669-2350816491-440414337-1000\...\Run: [EPLTarget\P0000000000000005] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINDE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1993335669-2350816491-440414337-1000\...\Run: [Dropbox Update] => C:\Users\Tobias Breunig\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-11-22]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Benachrichtigungsdienst.lnk [2015-11-22]
ShortcutTarget: Update Benachrichtigungsdienst.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-11-22]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk [2012-04-02]
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk [2012-09-13]
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk [2012-04-02]
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk [2012-09-13]
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1FD0377E-AD52-4C68-9AED-EE4550C0CA3E}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{B2068E9E-EB27-44AB-9FA6-8CD2FA3094EB}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{B663E67C-04CC-4BFE-B35D-76BEE88D031D}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{BAB03E7D-1441-4A65-A4DE-AF0C7BCFD5D6}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{E16BE87C-9A44-4086-B930-97BF390EE7C0}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1993335669-2350816491-440414337-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1993335669-2350816491-440414337-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/?hl=de&gl=de
HKU\S-1-5-21-1993335669-2350816491-440414337-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH;
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll [2014-10-10] (pdfforge GmbH)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll [2014-10-10] (pdfforge GmbH)
IE Session Restore: HKU\S-1-5-21-1993335669-2350816491-440414337-1000 -> ist aktiviert.

FireFox:
========
FF ProfilePath: C:\Users\Tobias Breunig\AppData\Roaming\Mozilla\Firefox\Profiles\mkj9e44c.default
FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Homepage: hxxps://www.google.de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll [2012-09-23] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1993335669-2350816491-440414337-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-1993335669-2350816491-440414337-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-1993335669-2350816491-440414337-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tobias Breunig\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-19] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Tobias Breunig\AppData\Roaming\Mozilla\Firefox\Profiles\mkj9e44c.default\Extensions\abs@avira.com [2014-08-28] [ist nicht signiert]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-08-04] [ist nicht signiert]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-08-04] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-03-07] [ist nicht signiert]

Chrome: 
=======
CHR Profile: C:\Users\Tobias Breunig\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Tobias Breunig\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Web Store) - C:\Users\Tobias Breunig\AppData\Local\Google\Chrome\User Data\Default\Extensions\flginmpmhddplnpledjkaobmcdaeohil [2015-12-14]
CHR Extension: (Web Store) - C:\Users\Tobias Breunig\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-12-14]
CHR Extension: (Web Store) - C:\Users\Tobias Breunig\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Web Store) - C:\Users\Tobias Breunig\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnppeiljbkkeallfigddpgpciocagkoa [2015-10-31]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Tobias Breunig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-27]
CHR HKU\S-1-5-21-1993335669-2350816491-440414337-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\TOBIAS~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-08-12]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (DTS, Inc)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [Datei ist nicht signiert]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [76104 2012-01-17] (FUJITSU LIMITED)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareService.exe [712432 2015-11-19] ()
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2213376 2011-12-22] (FUJITSU LIMITED) [Datei ist nicht signiert]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-02-08] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2014-02-08] ()
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63856 2011-10-03] (FUJITSU LIMITED)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329168 2010-04-12] ()
R2 XS Stick Service; C:\Windows\service4g.exe [145064 2010-04-30] (4G Systems GmbH & Co. KG)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2012-03-19] (Microsoft Corporation)
S3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-07-29] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [271272 2015-07-29] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-07-29] (BitDefender)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2015-11-16] (Mobile Connector)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\system32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-14] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8217064 2012-01-02] (Realtek Semiconductor Corp.)
S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2013-10-18] (SMART Technologies) [Datei ist nicht signiert]
S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2013-10-18] (SMART Technologies) [Datei ist nicht signiert]
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2013-10-18] (SMART Technologies ULC) [Datei ist nicht signiert]
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2012-12-30] (Duplex Secure Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S1 BdfNdisf; \??\c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [X]
S1 bdfwfpf; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gzflt; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-15 16:00 - 2015-12-15 16:00 - 00029526 _____ C:\Users\Tobias Breunig\Desktop\FRST.txt
2015-12-14 21:20 - 2015-12-14 21:20 - 00000657 _____ C:\Users\Tobias Breunig\Desktop\MTB.txt
2015-12-14 21:18 - 2015-12-14 21:19 - 00891392 _____ (Farbar) C:\Users\Tobias Breunig\Desktop\MiniToolBox.exe
2015-12-14 16:12 - 2015-12-14 16:12 - 02870984 _____ (ESET) C:\Users\Tobias Breunig\Desktop\esetsmartinstaller_deu.exe
2015-12-14 14:49 - 2015-12-14 16:41 - 00000000 ____D C:\ProgramData\HitmanPro
2015-12-14 14:48 - 2015-12-14 14:49 - 11323704 _____ (SurfRight B.V.) C:\Users\Tobias Breunig\Desktop\HitmanPro_x64.exe
2015-12-14 14:36 - 2015-12-15 15:55 - 00000000 ____D C:\Users\Tobias Breunig\Desktop\Mo Abend
2015-12-14 12:52 - 2015-12-14 12:52 - 00000000 ____D C:\Users\Tobias Breunig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-13 21:11 - 2015-12-13 21:39 - 00000000 ____D C:\Users\Tobias Breunig\Desktop\So. Abend
2015-12-13 20:50 - 2015-12-13 20:50 - 00165376 _____ C:\Users\Tobias Breunig\Desktop\SystemLook_x64.exe
2015-12-13 19:51 - 2015-12-14 14:39 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-12-13 19:49 - 2015-12-13 19:49 - 00000000 ____D C:\Users\Tobias Breunig\AppData\Local\updater4g
2015-12-13 19:35 - 2015-12-13 19:35 - 00000000 ____D C:\Users\Tobias Breunig\AppData\Local\Nico Mak Computing
2015-12-13 19:34 - 2015-12-13 19:34 - 00000000 ____D C:\ProgramData\Lavasoft
2015-12-13 13:25 - 2015-12-13 13:25 - 00000514 _____ C:\Users\Tobias Breunig\Desktop\World of Tanks 0.9.12 ProMod.lnk
2015-12-13 13:08 - 2015-12-13 13:08 - 00136008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinet.ocx
2015-12-13 13:08 - 2015-12-13 13:08 - 00034308 _____ C:\Windows\SysWOW64\bassmod.dll
2015-12-13 13:07 - 2015-12-13 13:07 - 01931296 _____ (Codejock Software) C:\Windows\Codejock.Controls.v15.3.1.ocx
2015-12-13 13:07 - 2015-12-13 13:07 - 01931296 _____ (Codejock Software) C:\Windows\CODEJO~2.OCX
2015-12-13 13:07 - 2015-12-13 13:07 - 00136008 _____ (Microsoft Corporation) C:\Windows\msinet.ocx
2015-12-13 13:00 - 2015-12-15 15:39 - 00002327 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-12-13 12:58 - 2015-12-13 12:58 - 02345566 _____ C:\Users\Tobias Breunig\Desktop\ProMod.zip
2015-12-13 12:58 - 2015-12-13 12:58 - 00000000 ____D C:\Program Files\Lavasoft
2015-12-13 11:38 - 2015-12-13 11:38 - 00000000 ____D C:\Users\Tobias Breunig\Desktop\FRST-OlderVersion
2015-12-13 11:29 - 2015-12-13 11:29 - 00009855 _____ C:\Users\Tobias Breunig\Desktop\JRT.txt
2015-12-13 11:20 - 2015-12-13 11:20 - 01599336 _____ (Malwarebytes) C:\Users\Tobias Breunig\Desktop\JRT.exe
2015-12-13 11:16 - 2015-12-13 11:16 - 00017334 _____ C:\Users\Tobias Breunig\Desktop\mbam.txt
2015-12-13 10:37 - 2015-12-13 10:37 - 00021371 _____ C:\Users\Tobias Breunig\Desktop\AdwCleaner[C1].txt
2015-12-13 10:27 - 2015-12-14 22:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-13 10:26 - 2015-12-13 10:26 - 00001108 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-12-13 10:26 - 2015-12-13 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-12-13 10:26 - 2015-12-13 10:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-13 10:26 - 2015-12-13 10:26 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-12-13 10:26 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-13 10:26 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-13 10:26 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-13 10:24 - 2015-12-13 10:26 - 22908888 _____ (Malwarebytes ) C:\Users\Tobias Breunig\Desktop\mbam-setup-2.2.0.1024.exe
2015-12-13 10:13 - 2015-12-13 10:16 - 00000000 ____D C:\AdwCleaner
2015-12-13 10:09 - 2015-12-13 10:09 - 01738240 _____ C:\Users\Tobias Breunig\Desktop\AdwCleaner_5.024.exe
2015-12-09 23:10 - 2015-12-09 23:10 - 00036474 _____ C:\Users\Tobias Breunig\Desktop\Combofix.txt
2015-12-09 22:56 - 2015-12-09 22:56 - 00036474 _____ C:\ComboFix.txt
2015-12-09 22:50 - 2015-12-14 14:42 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-12-09 22:30 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2015-12-09 22:30 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2015-12-09 22:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-12-09 22:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-12-09 22:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-12-09 22:30 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2015-12-09 22:30 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2015-12-09 22:30 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2015-12-09 22:29 - 2015-12-09 22:56 - 00000000 ____D C:\Qoobox
2015-12-09 22:28 - 2015-12-09 22:55 - 00000000 ____D C:\Windows\erdnt
2015-12-09 22:25 - 2015-12-09 22:25 - 05640425 ____R (Swearware) C:\Users\Tobias Breunig\Desktop\ComboFix.exe
2015-12-09 21:42 - 2015-12-09 21:42 - 00001270 _____ C:\Users\Tobias Breunig\Desktop\Revo Uninstaller.lnk
2015-12-09 21:42 - 2015-12-09 21:42 - 00000000 ____D C:\Users\Tobias Breunig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2015-12-09 21:42 - 2015-12-09 21:42 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-12-09 21:41 - 2015-12-09 21:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tobias Breunig\Desktop\revosetup95.exe
2015-12-09 16:25 - 2015-12-09 16:25 - 09498816 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-12-09 15:13 - 2015-11-20 19:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-09 15:13 - 2015-11-20 19:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-09 15:13 - 2015-11-20 19:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-09 15:13 - 2015-11-20 19:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-09 15:13 - 2015-11-20 19:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-09 15:13 - 2015-11-20 19:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-09 15:13 - 2015-11-20 19:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-09 15:13 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-09 15:13 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-09 15:13 - 2015-11-20 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-09 15:13 - 2015-11-20 19:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-09 15:13 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-09 15:13 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-09 15:13 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-09 15:13 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-09 15:13 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-09 15:13 - 2015-11-11 22:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-09 15:13 - 2015-11-11 21:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-09 15:13 - 2015-11-11 19:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 15:13 - 2015-11-11 19:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 15:13 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 15:13 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 15:13 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 15:13 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 15:13 - 2015-11-11 16:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-09 15:13 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 15:13 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 15:13 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 15:13 - 2015-11-11 15:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-09 15:13 - 2015-11-10 19:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 15:13 - 2015-11-10 19:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 15:13 - 2015-11-10 19:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 15:13 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 15:13 - 2015-11-10 19:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 15:13 - 2015-11-10 18:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 15:13 - 2015-11-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-09 15:13 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 15:13 - 2015-11-10 01:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-09 15:13 - 2015-11-10 01:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-09 15:13 - 2015-11-10 01:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-09 15:13 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-09 15:13 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 15:13 - 2015-11-10 01:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-09 15:13 - 2015-11-10 01:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-09 15:13 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 15:13 - 2015-11-10 01:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-09 15:13 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-09 15:13 - 2015-11-10 01:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-09 15:13 - 2015-11-10 00:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-09 15:13 - 2015-11-10 00:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-09 15:13 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 15:13 - 2015-11-10 00:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-09 15:13 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-09 15:13 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 15:13 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 15:13 - 2015-11-10 00:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-09 15:13 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-09 15:13 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-09 15:13 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-09 15:13 - 2015-11-08 23:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-09 15:13 - 2015-11-08 23:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-09 15:13 - 2015-11-08 23:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-09 15:13 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 15:13 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 15:13 - 2015-11-08 23:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-09 15:13 - 2015-11-08 23:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-09 15:13 - 2015-11-08 23:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-09 15:13 - 2015-11-08 23:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-09 15:13 - 2015-11-08 23:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-09 15:13 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 15:13 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 15:13 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 15:13 - 2015-11-08 23:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-09 15:13 - 2015-11-08 23:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-09 15:13 - 2015-11-08 23:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-09 15:13 - 2015-11-08 22:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-09 15:13 - 2015-11-08 22:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-09 15:13 - 2015-11-08 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-09 15:13 - 2015-11-08 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-09 15:13 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 15:13 - 2015-11-08 22:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-09 15:13 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-09 15:13 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 15:13 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-09 15:13 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 15:13 - 2015-11-08 22:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-09 15:13 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 15:13 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 15:13 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 15:13 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-09 15:13 - 2015-11-05 20:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-09 15:13 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-09 15:13 - 2015-11-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-09 15:13 - 2015-11-05 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-09 15:13 - 2015-11-05 10:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 15:13 - 2015-11-03 20:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-09 15:13 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-09 15:13 - 2015-10-09 00:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-12-09 15:13 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-09 15:13 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-09 15:13 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-09 15:13 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-09 15:13 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-09 15:13 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-09 15:13 - 2015-10-09 00:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-12-09 15:13 - 2015-10-08 20:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-12-09 15:13 - 2015-10-08 19:52 - 00419928 _____ C:\Windows\system32\locale.nls
2015-12-09 15:12 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-09 15:12 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-07 21:46 - 2015-12-07 21:48 - 00061605 _____ C:\Users\Tobias Breunig\Desktop\Addition1.txt
2015-12-06 18:16 - 2015-12-13 11:38 - 02369536 _____ (Farbar) C:\Users\Tobias Breunig\Desktop\FRST64.exe
2015-12-06 12:00 - 2015-12-06 12:00 - 00000708 _____ C:\Users\Tobias Breunig\Desktop\Ereignisse 2.txt
2015-12-06 11:50 - 2015-12-07 21:46 - 00077199 _____ C:\Users\Tobias Breunig\Desktop\FRST_1.txt
2015-12-06 11:43 - 2015-12-15 16:00 - 00000000 ____D C:\FRST
2015-12-03 12:21 - 2015-12-06 11:35 - 00002826 _____ C:\Users\Tobias Breunig\Desktop\Ereignisse.txt
2015-12-03 12:14 - 2015-12-03 12:14 - 00039682 _____ C:\Users\Tobias Breunig\Desktop\Gmer.txt
2015-12-03 11:51 - 2015-12-03 11:51 - 00380416 _____ C:\Users\Tobias Breunig\Downloads\Gmer-19357.exe
2015-12-03 11:51 - 2015-12-03 11:51 - 00380416 _____ C:\Users\Tobias Breunig\Desktop\Gmer-19357.exe
2015-12-03 11:14 - 2015-12-13 19:51 - 00005120 _____ C:\Windows\SysWOW64\pcasvc32.dll
2015-12-03 11:10 - 2015-12-03 11:10 - 00000202 _____ C:\Users\Tobias Breunig\defogger_reenable
2015-11-23 19:20 - 2015-11-23 19:20 - 10674517 _____ C:\Users\Tobias Breunig\Downloads\J1mB0_s_XVM_Config_v6.1.6.zip
2015-11-23 19:18 - 2015-11-23 19:19 - 01275187 _____ C:\Users\Tobias Breunig\Downloads\J1mB0_s_Crosshair_Mod_v1.53_-_Curse_Client.zip
2015-11-23 19:01 - 2015-11-23 19:02 - 11006768 _____ (XVM team ) C:\Users\Tobias Breunig\Downloads\xvm-6.1.6 (3).exe
2015-11-23 18:59 - 2015-11-23 19:00 - 10524242 _____ C:\Users\Tobias Breunig\Downloads\xvm-6.1.6 (1).zip
2015-11-23 18:53 - 2015-11-23 18:55 - 12692901 _____ C:\Users\Tobias Breunig\Downloads\Bones-XVM-Config-Wn8-912.zip
2015-11-23 18:42 - 2015-11-23 18:44 - 12693050 _____ C:\Users\Tobias Breunig\Downloads\Bones-XVM-Config-Wn8-HP-Panels-912 (1).zip
2015-11-23 18:42 - 2015-11-23 18:43 - 12693050 _____ C:\Users\Tobias Breunig\Downloads\Bones-XVM-Config-Wn8-HP-Panels-912.zip
2015-11-23 18:35 - 2015-11-23 18:35 - 00355062 _____ C:\Users\Tobias Breunig\Downloads\ZOOM-X30-snipe-mode.rar
2015-11-23 18:29 - 2015-11-23 19:21 - 543693983 _____ C:\Users\Tobias Breunig\Downloads\hitzones9.9.rar
2015-11-23 18:24 - 2015-11-23 18:24 - 00033917 _____ C:\Users\Tobias Breunig\Downloads\mod-cheat.rar
2015-11-23 17:34 - 2015-11-23 17:35 - 11006768 _____ (XVM team ) C:\Users\Tobias Breunig\Downloads\xvm-6.1.6 (2).exe
2015-11-23 17:33 - 2015-11-23 17:34 - 11006768 _____ (XVM team ) C:\Users\Tobias Breunig\Downloads\xvm-6.1.6 (1).exe
2015-11-23 17:02 - 2015-11-23 17:03 - 11519315 _____ C:\Users\Tobias Breunig\Downloads\Aslains_XVM_Mod_v.9.12.2.zip
2015-11-22 13:02 - 2015-11-22 13:03 - 03266034 _____ C:\Users\Tobias Breunig\Downloads\Meine ABs (3).zip
2015-11-22 12:20 - 2015-12-13 12:59 - 00000000 ____D C:\Users\Tobias Breunig\AppData\Local\WinZip
2015-11-22 12:15 - 2015-11-22 12:15 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-11-22 12:15 - 2015-11-22 12:15 - 00002195 _____ C:\Users\Public\Desktop\WinZip.lnk
2015-11-22 12:15 - 2015-11-22 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-11-22 12:15 - 2015-11-22 12:15 - 00000000 ____D C:\Program Files\WinZip
2015-11-22 12:06 - 2015-11-22 12:08 - 80034304 _____ C:\Users\Tobias Breunig\Downloads\wz200gev-64.msi
2015-11-22 11:59 - 2015-11-22 11:59 - 03266034 _____ C:\Users\Tobias Breunig\Downloads\Meine ABs (2).zip
2015-11-22 11:59 - 2015-11-22 11:59 - 03266034 _____ C:\Users\Tobias Breunig\Downloads\Meine ABs (1).zip
2015-11-22 11:12 - 2015-11-22 11:12 - 03266034 _____ C:\Users\Tobias Breunig\Downloads\Meine ABs.zip
2015-11-19 22:01 - 2015-11-19 22:01 - 00000000 ____D C:\ProgramData\BitDefender
2015-11-19 21:52 - 2015-11-19 21:52 - 00000000 ____D C:\Users\Tobias Breunig\AppData\Roaming\LavasoftStatistics
2015-11-19 21:52 - 2015-01-06 12:37 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2015-11-19 21:51 - 2015-11-19 21:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-11-19 21:51 - 2015-11-19 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-11-19 21:51 - 2015-01-06 12:47 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2015-11-19 21:51 - 2015-01-06 12:47 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2015-11-19 21:51 - 2015-01-06 12:47 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2015-11-19 21:51 - 2015-01-06 12:47 - 00156936 _____ C:\Windows\system32\bdfwcore.dll
2015-11-19 21:51 - 2015-01-06 12:47 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2015-11-19 21:51 - 2015-01-06 12:47 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2015-11-19 21:51 - 2015-01-06 12:47 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2015-11-19 21:45 - 2015-11-19 21:45 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-11-19 21:43 - 2015-11-19 21:43 - 02009904 _____ C:\Users\Tobias Breunig\Downloads\Adaware_Installer_11.8.exe
2015-11-19 13:42 - 2015-11-19 14:00 - 11006768 _____ (XVM team ) C:\Users\Tobias Breunig\Downloads\xvm-6.1.6.exe
2015-11-19 12:27 - 2015-11-19 12:42 - 10524242 _____ C:\Users\Tobias Breunig\Downloads\xvm-6.1.6.zip
2015-11-16 06:48 - 2015-11-16 07:46 - 00000000 ____D C:\Users\Tobias Breunig\AppData\Roaming\XSManager
2015-11-16 06:48 - 2015-11-16 06:47 - 00133120 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_netamd.sys
2015-11-16 06:48 - 2015-11-16 06:47 - 00118272 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_seramd.sys
2015-11-16 06:48 - 2015-11-16 06:47 - 00112640 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_net32.sys
2015-11-16 06:48 - 2015-11-16 06:47 - 00103680 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_ser32.sys
2015-11-16 06:48 - 2015-11-16 06:47 - 00101056 _____ C:\Windows\system32\Drivers\dvb_nova_12mhz_b0.inp
2015-11-16 06:48 - 2015-11-16 06:47 - 00092456 _____ C:\Windows\system32\Drivers\isdbt_nova_12mhz_b0.inp
2015-11-16 06:48 - 2015-11-16 06:47 - 00079036 _____ C:\Windows\system32\Drivers\tdmb_nova_12mhz_b0.inp
2015-11-16 06:48 - 2015-11-16 06:47 - 00063648 _____ (Siano) C:\Windows\system32\Drivers\smsbda.sys
2015-11-16 06:48 - 2015-11-16 06:47 - 00000040 _____ C:\Windows\system32\Drivers\smsbda.cfg
2015-11-16 06:48 - 2010-04-30 12:56 - 00312488 ____R (4G Systems GmbH & Co. KG) C:\Windows\updater4g.exe
2015-11-16 06:48 - 2010-04-30 12:56 - 00160424 ____R (4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
2015-11-16 06:47 - 2015-11-16 06:47 - 00117888 _____ (Mobile Connector) C:\Windows\system32\Drivers\cmnsusbser.sys
2015-11-16 06:47 - 2015-11-16 06:47 - 00001939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\XSManager.lnk
2015-11-16 06:47 - 2015-11-16 06:47 - 00001933 _____ C:\Users\Public\Desktop\XSManager.lnk
2015-11-16 06:47 - 2015-11-16 06:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSManager
2015-11-16 06:47 - 2015-11-16 06:47 - 00000000 ____D C:\Program Files (x86)\XSManager

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-15 15:52 - 2015-08-16 20:47 - 00001260 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000UA.job
2015-12-15 15:47 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-15 15:47 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-15 15:40 - 2012-09-19 17:03 - 00000000 ____D C:\Users\Tobias Breunig\AppData\Local\CrashDumps
2015-12-15 15:38 - 2013-09-30 15:50 - 00000000 ____D C:\Users\Tobias Breunig\Documents\Youcam
2015-12-15 15:35 - 2013-08-12 09:20 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-15 15:35 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-15 00:21 - 2013-08-12 09:20 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-15 00:02 - 2014-05-19 19:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-14 21:52 - 2015-08-16 20:47 - 00001208 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000Core.job
2015-12-14 16:02 - 2014-10-26 02:08 - 00000000 ____D C:\Windows\rescache
2015-12-14 14:39 - 2012-09-16 08:06 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000Core.job
2015-12-14 12:57 - 2012-01-06 18:54 - 00747004 _____ C:\Windows\system32\perfh007.dat
2015-12-14 12:57 - 2012-01-06 18:54 - 00168046 _____ C:\Windows\system32\perfc007.dat
2015-12-14 12:57 - 2009-07-14 06:13 - 01754558 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-14 12:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-14 12:52 - 2012-09-27 17:19 - 00000000 ____D C:\Users\Tobias Breunig\AppData\Roaming\Dropbox
2015-12-13 21:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-13 20:34 - 2014-04-04 10:18 - 00000000 ____D C:\Users\Tobias Breunig\AppData\LocalLow\Temp
2015-12-13 19:35 - 2012-09-13 11:21 - 00114736 _____ C:\Users\Tobias Breunig\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-13 19:34 - 2009-07-14 05:45 - 00442784 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-13 13:08 - 2012-11-09 10:44 - 00165376 _____ C:\Windows\SysWOW64\unrar.dll
2015-12-13 12:51 - 2014-08-26 16:45 - 00000000 ____D C:\Users\Tobias Breunig\Documents\Haushaltsbuch
2015-12-10 16:32 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-10 16:30 - 2013-03-13 15:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-10 16:30 - 2013-03-13 15:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-10 07:31 - 2013-03-13 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-10 07:30 - 2012-12-30 16:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-10 07:28 - 2013-07-20 08:59 - 00000000 ____D C:\Windows\system32\MRT
2015-12-10 07:18 - 2012-09-22 18:16 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-09 22:49 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2015-12-09 21:58 - 2012-09-19 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-12-09 21:58 - 2012-09-19 17:02 - 00000000 ____D C:\Program Files (x86)\Epson Software
2015-12-09 16:25 - 2014-05-19 19:17 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-09 16:25 - 2012-09-23 08:20 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 16:25 - 2012-09-23 08:20 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-06 10:16 - 2013-08-12 09:20 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-06 10:16 - 2013-08-12 09:20 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-06 10:16 - 2012-09-16 08:06 - 00004144 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000UA
2015-12-06 10:16 - 2012-09-16 08:06 - 00003748 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000Core
2015-12-06 10:16 - 2012-09-16 08:06 - 00001156 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000UA.job
2015-12-03 11:10 - 2012-09-13 11:21 - 00000000 ____D C:\Users\Tobias Breunig
2015-12-03 10:46 - 2013-08-12 09:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-12-02 17:17 - 2014-11-14 21:15 - 00000000 __SHD C:\Users\Tobias Breunig\AppData\Local\EmieBrowserModeList
2015-12-02 17:17 - 2014-09-03 10:31 - 00000000 __SHD C:\Users\Tobias Breunig\AppData\Local\EmieUserList
2015-12-02 17:17 - 2014-09-03 10:31 - 00000000 __SHD C:\Users\Tobias Breunig\AppData\Local\EmieSiteList
2015-12-01 19:04 - 2013-05-19 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-01 19:02 - 2013-05-19 13:32 - 00162072 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-12-01 19:02 - 2013-05-19 13:32 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-12-01 19:02 - 2013-05-19 13:32 - 00075472 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-11-22 12:20 - 2014-11-25 17:24 - 00000000 ____D C:\ProgramData\WinZip
2015-11-16 06:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\ModemLogs
2015-11-15 21:16 - 2012-09-13 11:27 - 00000000 ____D C:\Windows\System32\Tasks\Fujitsu
2015-11-15 20:57 - 2012-12-01 09:17 - 00000000 ____D C:\Users\Tobias Breunig\Documents\Meine empfangenen Dateien

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-03-29 12:04 - 2014-03-29 12:04 - 0000045 _____ () C:\Users\Tobias Breunig\AppData\Roaming\WB.CFG
2013-09-05 11:29 - 2013-11-20 12:38 - 0003584 _____ () C:\Users\Tobias Breunig\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-31 12:11 - 2014-12-07 17:11 - 0388096 _____ () C:\Users\Tobias Breunig\AppData\Local\fcumdetl.gdb
2014-10-31 12:11 - 2015-09-17 12:50 - 0002954 _____ () C:\Users\Tobias Breunig\AppData\Local\fcumdetl.gss
2013-02-15 09:14 - 2013-02-15 09:14 - 0017408 _____ () C:\Users\Tobias Breunig\AppData\Local\WebpageIcons.db

Einige Dateien in TEMP:
====================
C:\Users\Tobias Breunig\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-12-11 14:33

==================== Ende von FRST.txt ============================

Tobi_tobi200 · 15.12.2015, 16:22

die Addition:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
durchgeführt von Tobias Breunig (2015-12-15 16:01:39)
Gestartet von C:\Users\Tobias Breunig\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-09-13 10:21:34)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1993335669-2350816491-440414337-500 - Administrator - Disabled)
Gast (S-1-5-21-1993335669-2350816491-440414337-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1993335669-2350816491-440414337-1007 - Limited - Enabled)
Tobias Breunig (S-1-5-21-1993335669-2350816491-440414337-1000 - Administrator - Enabled) => C:\Users\Tobias Breunig

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Ad-Aware Antivirus (HKLM\...\{30B9595A-D4B5-4198-8F3C-2219C78590C9}_AdAwareUpdater) (Version: 11.9.662.8718 - Lavasoft)
AdAwareInstaller (Version: 11.9.662.8718 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.9.662.8718 - Lavasoft) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{4CFE23CC-779D-4572-A76F-AB60A958BC79}) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Anleitung für Epson Connect (HKLM-x32\...\Epson Connect Guide) (Version:  - )
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.4205.0 - Lavasoft) Hidden
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AvcEngine (Version: 3.11.11387.0 - Lavasoft) Hidden
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
Benutzerhandbuch EPSON SX235 Series (HKLM-x32\...\EPSON SX235 Series Useg) (Version:  - )
Buchungssatzpauker-B IKR 2.70 (Shareware) (HKLM-x32\...\{0836774E-40D3-4942-9DD1-65757756E1B3}) (Version: 2.70 - Dumproff Adolf)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
CrissCross 8.40 (HKLM-x32\...\{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}) (Version: 8.4.0.0 - )
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1521 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.14.0118 - Fujitsu Technology Solutions)
Dropbox (HKU\S-1-5-21-1993335669-2350816491-440414337-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Druckerdeinstallation für EPSON WF-3520 Series (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
Druckerdeinstallation für EPSON XP-422 423 425 Series (HKLM\...\EPSON XP-422 423 425 Series) (Version:  - SEIKO EPSON Corporation)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.16483 - Landesfinanzdirektion Thüringen)
Epson Benutzerhandbuch WF-3520 Series (HKLM-x32\...\WF-3520 Series Useg) (Version:  - )
Epson Easy Photo Print 2 (HKLM-x32\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-3520 Series (HKLM-x32\...\WF-3520 Series Netg) (Version:  - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX235 Series Printer Uninstall (HKLM\...\EPSON SX235 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
FJ Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.137 - Realtek Semiconductor Corp.)
Free DVD Video Burner version 3.2.14.415 (HKLM-x32\...\Free DVD Video Burner_is1) (Version: 3.2.14.415 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.0.128 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.0.128 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.0.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.0.128 - DVDVideoSoft Ltd.)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.70.0.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 3.01.00.002 - FUJITSU LIMITED)
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.002 - FUJITSU LIMITED) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.4.5.0 - FUJITSU LIMITED)
Fujitsu System Extension Utility (Version: 3.4.5.0 - FUJITSU LIMITED) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gameforge Live 1.10.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.10.0 - Gameforge)
Google Chrome (HKU\S-1-5-21-1993335669-2350816491-440414337-1000\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
GrampsAIO64 (HKLM-x32\...\GrampsAIO64) (Version: 4.0.2 - The GRAMPS project)
Install Merge Module for Board (x32 Version: 1.00.0000 - Your Company Name) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{E97F409F-9E1C-42A0-B72D-765A78DF3696}) (Version: 15.01.0000.0830 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 2 Runtime Environment, SE v1.4.2_10 (HKLM-x32\...\{7148F0A8-6813-11D6-A77B-00B0D0142100}) (Version: 1.4.2_10 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 6.4.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.4.0 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LIFEBOOK Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.3.2.0 - FUJITSU LIMITED)
LIFEBOOK Application Panel (Version: 8.3.2.0 - FUJITSU LIMITED) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.25.00.03 - Huawei Technologies Co.,Ltd)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.659 - Electronic Arts)
Netzwerkhandbuch EPSON SX235 Series (HKLM-x32\...\EPSON SX235 Series Netg) (Version:  - )
Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version:  - )
OMC ModPack Client Version 1.4.1.0 (HKLM-x32\...\{E2F3187C-2B94-486F-8914-E69211487FB6}_is1) (Version: 1.4.1.0 - Odem Mortis)
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.51.17865 - pdfforge GmbH)
PDF Architect 2 Create Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 Edit Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 View Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.2 - pdfforge)
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 6.2.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 6.2.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\{49A588CF-5FD4-4774-BFBF-0764287DE82B}) (Version: 32.01.10.038 - FUJITSU LIMITED)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30129 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-1993335669-2350816491-440414337-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )
WIR 9 - Just Click (HKLM-x32\...\InstallShield_{5C93E423-BCC8-44FB-8A1B-40EB1EC1EAD5}) (Version: 1.00.0000 - Bildungsverlag EINS)
WIR 9 - Just Click (x32 Version: 1.00.0000 - Bildungsverlag EINS) Hidden
World of Warships (HKU\S-1-5-21-1993335669-2350816491-440414337-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version:  - Wargaming.net)
XSManager (HKLM-x32\...\XSManager) (Version: 3.0 - XSManager)
XVM Version 6.1.6.1 (HKLM-x32\...\{2865cd27-6b8b-4413-8272-cd968f316050}_is1) (Version: 6.1.6.1 - XVM team)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei

==================== Wiederherstellungspunkte =========================

13-12-2015 11:26:18 JRT Pre-Junkware Removal
13-12-2015 12:46:51 Haushaltsbuch 8.9 DEMO wird entfernt
13-12-2015 12:50:57 Haushaltsbuch 6.0 wird entfernt

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2015-12-09 22:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {32189D21-C916-43FC-BC23-0C466F4E989C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {5F694E27-9676-4F5B-8035-B4347DF33157} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000Core => C:\Users\Tobias Breunig\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6719A31D-0B80-42D5-8DB0-4F98E927D308} - System32\Tasks\Fujitsu\DeskUpdate => c:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2013-02-26] (Fujitsu Technology Solutions)
Task: {7AA70C5E-C00E-435C-BDE9-C24B2435B200} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000UA => C:\Users\Tobias Breunig\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8DE7E0C0-03D5-41B3-B2BD-69E5AD266CB9} - System32\Tasks\Google Updater and Installer => C:\Users\Tobias Breunig\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B80D1AEA-0F6A-49C8-8184-1DBA42418441} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C6A8A8D7-8CE0-4615-A54B-008019989C90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)
Task: {C86DC428-E561-4926-8AE7-527758FD30D9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000Core => C:\Users\Tobias Breunig\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-16] (Dropbox, Inc.)
Task: {CB00BF31-F8A4-41DA-8B45-B79EFC43E654} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000UA => C:\Users\Tobias Breunig\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-16] (Dropbox, Inc.)
Task: {D4F7466F-F060-4F50-9553-6F67B2FAE394} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D566011E-D14A-49F4-AFF8-CCA91DE4845D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000Core.job => C:\Users\Tobias Breunig\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000UA.job => C:\Users\Tobias Breunig\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000Core.job => C:\Users\Tobias Breunig\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000UA.job => C:\Users\Tobias Breunig\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2012-11-17 18:56 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-11-19 11:55 - 2015-11-19 11:55 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareService.exe
2015-11-19 11:59 - 2015-11-19 11:59 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_system-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_date_time-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_filesystem-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 11670776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareServiceKernel.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\RCF.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_regex-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_thread-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_chrono-vc120-mt-1_57.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 00709360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareActivation.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 00474368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareApplicationUpdater.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareGamingMode.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareReset.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareTime.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 01011968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareDefinitionsUpdater.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareDefinitionsUpdaterScheduler.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareIgnoreList.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareQuarantine.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 01570048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareAntiMalwareEngine.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareAntiRootkitEngine.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareScannerHistory.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01373416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareScanner.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_timer-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01019128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareScannerScheduler.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareRealTimeProtection.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 02489592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareIncompatibles.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 01466600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareAntiSpam.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 01415408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareAntiPhishing.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareParentalControl.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 02995960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareWebProtection.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 01325816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareEmailProtection.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_iostreams-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01856768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareNetworkProtection.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01013992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwarePromo.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 00365288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareFeedback.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareThreatWorkAlliance.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01261800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwarePinCode.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01014504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareNotice.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 01541360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareAvcEngine.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareRealTimeProtectionHistory.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00469744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareStatistics.dll
2015-11-19 21:51 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2012-02-08 01:59 - 2012-01-18 07:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 09574112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareTray.exe
2015-11-19 11:59 - 2015-11-19 11:59 - 00492288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_locale-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 02266344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\HtmlFramework.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00868600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareTrayDefaultSkin.dll
2014-09-27 17:47 - 2014-02-15 07:59 - 00239184 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2014-02-08 11:23 - 2014-02-08 11:23 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-08 11:23 - 2014-02-08 11:23 - 00107832 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-11-16 06:47 - 2010-04-12 18:03 - 00329168 ____N () C:\Program Files (x86)\XSManager\WTGService.exe
2012-04-02 22:37 - 2011-12-16 02:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1993335669-2350816491-440414337-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tobias Breunig\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{61384600-B34A-446E-8316-542112284AD6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{7D1C3E65-686F-4DC6-AA09-4F23ECE8C825}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ADB3AB5A-1CC5-4AE2-B4F3-BB1DE798B7E2}] => (Allow) LPort=2869
FirewallRules: [{33C7AD30-B7DF-41BA-BB3C-D38605DF7E88}] => (Allow) LPort=1900
FirewallRules: [{FB6BA4A1-0E24-4BA3-A9AA-AD6A64A8DB2B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2F109FA5-2E95-4048-8A57-422592B25B8E}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{9C962322-5E1E-475C-964B-B7DA157143AC}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{5F83FD77-FC63-4A6E-97F8-6457589999E2}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [TCP Query User{222729A3-B21E-4423-92CE-6935BAC06BD1}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{6C6DDFCB-0B19-4B64-911F-EC63B1743EBA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{606CCE17-332F-46A1-854B-2E64AD705C65}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C50FF58B-7872-4103-AB87-861A6D5A490B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{4732A370-892B-4875-AEEA-6D308CA8864C}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{CAD49EA6-59CC-42DF-9C4A-BF1D32C61D48}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{DF0D0C14-9BA0-4434-A598-5257368A8FCA}] => (Allow) C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9CA877D7-7D19-438D-A1E8-B38EC3605194}] => (Allow) C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{826B2D26-517A-4EC9-976C-724E6BB909C2}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{6D52D33F-9468-4EB0-A2B3-302FDAC64801}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{94835CA8-C09A-42BE-8AF9-29C84EC05A1F}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{BBA895B9-84BC-4E9B-8EA6-A31D0D84F47D}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{DFF96446-EAC4-46D1-AD52-EC55486D5942}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{7360CDD8-5387-41E0-98E6-962A0E4BBE7B}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{F260B54A-D72D-471F-B341-03072FD96159}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{5009C336-29E8-4277-B26C-F9D594C84FF0}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [TCP Query User{39CD046A-FCFA-4D92-996E-659A1E11AD6A}C:\users\tobias breunig\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tobias breunig\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{F414D0E0-4B17-421F-9D7C-AFDF262885D2}C:\users\tobias breunig\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tobias breunig\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{4F967252-3532-4EA7-93AA-AA5E5680D715}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{D1129C4F-8767-4664-BD59-DEEFAD561077}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{96B43984-0940-4F3E-8586-144F59F7AE2B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{F2CF83B9-0E80-4DE0-9CF4-3616526DF1F4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{89F60732-A22D-48C9-81DA-5FDF5CF7BDAA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{49F0DE7F-7775-4765-8C0E-7875823E09A3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{D7FCB5B1-D7DD-40E6-A3A0-BD18C62D8AAA}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCGui.exe
FirewallRules: [{A34D7983-FCAC-42DC-8824-CBBCC57EB8D1}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCGui.exe
FirewallRules: [{3D522C6D-E19B-4D7B-8C6B-D7052C7D8BA4}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCService.exe
FirewallRules: [{4C4EB6C7-6476-47FD-A85E-1F88A20E7272}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCService.exe
FirewallRules: [{862AA2C1-B528-459D-AB2B-19D173532297}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9EAFCE25-4E80-465D-8574-3CDEA12CAF42}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CFB3376F-4985-44C2-AF4C-38C369BF3B34}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{481AAFB9-519B-4A2C-80E8-DB7E5E7C20B8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{21520D91-2FE9-4861-BC30-A16535B807E0}D:\game\wolfenstein - enemy territory\etded.exe] => (Block) D:\game\wolfenstein - enemy territory\etded.exe
FirewallRules: [UDP Query User{E42DD1DA-E05B-442C-AA45-A7B33B1716FE}D:\game\wolfenstein - enemy territory\etded.exe] => (Block) D:\game\wolfenstein - enemy territory\etded.exe
FirewallRules: [TCP Query User{AA4CDA8F-A84F-46BA-992E-9010EFAE3822}D:\game\wolfenstein - enemy territory\et.exe] => (Block) D:\game\wolfenstein - enemy territory\et.exe
FirewallRules: [UDP Query User{FD3818D7-8F56-4B35-8640-09A9FAF57FBC}D:\game\wolfenstein - enemy territory\et.exe] => (Block) D:\game\wolfenstein - enemy territory\et.exe
FirewallRules: [{6ED0C488-23A3-4C4E-A333-2D0809733456}] => (Allow) D:\Game\GameforgeLive\gfl_client.exe
FirewallRules: [TCP Query User{A2E5707B-F5FD-492B-B2AE-55C712C44C1E}D:\game\data\nfsw.exe] => (Block) D:\game\data\nfsw.exe
FirewallRules: [UDP Query User{EC4538BD-76E6-4121-9AE8-BC30453B0575}D:\game\data\nfsw.exe] => (Block) D:\game\data\nfsw.exe
FirewallRules: [TCP Query User{B186B93A-1CAC-4683-9BFA-7C3AF21EFAC7}D:\game\data\nfsw.exe] => (Block) D:\game\data\nfsw.exe
FirewallRules: [UDP Query User{7C444AF2-78D0-423A-995E-43DC86A023DB}D:\game\data\nfsw.exe] => (Block) D:\game\data\nfsw.exe
FirewallRules: [TCP Query User{4974203A-9D31-4A51-9581-7825BE7DD279}C:\games\world_of_tanks\wotlauncher.exe] => (Block) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{1333BD55-9212-448C-BED4-3DEA215FD48E}C:\games\world_of_tanks\wotlauncher.exe] => (Block) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{6151DC30-E7C1-42DC-AC02-B86DE2993DD0}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{CE058120-17B4-47F6-9173-0D04EDFCA513}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{8A5E68FC-F6F2-4EE3-9442-32ED25CEE4D9}C:\games\world_of_tanks\worldoftanks.exe] => (Block) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{34E26BE0-830A-415B-BE8D-AB92F66AE2D0}C:\games\world_of_tanks\worldoftanks.exe] => (Block) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{EA187B5E-23E5-4B75-85C9-73AFB4323884}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{74BD20B7-9A13-4828-AE8D-8D1EA47DEF0E}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{2BA0FA87-C4B8-4790-8075-2B8620AE753C}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [UDP Query User{1FAD72A5-937B-4D9A-91B9-7DC1BE7933AB}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [TCP Query User{55569463-E1E2-4781-AE6C-509630EBB229}D:\games\world_of_tanks\worldoftanks.exe] => (Block) D:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{4B5E9810-4C42-46D2-891A-8442E3384D76}D:\games\world_of_tanks\worldoftanks.exe] => (Block) D:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{32123295-9A32-44E5-8D8E-766F6A424726}D:\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{622B7582-6D3A-464D-B6E9-DBC751F26B9E}D:\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{231A6322-009D-4103-A186-90039C77FFB6}D:\games\world_of_tanks\wotlauncher.exe] => (Block) D:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{FAFF3DDA-D0CE-4BA2-8D78-54595E979DB7}D:\games\world_of_tanks\wotlauncher.exe] => (Block) D:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{0D3788FC-D52F-467C-B633-465991575ACA}D:\games\world_of_tanks\worldoftanks.exe] => (Block) D:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{3C85DD76-7551-4048-ACE9-93DC69294A70}D:\games\world_of_tanks\worldoftanks.exe] => (Block) D:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{D69B6994-00CA-4B8B-B320-FEAB6ACEDFFF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{605AFD90-D7B9-42AC-BB81-1518073F83D7}D:\games\world_of_warplanes\wowplauncher.exe] => (Allow) D:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [UDP Query User{0E69C3CE-DDAD-4A53-9797-3403AB9534EB}D:\games\world_of_warplanes\wowplauncher.exe] => (Allow) D:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [TCP Query User{8A6E8F05-5F44-4832-A457-926199337BCE}D:\games\wotlauncher.exe] => (Allow) D:\games\wotlauncher.exe
FirewallRules: [UDP Query User{EEA8DBF8-E516-427B-95F3-755A31CF8C25}D:\games\wotlauncher.exe] => (Allow) D:\games\wotlauncher.exe
FirewallRules: [TCP Query User{5CAE98EC-8FAD-4A68-9DF4-AC5D990931CB}D:\games\worldoftanks.exe] => (Block) D:\games\worldoftanks.exe
FirewallRules: [UDP Query User{DBFBBD8B-6F4E-4B00-9EF9-AA0506595F88}D:\games\worldoftanks.exe] => (Block) D:\games\worldoftanks.exe
FirewallRules: [TCP Query User{D5E41CC8-4786-4FF0-9133-1938B98F3F1F}D:\games\worldoftanks.exe] => (Allow) D:\games\worldoftanks.exe
FirewallRules: [UDP Query User{0ECD84D3-E691-42FF-B5BA-ED2AFE05DC4D}D:\games\worldoftanks.exe] => (Allow) D:\games\worldoftanks.exe
FirewallRules: [TCP Query User{48442FB7-DC2B-41E3-8135-BB7AB2F3D67C}D:\games\wotlauncher.exe] => (Allow) D:\games\wotlauncher.exe
FirewallRules: [UDP Query User{43DF7B6F-F46E-48EA-91A7-E678E9D76538}D:\games\wotlauncher.exe] => (Allow) D:\games\wotlauncher.exe
FirewallRules: [TCP Query User{1D6339B8-EBA6-403C-B3C3-ADF56F970C3D}D:\wow\wowslauncher.exe] => (Allow) D:\wow\wowslauncher.exe
FirewallRules: [UDP Query User{60E9BE1F-980E-46EE-8636-A8AA47E788DA}D:\wow\wowslauncher.exe] => (Allow) D:\wow\wowslauncher.exe
FirewallRules: [TCP Query User{7E0F0033-0456-4DF8-8A35-0BAC6DC2C870}D:\wot\worldoftanks.exe] => (Block) D:\wot\worldoftanks.exe
FirewallRules: [UDP Query User{4E14A424-8EDD-453B-8A0E-86D169529B0B}D:\wot\worldoftanks.exe] => (Block) D:\wot\worldoftanks.exe
FirewallRules: [TCP Query User{CD2FA1B2-8857-463C-9990-5DEB59C3D927}D:\wot\worldoftanks.exe] => (Block) D:\wot\worldoftanks.exe
FirewallRules: [UDP Query User{1AA26380-6A8B-47B3-9699-048AFEBA2CF0}D:\wot\worldoftanks.exe] => (Block) D:\wot\worldoftanks.exe
FirewallRules: [TCP Query User{81DEE438-144F-45AC-A5C9-FCD6956672C5}D:\wot\wotlauncher.exe] => (Allow) D:\wot\wotlauncher.exe
FirewallRules: [UDP Query User{DCE72118-085B-4E40-B085-87807DCB6341}D:\wot\wotlauncher.exe] => (Allow) D:\wot\wotlauncher.exe
FirewallRules: [TCP Query User{621DA99E-F68C-4A68-A2B7-8CAE8925D311}D:\wot\wotlauncher.exe] => (Allow) D:\wot\wotlauncher.exe
FirewallRules: [UDP Query User{00CD26F1-929C-4DFF-86F4-F3390EDC6CDD}D:\wot\wotlauncher.exe] => (Allow) D:\wot\wotlauncher.exe
FirewallRules: [{0CEFB31C-6F3A-495A-AD8C-C7FD69A13FA0}] => (Allow) C:\Program Files (x86)\OMC ModPack Client\OMC ModPack Client.exe

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: BitDefender Firewall NDIS 6 Filter Driver
Description: BitDefender Firewall NDIS 6 Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BdfNdisf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: bdfwfpf
Description: bdfwfpf
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: bdfwfpf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/15/2015 03:40:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
   at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/15/2015 03:39:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
   at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/15/2015 03:38:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/15/2015 03:38:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
   at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/15/2015 03:37:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Systray.exe, Version: 1.1.25.25617, Zeitstempel: 0x5447ad92
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.19045, Zeitstempel: 0x56258f05
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x34c
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Systray.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Systray.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Systray.exe2
Berichtskennung: Avira.OE.Systray.exe3

Error: (12/15/2015 03:37:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.Systray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Configuration.ConfigurationErrorsException
Stack:
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
   at System.Configuration.BaseConfigurationRecord.GetSection(System.String)
   at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
   at System.Configuration.ConfigurationManager.get_AppSettings()
   at Avira.OE.WinCore.OeProductInfo.get_Culture()
   at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
   at Avira.OE.Systray.Program.Main(System.String[])

Error: (12/15/2015 12:30:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/14/2015 09:34:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/14/2015 09:34:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/14/2015 09:34:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


Systemfehler:
=============
Error: (12/15/2015 03:40:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (12/15/2015 03:39:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/15/2015 03:39:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/15/2015 03:39:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
BdfNdisf
bdfwfpf

Error: (12/15/2015 03:37:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/15/2015 03:37:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMService erreicht.

Error: (12/15/2015 03:36:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/15/2015 03:36:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.

Error: (12/14/2015 09:39:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (12/14/2015 09:39:59 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\TOBIAS~1\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


CodeIntegrity:
===================================
  Date: 2015-12-15 15:55:45.070
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-12-15 15:39:33.250
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-12-15 00:30:46.723
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-12-14 23:03:01.552
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-12-14 21:15:33.395
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-12-14 16:58:33.654
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-12-14 16:45:41.083
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-12-14 16:12:56.592
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-12-14 15:28:59.928
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-12-14 14:44:47.223
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 47%
Installierter physikalischer RAM: 3956.3 MB
Verfügbarer physikalischer RAM: 2086.16 MB
Summe virtueller Speicher: 7910.81 MB
Verfügbarer virtueller Speicher: 5702.32 MB

==================== Laufwerke ================================

Drive c: (System) (Fixed) (Total:148 GB) (Free:58.09 GB) NTFS
Drive d: (Data) (Fixed) (Total:300.75 GB) (Free:252.75 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C48EFFB2)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=463.8 GB) - (Type=OF Extended)

==================== Ende von Addition.txt ============================

Vielleicht noch eine Info am Rande. Avira hat während des letzten scans ("Untersuchen" mit Addition) von FRST. Eine Meldung des Trojaners, der zu Beginn des Ganzen angezeigt wurde, gebracht:

"In der Datei 'C:\Windows\SysWOW64\pcasvc32.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/FireHooker.1825' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern"

Dieses WOW könnte für "World of Warplanes" stehen. Das ist ein Spiel, das ich mal gespielt habe und nicht mehr brauche.

Vielleicht hilft es ja.

Danke, Gruß Tobi

M-K-D-B · 15.12.2015, 17:21

Servus,

"SysWOW64" ist ein wichtiger Systemordner. Löscht du den ganzen Ordner, ist dein Windows tot.

Avira vor Schritt 1 deaktivieren!

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
C:\Users\Tobias Breunig\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnppeiljbkkeallfigddpgpciocagkoa
C:\Users\Tobias Breunig\Downloads\FreeMP4VideoConverter_5.0.20.1031.exe
C:\Users\Tobias Breunig\Downloads\FreeYouTubeToMP3Converter.exe
C:\Users\Tobias Breunig\Downloads\FreeYouTubeToMP3Converter37.exe
C:\Users\Tobias Breunig\Downloads\PDFCreator-2_0_2-setup.exe
C:\Users\Tobias Breunig\Downloads\wz190gev-32.msi
C:\Users\Tobias Breunig\Downloads\wz200gev-64.msi
C:\Windows\Installer\4aa3336.msi
C:\Windows\SysWOW64\pcasvc32.dll
DeleteKey: HKLM\SOFTWARE\Classes\AppID\{BAB04997-93AD-4C13-805A-0409199700BB}
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BAB04997-93AD-4C13-805A-0409199700BB}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival\IMShowVolumeOnArrival
DeleteKey: HKLM\SOFTWARE\RegisteredApplications\iMesh
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival\IMShowVolumeOnArrival
DeleteKey: HKLM\SOFTWARE\Wow6432Node\RegisteredApplications\iMesh
DeleteKey: HKU\S-1-5-21-1993335669-2350816491-440414337-1000\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
DeleteKey: HKU\S-1-5-21-1993335669-2350816491-440414337-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113}
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die beiden neuen Logdateien von FRST.

Tobi_tobi200 · 15.12.2015, 19:48

Hi,

oh ;-) das wäre natürlich ungünstig.

FRST-Fix:

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
durchgeführt von Tobias Breunig (2015-12-15 19:31:43) Run:3
Gestartet von C:\Users\Tobias Breunig\Desktop
Geladene Profile: Tobias Breunig (Verfügbare Profile: Tobias Breunig)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
C:\Users\Tobias Breunig\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnppeiljbkkeallfigddpgpciocagkoa
C:\Users\Tobias Breunig\Downloads\FreeMP4VideoConverter_5.0.20.1031.exe
C:\Users\Tobias Breunig\Downloads\FreeYouTubeToMP3Converter.exe
C:\Users\Tobias Breunig\Downloads\FreeYouTubeToMP3Converter37.exe
C:\Users\Tobias Breunig\Downloads\PDFCreator-2_0_2-setup.exe
C:\Users\Tobias Breunig\Downloads\wz190gev-32.msi
C:\Users\Tobias Breunig\Downloads\wz200gev-64.msi
C:\Windows\Installer\4aa3336.msi
C:\Windows\SysWOW64\pcasvc32.dll
DeleteKey: HKLM\SOFTWARE\Classes\AppID\{BAB04997-93AD-4C13-805A-0409199700BB}
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BAB04997-93AD-4C13-805A-0409199700BB}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival\IMShowVolumeOnArrival
DeleteKey: HKLM\SOFTWARE\RegisteredApplications\iMesh
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival\IMShowVolumeOnArrival
DeleteKey: HKLM\SOFTWARE\Wow6432Node\RegisteredApplications\iMesh
DeleteKey: HKU\S-1-5-21-1993335669-2350816491-440414337-1000\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
DeleteKey: HKU\S-1-5-21-1993335669-2350816491-440414337-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113}
EmptyTemp:
end

*****************

Prozess erfolgreich geschlossen.
C:\Users\Tobias Breunig\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnppeiljbkkeallfigddpgpciocagkoa => erfolgreich verschoben
C:\Users\Tobias Breunig\Downloads\FreeMP4VideoConverter_5.0.20.1031.exe => erfolgreich verschoben
C:\Users\Tobias Breunig\Downloads\FreeYouTubeToMP3Converter.exe => erfolgreich verschoben
C:\Users\Tobias Breunig\Downloads\FreeYouTubeToMP3Converter37.exe => erfolgreich verschoben
C:\Users\Tobias Breunig\Downloads\PDFCreator-2_0_2-setup.exe => erfolgreich verschoben
C:\Users\Tobias Breunig\Downloads\wz190gev-32.msi => erfolgreich verschoben
C:\Users\Tobias Breunig\Downloads\wz200gev-64.msi => erfolgreich verschoben
C:\Windows\Installer\4aa3336.msi => erfolgreich verschoben
C:\Windows\SysWOW64\pcasvc32.dll => erfolgreich verschoben
HKLM\SOFTWARE\Classes\AppID\{BAB04997-93AD-4C13-805A-0409199700BB} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BAB04997-93AD-4C13-805A-0409199700BB} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival\IMShowVolumeOnArrival => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\RegisteredApplications\iMesh => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival\IMShowVolumeOnArrival => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications\iMesh => Schlüssel nicht gefunden. 
HKU\S-1-5-21-1993335669-2350816491-440414337-1000\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4 => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-1993335669-2350816491-440414337-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113} => Schlüssel nicht gefunden. 
EmptyTemp: => 17.2 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 19:32:01 ====

Logdateien von FRST:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
durchgeführt von Tobias Breunig (Administrator) auf TOBIASBREUNIG (15-12-2015 19:40:45)
Gestartet von C:\Users\Tobias Breunig\Desktop
Geladene Profile: Tobias Breunig &  (Verfügbare Profile: Tobias Breunig)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareService.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Fujitsu Technology Solutions) C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAHWindow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Nico Mak Computing) C:\Program Files\WinZip\WZUpdateNotifier.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNAutoCon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_228_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [589176 2011-12-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe [76104 2012-01-17] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [205168 2011-10-03] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158024 2011-10-01] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23368 2011-10-01] (FUJITSU LIMITED)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareTray.exe [9574112 2015-11-19] ()
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-30] (FUJITSU LIMITED)
HKLM-x32\...\Run: [DeskUpdateNotifier] => c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe [102968 2013-02-26] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [255208 2012-03-21] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [starter4g] => C:\Windows\starter4g.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1993335669-2350816491-440414337-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-1993335669-2350816491-440414337-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-1993335669-2350816491-440414337-1000\...\Run: [EPLTarget\P0000000000000005] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINDE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1993335669-2350816491-440414337-1000\...\Run: [Dropbox Update] => C:\Users\Tobias Breunig\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-16] (Dropbox, Inc.)
HKU\S-1-5-21-1993335669-2350816491-440414337-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-1993335669-2350816491-440414337-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-1993335669-2350816491-440414337-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPLTarget\P0000000000000005] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINDE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1993335669-2350816491-440414337-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\Tobias Breunig\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-11-22]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Benachrichtigungsdienst.lnk [2015-11-22]
ShortcutTarget: Update Benachrichtigungsdienst.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-11-22]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk [2012-04-02]
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk [2012-09-13]
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk [2012-04-02]
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk [2012-09-13]
ShortcutTarget: newreminderdialog.lnk -> C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (Fujitsu Technology Solutions)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1FD0377E-AD52-4C68-9AED-EE4550C0CA3E}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{B2068E9E-EB27-44AB-9FA6-8CD2FA3094EB}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{B663E67C-04CC-4BFE-B35D-76BEE88D031D}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{BAB03E7D-1441-4A65-A4DE-AF0C7BCFD5D6}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{E16BE87C-9A44-4086-B930-97BF390EE7C0}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1993335669-2350816491-440414337-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1993335669-2350816491-440414337-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/?hl=de&gl=de
HKU\S-1-5-21-1993335669-2350816491-440414337-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH;
HKU\S-1-5-21-1993335669-2350816491-440414337-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1993335669-2350816491-440414337-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/?hl=de&gl=de
HKU\S-1-5-21-1993335669-2350816491-440414337-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH;
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll [2014-10-10] (pdfforge GmbH)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll [2014-10-10] (pdfforge GmbH)
IE Session Restore: HKU\S-1-5-21-1993335669-2350816491-440414337-1000 -> ist aktiviert.
IE Session Restore: HKU\S-1-5-21-1993335669-2350816491-440414337-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> ist aktiviert.

FireFox:
========
FF ProfilePath: C:\Users\Tobias Breunig\AppData\Roaming\Mozilla\Firefox\Profiles\mkj9e44c.default
FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Homepage: hxxps://www.google.de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll [2012-09-23] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1993335669-2350816491-440414337-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-1993335669-2350816491-440414337-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-1993335669-2350816491-440414337-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tobias Breunig\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-19] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1993335669-2350816491-440414337-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-1993335669-2350816491-440414337-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-1993335669-2350816491-440414337-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tobias Breunig\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-19] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Tobias Breunig\AppData\Roaming\Mozilla\Firefox\Profiles\mkj9e44c.default\Extensions\abs@avira.com [2014-08-28] [ist nicht signiert]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-08-04] [ist nicht signiert]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-08-04] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-03-07] [ist nicht signiert]

Chrome: 
=======
CHR Profile: C:\Users\Tobias Breunig\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Tobias Breunig\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Web Store) - C:\Users\Tobias Breunig\AppData\Local\Google\Chrome\User Data\Default\Extensions\flginmpmhddplnpledjkaobmcdaeohil [2015-12-14]
CHR Extension: (Web Store) - C:\Users\Tobias Breunig\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-12-14]
CHR Extension: (Web Store) - C:\Users\Tobias Breunig\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Tobias Breunig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-27]
CHR HKU\S-1-5-21-1993335669-2350816491-440414337-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\TOBIAS~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-08-12]
CHR HKU\S-1-5-21-1993335669-2350816491-440414337-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\TOBIAS~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-08-12]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (DTS, Inc)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [Datei ist nicht signiert]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [76104 2012-01-17] (FUJITSU LIMITED)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareService.exe [712432 2015-11-19] ()
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2213376 2011-12-22] (FUJITSU LIMITED) [Datei ist nicht signiert]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-02-08] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2014-02-08] ()
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63856 2011-10-03] (FUJITSU LIMITED)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329168 2010-04-12] ()
R2 XS Stick Service; C:\Windows\service4g.exe [145064 2010-04-30] (4G Systems GmbH & Co. KG)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2012-03-19] (Microsoft Corporation)
S3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-07-29] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [271272 2015-07-29] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-07-29] (BitDefender)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2015-11-16] (Mobile Connector)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\system32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-15] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8217064 2012-01-02] (Realtek Semiconductor Corp.)
S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2013-10-18] (SMART Technologies) [Datei ist nicht signiert]
S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2013-10-18] (SMART Technologies) [Datei ist nicht signiert]
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2013-10-18] (SMART Technologies ULC) [Datei ist nicht signiert]
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2012-12-30] (Duplex Secure Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S1 BdfNdisf; \??\c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [X]
S1 bdfwfpf; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gzflt; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-15 19:40 - 2015-12-15 19:42 - 00032404 _____ C:\Users\Tobias Breunig\Desktop\FRST.txt
2015-12-15 19:31 - 2015-12-15 19:32 - 00003900 _____ C:\Users\Tobias Breunig\Desktop\Fixlog.txt
2015-12-15 19:30 - 2015-12-15 19:31 - 00000000 ____D C:\Users\Tobias Breunig\Desktop\Di.Abend
2015-12-14 21:20 - 2015-12-14 21:20 - 00000657 _____ C:\Users\Tobias Breunig\Desktop\MTB.txt
2015-12-14 21:18 - 2015-12-14 21:19 - 00891392 _____ (Farbar) C:\Users\Tobias Breunig\Desktop\MiniToolBox.exe
2015-12-14 16:12 - 2015-12-14 16:12 - 02870984 _____ (ESET) C:\Users\Tobias Breunig\Desktop\esetsmartinstaller_deu.exe
2015-12-14 14:49 - 2015-12-14 16:41 - 00000000 ____D C:\ProgramData\HitmanPro
2015-12-14 14:48 - 2015-12-14 14:49 - 11323704 _____ (SurfRight B.V.) C:\Users\Tobias Breunig\Desktop\HitmanPro_x64.exe
2015-12-14 14:36 - 2015-12-15 16:03 - 00000000 ____D C:\Users\Tobias Breunig\Desktop\Mo Abend
2015-12-14 12:52 - 2015-12-14 12:52 - 00000000 ____D C:\Users\Tobias Breunig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-13 21:11 - 2015-12-13 21:39 - 00000000 ____D C:\Users\Tobias Breunig\Desktop\So. Abend
2015-12-13 20:50 - 2015-12-13 20:50 - 00165376 _____ C:\Users\Tobias Breunig\Desktop\SystemLook_x64.exe
2015-12-13 19:51 - 2015-12-14 14:39 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-12-13 19:49 - 2015-12-13 19:49 - 00000000 ____D C:\Users\Tobias Breunig\AppData\Local\updater4g
2015-12-13 19:35 - 2015-12-13 19:35 - 00000000 ____D C:\Users\Tobias Breunig\AppData\Local\Nico Mak Computing
2015-12-13 19:34 - 2015-12-13 19:34 - 00000000 ____D C:\ProgramData\Lavasoft
2015-12-13 13:25 - 2015-12-13 13:25 - 00000514 _____ C:\Users\Tobias Breunig\Desktop\World of Tanks 0.9.12 ProMod.lnk
2015-12-13 13:08 - 2015-12-13 13:08 - 00136008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinet.ocx
2015-12-13 13:08 - 2015-12-13 13:08 - 00034308 _____ C:\Windows\SysWOW64\bassmod.dll
2015-12-13 13:07 - 2015-12-13 13:07 - 01931296 _____ (Codejock Software) C:\Windows\Codejock.Controls.v15.3.1.ocx
2015-12-13 13:07 - 2015-12-13 13:07 - 01931296 _____ (Codejock Software) C:\Windows\CODEJO~2.OCX
2015-12-13 13:07 - 2015-12-13 13:07 - 00136008 _____ (Microsoft Corporation) C:\Windows\msinet.ocx
2015-12-13 13:00 - 2015-12-15 19:34 - 00002327 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-12-13 12:58 - 2015-12-13 12:58 - 02345566 _____ C:\Users\Tobias Breunig\Desktop\ProMod.zip
2015-12-13 12:58 - 2015-12-13 12:58 - 00000000 ____D C:\Program Files\Lavasoft
2015-12-13 11:38 - 2015-12-13 11:38 - 00000000 ____D C:\Users\Tobias Breunig\Desktop\FRST-OlderVersion
2015-12-13 11:29 - 2015-12-13 11:29 - 00009855 _____ C:\Users\Tobias Breunig\Desktop\JRT.txt
2015-12-13 11:20 - 2015-12-13 11:20 - 01599336 _____ (Malwarebytes) C:\Users\Tobias Breunig\Desktop\JRT.exe
2015-12-13 11:16 - 2015-12-13 11:16 - 00017334 _____ C:\Users\Tobias Breunig\Desktop\mbam.txt
2015-12-13 10:37 - 2015-12-13 10:37 - 00021371 _____ C:\Users\Tobias Breunig\Desktop\AdwCleaner[C1].txt
2015-12-13 10:27 - 2015-12-15 19:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-13 10:26 - 2015-12-13 10:26 - 00001108 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-12-13 10:26 - 2015-12-13 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-12-13 10:26 - 2015-12-13 10:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-13 10:26 - 2015-12-13 10:26 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-12-13 10:26 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-13 10:26 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-13 10:26 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-13 10:24 - 2015-12-13 10:26 - 22908888 _____ (Malwarebytes ) C:\Users\Tobias Breunig\Desktop\mbam-setup-2.2.0.1024.exe
2015-12-13 10:13 - 2015-12-13 10:16 - 00000000 ____D C:\AdwCleaner
2015-12-13 10:09 - 2015-12-13 10:09 - 01738240 _____ C:\Users\Tobias Breunig\Desktop\AdwCleaner_5.024.exe
2015-12-09 23:10 - 2015-12-09 23:10 - 00036474 _____ C:\Users\Tobias Breunig\Desktop\Combofix.txt
2015-12-09 22:56 - 2015-12-09 22:56 - 00036474 _____ C:\ComboFix.txt
2015-12-09 22:50 - 2015-12-14 14:42 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-12-09 22:30 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2015-12-09 22:30 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2015-12-09 22:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-12-09 22:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-12-09 22:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-12-09 22:30 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2015-12-09 22:30 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2015-12-09 22:30 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2015-12-09 22:29 - 2015-12-09 22:56 - 00000000 ____D C:\Qoobox
2015-12-09 22:28 - 2015-12-09 22:55 - 00000000 ____D C:\Windows\erdnt
2015-12-09 22:25 - 2015-12-09 22:25 - 05640425 ____R (Swearware) C:\Users\Tobias Breunig\Desktop\ComboFix.exe
2015-12-09 21:42 - 2015-12-09 21:42 - 00001270 _____ C:\Users\Tobias Breunig\Desktop\Revo Uninstaller.lnk
2015-12-09 21:42 - 2015-12-09 21:42 - 00000000 ____D C:\Users\Tobias Breunig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2015-12-09 21:42 - 2015-12-09 21:42 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-12-09 21:41 - 2015-12-09 21:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tobias Breunig\Desktop\revosetup95.exe
2015-12-09 16:25 - 2015-12-09 16:25 - 09498816 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-12-09 15:13 - 2015-11-20 19:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-09 15:13 - 2015-11-20 19:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-09 15:13 - 2015-11-20 19:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-09 15:13 - 2015-11-20 19:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-09 15:13 - 2015-11-20 19:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-09 15:13 - 2015-11-20 19:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-09 15:13 - 2015-11-20 19:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-09 15:13 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-09 15:13 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-09 15:13 - 2015-11-20 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-09 15:13 - 2015-11-20 19:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-09 15:13 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-09 15:13 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-09 15:13 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-09 15:13 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-09 15:13 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-09 15:13 - 2015-11-11 22:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-09 15:13 - 2015-11-11 21:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-09 15:13 - 2015-11-11 19:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 15:13 - 2015-11-11 19:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 15:13 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 15:13 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 15:13 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 15:13 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 15:13 - 2015-11-11 16:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-09 15:13 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 15:13 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 15:13 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 15:13 - 2015-11-11 15:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-09 15:13 - 2015-11-10 19:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 15:13 - 2015-11-10 19:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 15:13 - 2015-11-10 19:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 15:13 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 15:13 - 2015-11-10 19:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 15:13 - 2015-11-10 18:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 15:13 - 2015-11-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-09 15:13 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 15:13 - 2015-11-10 01:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-09 15:13 - 2015-11-10 01:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-09 15:13 - 2015-11-10 01:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-09 15:13 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-09 15:13 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 15:13 - 2015-11-10 01:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-09 15:13 - 2015-11-10 01:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-09 15:13 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 15:13 - 2015-11-10 01:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-09 15:13 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-09 15:13 - 2015-11-10 01:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-09 15:13 - 2015-11-10 00:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-09 15:13 - 2015-11-10 00:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-09 15:13 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 15:13 - 2015-11-10 00:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-09 15:13 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-09 15:13 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 15:13 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 15:13 - 2015-11-10 00:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-09 15:13 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-09 15:13 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-09 15:13 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-09 15:13 - 2015-11-08 23:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-09 15:13 - 2015-11-08 23:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-09 15:13 - 2015-11-08 23:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-09 15:13 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 15:13 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 15:13 - 2015-11-08 23:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-09 15:13 - 2015-11-08 23:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-09 15:13 - 2015-11-08 23:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-09 15:13 - 2015-11-08 23:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-09 15:13 - 2015-11-08 23:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-09 15:13 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 15:13 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 15:13 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 15:13 - 2015-11-08 23:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-09 15:13 - 2015-11-08 23:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-09 15:13 - 2015-11-08 23:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-09 15:13 - 2015-11-08 22:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-09 15:13 - 2015-11-08 22:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-09 15:13 - 2015-11-08 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-09 15:13 - 2015-11-08 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-09 15:13 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 15:13 - 2015-11-08 22:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-09 15:13 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-09 15:13 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 15:13 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-09 15:13 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 15:13 - 2015-11-08 22:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-09 15:13 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 15:13 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 15:13 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 15:13 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-09 15:13 - 2015-11-05 20:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-09 15:13 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-09 15:13 - 2015-11-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-09 15:13 - 2015-11-05 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-09 15:13 - 2015-11-05 10:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 15:13 - 2015-11-03 20:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-09 15:13 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-09 15:13 - 2015-10-09 00:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-12-09 15:13 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-09 15:13 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-09 15:13 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-09 15:13 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-09 15:13 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-09 15:13 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-09 15:13 - 2015-10-09 00:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-12-09 15:13 - 2015-10-08 20:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-12-09 15:13 - 2015-10-08 19:52 - 00419928 _____ C:\Windows\system32\locale.nls
2015-12-09 15:12 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-09 15:12 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-07 21:46 - 2015-12-07 21:48 - 00061605 _____ C:\Users\Tobias Breunig\Desktop\Addition1.txt
2015-12-06 18:16 - 2015-12-13 11:38 - 02369536 _____ (Farbar) C:\Users\Tobias Breunig\Desktop\FRST64.exe
2015-12-06 12:00 - 2015-12-06 12:00 - 00000708 _____ C:\Users\Tobias Breunig\Desktop\Ereignisse 2.txt
2015-12-06 11:50 - 2015-12-07 21:46 - 00077199 _____ C:\Users\Tobias Breunig\Desktop\FRST_1.txt
2015-12-06 11:43 - 2015-12-15 19:40 - 00000000 ____D C:\FRST
2015-12-03 12:21 - 2015-12-06 11:35 - 00002826 _____ C:\Users\Tobias Breunig\Desktop\Ereignisse.txt
2015-12-03 12:14 - 2015-12-03 12:14 - 00039682 _____ C:\Users\Tobias Breunig\Desktop\Gmer.txt
2015-12-03 11:51 - 2015-12-03 11:51 - 00380416 _____ C:\Users\Tobias Breunig\Downloads\Gmer-19357.exe
2015-12-03 11:51 - 2015-12-03 11:51 - 00380416 _____ C:\Users\Tobias Breunig\Desktop\Gmer-19357.exe
2015-12-03 11:10 - 2015-12-03 11:10 - 00000202 _____ C:\Users\Tobias Breunig\defogger_reenable
2015-11-23 19:20 - 2015-11-23 19:20 - 10674517 _____ C:\Users\Tobias Breunig\Downloads\J1mB0_s_XVM_Config_v6.1.6.zip
2015-11-23 19:18 - 2015-11-23 19:19 - 01275187 _____ C:\Users\Tobias Breunig\Downloads\J1mB0_s_Crosshair_Mod_v1.53_-_Curse_Client.zip
2015-11-23 19:01 - 2015-11-23 19:02 - 11006768 _____ (XVM team ) C:\Users\Tobias Breunig\Downloads\xvm-6.1.6 (3).exe
2015-11-23 18:59 - 2015-11-23 19:00 - 10524242 _____ C:\Users\Tobias Breunig\Downloads\xvm-6.1.6 (1).zip
2015-11-23 18:53 - 2015-11-23 18:55 - 12692901 _____ C:\Users\Tobias Breunig\Downloads\Bones-XVM-Config-Wn8-912.zip
2015-11-23 18:42 - 2015-11-23 18:44 - 12693050 _____ C:\Users\Tobias Breunig\Downloads\Bones-XVM-Config-Wn8-HP-Panels-912 (1).zip
2015-11-23 18:42 - 2015-11-23 18:43 - 12693050 _____ C:\Users\Tobias Breunig\Downloads\Bones-XVM-Config-Wn8-HP-Panels-912.zip
2015-11-23 18:35 - 2015-11-23 18:35 - 00355062 _____ C:\Users\Tobias Breunig\Downloads\ZOOM-X30-snipe-mode.rar
2015-11-23 18:29 - 2015-11-23 19:21 - 543693983 _____ C:\Users\Tobias Breunig\Downloads\hitzones9.9.rar
2015-11-23 18:24 - 2015-11-23 18:24 - 00033917 _____ C:\Users\Tobias Breunig\Downloads\mod-cheat.rar
2015-11-23 17:34 - 2015-11-23 17:35 - 11006768 _____ (XVM team ) C:\Users\Tobias Breunig\Downloads\xvm-6.1.6 (2).exe
2015-11-23 17:33 - 2015-11-23 17:34 - 11006768 _____ (XVM team ) C:\Users\Tobias Breunig\Downloads\xvm-6.1.6 (1).exe
2015-11-23 17:02 - 2015-11-23 17:03 - 11519315 _____ C:\Users\Tobias Breunig\Downloads\Aslains_XVM_Mod_v.9.12.2.zip
2015-11-22 13:02 - 2015-11-22 13:03 - 03266034 _____ C:\Users\Tobias Breunig\Downloads\Meine ABs (3).zip
2015-11-22 12:20 - 2015-12-13 12:59 - 00000000 ____D C:\Users\Tobias Breunig\AppData\Local\WinZip
2015-11-22 12:15 - 2015-11-22 12:15 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-11-22 12:15 - 2015-11-22 12:15 - 00002195 _____ C:\Users\Public\Desktop\WinZip.lnk
2015-11-22 12:15 - 2015-11-22 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-11-22 12:15 - 2015-11-22 12:15 - 00000000 ____D C:\Program Files\WinZip
2015-11-22 11:59 - 2015-11-22 11:59 - 03266034 _____ C:\Users\Tobias Breunig\Downloads\Meine ABs (2).zip
2015-11-22 11:59 - 2015-11-22 11:59 - 03266034 _____ C:\Users\Tobias Breunig\Downloads\Meine ABs (1).zip
2015-11-22 11:12 - 2015-11-22 11:12 - 03266034 _____ C:\Users\Tobias Breunig\Downloads\Meine ABs.zip
2015-11-19 22:01 - 2015-11-19 22:01 - 00000000 ____D C:\ProgramData\BitDefender
2015-11-19 21:52 - 2015-11-19 21:52 - 00000000 ____D C:\Users\Tobias Breunig\AppData\Roaming\LavasoftStatistics
2015-11-19 21:52 - 2015-01-06 12:37 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2015-11-19 21:51 - 2015-11-19 21:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-11-19 21:51 - 2015-11-19 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-11-19 21:51 - 2015-01-06 12:47 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2015-11-19 21:51 - 2015-01-06 12:47 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2015-11-19 21:51 - 2015-01-06 12:47 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2015-11-19 21:51 - 2015-01-06 12:47 - 00156936 _____ C:\Windows\system32\bdfwcore.dll
2015-11-19 21:51 - 2015-01-06 12:47 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2015-11-19 21:51 - 2015-01-06 12:47 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2015-11-19 21:51 - 2015-01-06 12:47 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2015-11-19 21:45 - 2015-11-19 21:45 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-11-19 21:43 - 2015-11-19 21:43 - 02009904 _____ C:\Users\Tobias Breunig\Downloads\Adaware_Installer_11.8.exe
2015-11-19 13:42 - 2015-11-19 14:00 - 11006768 _____ (XVM team ) C:\Users\Tobias Breunig\Downloads\xvm-6.1.6.exe
2015-11-19 12:27 - 2015-11-19 12:42 - 10524242 _____ C:\Users\Tobias Breunig\Downloads\xvm-6.1.6.zip
2015-11-16 06:48 - 2015-11-16 07:46 - 00000000 ____D C:\Users\Tobias Breunig\AppData\Roaming\XSManager
2015-11-16 06:48 - 2015-11-16 06:47 - 00133120 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_netamd.sys
2015-11-16 06:48 - 2015-11-16 06:47 - 00118272 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_seramd.sys
2015-11-16 06:48 - 2015-11-16 06:47 - 00112640 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_net32.sys
2015-11-16 06:48 - 2015-11-16 06:47 - 00103680 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_ser32.sys
2015-11-16 06:48 - 2015-11-16 06:47 - 00101056 _____ C:\Windows\system32\Drivers\dvb_nova_12mhz_b0.inp
2015-11-16 06:48 - 2015-11-16 06:47 - 00092456 _____ C:\Windows\system32\Drivers\isdbt_nova_12mhz_b0.inp
2015-11-16 06:48 - 2015-11-16 06:47 - 00079036 _____ C:\Windows\system32\Drivers\tdmb_nova_12mhz_b0.inp
2015-11-16 06:48 - 2015-11-16 06:47 - 00063648 _____ (Siano) C:\Windows\system32\Drivers\smsbda.sys
2015-11-16 06:48 - 2015-11-16 06:47 - 00000040 _____ C:\Windows\system32\Drivers\smsbda.cfg
2015-11-16 06:48 - 2010-04-30 12:56 - 00312488 ____R (4G Systems GmbH & Co. KG) C:\Windows\updater4g.exe
2015-11-16 06:48 - 2010-04-30 12:56 - 00160424 ____R (4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
2015-11-16 06:47 - 2015-11-16 06:47 - 00117888 _____ (Mobile Connector) C:\Windows\system32\Drivers\cmnsusbser.sys
2015-11-16 06:47 - 2015-11-16 06:47 - 00001939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\XSManager.lnk
2015-11-16 06:47 - 2015-11-16 06:47 - 00001933 _____ C:\Users\Public\Desktop\XSManager.lnk
2015-11-16 06:47 - 2015-11-16 06:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSManager
2015-11-16 06:47 - 2015-11-16 06:47 - 00000000 ____D C:\Program Files (x86)\XSManager

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-15 19:35 - 2013-09-30 15:50 - 00000000 ____D C:\Users\Tobias Breunig\Documents\Youcam
2015-12-15 19:35 - 2012-09-19 17:03 - 00000000 ____D C:\Users\Tobias Breunig\AppData\Local\CrashDumps
2015-12-15 19:33 - 2013-08-12 09:20 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-15 19:33 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-15 19:26 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-15 19:26 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-15 19:21 - 2013-08-12 09:20 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-15 19:11 - 2015-08-16 20:47 - 00001260 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000UA.job
2015-12-15 19:11 - 2014-05-19 19:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-15 16:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-14 21:52 - 2015-08-16 20:47 - 00001208 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000Core.job
2015-12-14 16:02 - 2014-10-26 02:08 - 00000000 ____D C:\Windows\rescache
2015-12-14 14:39 - 2012-09-16 08:06 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000Core.job
2015-12-14 12:57 - 2012-01-06 18:54 - 00747004 _____ C:\Windows\system32\perfh007.dat
2015-12-14 12:57 - 2012-01-06 18:54 - 00168046 _____ C:\Windows\system32\perfc007.dat
2015-12-14 12:57 - 2009-07-14 06:13 - 01754558 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-14 12:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-14 12:52 - 2012-09-27 17:19 - 00000000 ____D C:\Users\Tobias Breunig\AppData\Roaming\Dropbox
2015-12-13 20:34 - 2014-04-04 10:18 - 00000000 ____D C:\Users\Tobias Breunig\AppData\LocalLow\Temp
2015-12-13 19:35 - 2012-09-13 11:21 - 00114736 _____ C:\Users\Tobias Breunig\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-13 19:34 - 2009-07-14 05:45 - 00442784 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-13 13:08 - 2012-11-09 10:44 - 00165376 _____ C:\Windows\SysWOW64\unrar.dll
2015-12-13 12:51 - 2014-08-26 16:45 - 00000000 ____D C:\Users\Tobias Breunig\Documents\Haushaltsbuch
2015-12-10 16:32 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-10 16:30 - 2013-03-13 15:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-10 16:30 - 2013-03-13 15:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-10 07:31 - 2013-03-13 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-10 07:30 - 2012-12-30 16:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-10 07:28 - 2013-07-20 08:59 - 00000000 ____D C:\Windows\system32\MRT
2015-12-10 07:18 - 2012-09-22 18:16 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-09 22:49 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2015-12-09 21:58 - 2012-09-19 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-12-09 21:58 - 2012-09-19 17:02 - 00000000 ____D C:\Program Files (x86)\Epson Software
2015-12-09 16:25 - 2014-05-19 19:17 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-09 16:25 - 2012-09-23 08:20 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 16:25 - 2012-09-23 08:20 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-06 10:16 - 2013-08-12 09:20 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-06 10:16 - 2013-08-12 09:20 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-06 10:16 - 2012-09-16 08:06 - 00004144 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000UA
2015-12-06 10:16 - 2012-09-16 08:06 - 00003748 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000Core
2015-12-06 10:16 - 2012-09-16 08:06 - 00001156 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000UA.job
2015-12-03 11:10 - 2012-09-13 11:21 - 00000000 ____D C:\Users\Tobias Breunig
2015-12-03 10:46 - 2013-08-12 09:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-12-02 17:17 - 2014-11-14 21:15 - 00000000 __SHD C:\Users\Tobias Breunig\AppData\Local\EmieBrowserModeList
2015-12-02 17:17 - 2014-09-03 10:31 - 00000000 __SHD C:\Users\Tobias Breunig\AppData\Local\EmieUserList
2015-12-02 17:17 - 2014-09-03 10:31 - 00000000 __SHD C:\Users\Tobias Breunig\AppData\Local\EmieSiteList
2015-12-01 19:04 - 2013-05-19 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-01 19:02 - 2013-05-19 13:32 - 00162072 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-12-01 19:02 - 2013-05-19 13:32 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-12-01 19:02 - 2013-05-19 13:32 - 00075472 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-11-22 12:20 - 2014-11-25 17:24 - 00000000 ____D C:\ProgramData\WinZip
2015-11-16 06:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\ModemLogs
2015-11-15 21:16 - 2012-09-13 11:27 - 00000000 ____D C:\Windows\System32\Tasks\Fujitsu
2015-11-15 20:57 - 2012-12-01 09:17 - 00000000 ____D C:\Users\Tobias Breunig\Documents\Meine empfangenen Dateien

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-03-29 12:04 - 2014-03-29 12:04 - 0000045 _____ () C:\Users\Tobias Breunig\AppData\Roaming\WB.CFG
2013-09-05 11:29 - 2013-11-20 12:38 - 0003584 _____ () C:\Users\Tobias Breunig\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-31 12:11 - 2014-12-07 17:11 - 0388096 _____ () C:\Users\Tobias Breunig\AppData\Local\fcumdetl.gdb
2014-10-31 12:11 - 2015-09-17 12:50 - 0002954 _____ () C:\Users\Tobias Breunig\AppData\Local\fcumdetl.gss
2013-02-15 09:14 - 2013-02-15 09:14 - 0017408 _____ () C:\Users\Tobias Breunig\AppData\Local\WebpageIcons.db

Einige Dateien in TEMP:
====================
C:\Users\Tobias Breunig\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-12-11 14:33

==================== Ende von FRST.txt ============================

Tobi_tobi200 · 15.12.2015, 19:49

und die Addition:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
durchgeführt von Tobias Breunig (2015-12-15 19:42:39)
Gestartet von C:\Users\Tobias Breunig\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-09-13 10:21:34)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1993335669-2350816491-440414337-500 - Administrator - Disabled)
Gast (S-1-5-21-1993335669-2350816491-440414337-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1993335669-2350816491-440414337-1007 - Limited - Enabled)
Tobias Breunig (S-1-5-21-1993335669-2350816491-440414337-1000 - Administrator - Enabled) => C:\Users\Tobias Breunig

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Ad-Aware Antivirus (HKLM\...\{30B9595A-D4B5-4198-8F3C-2219C78590C9}_AdAwareUpdater) (Version: 11.9.662.8718 - Lavasoft)
AdAwareInstaller (Version: 11.9.662.8718 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.9.662.8718 - Lavasoft) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{4CFE23CC-779D-4572-A76F-AB60A958BC79}) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Anleitung für Epson Connect (HKLM-x32\...\Epson Connect Guide) (Version:  - )
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.4205.0 - Lavasoft) Hidden
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AvcEngine (Version: 3.11.11387.0 - Lavasoft) Hidden
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
Benutzerhandbuch EPSON SX235 Series (HKLM-x32\...\EPSON SX235 Series Useg) (Version:  - )
Buchungssatzpauker-B IKR 2.70 (Shareware) (HKLM-x32\...\{0836774E-40D3-4942-9DD1-65757756E1B3}) (Version: 2.70 - Dumproff Adolf)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
CrissCross 8.40 (HKLM-x32\...\{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}) (Version: 8.4.0.0 - )
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1521 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.14.0118 - Fujitsu Technology Solutions)
Dropbox (HKU\S-1-5-21-1993335669-2350816491-440414337-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1993335669-2350816491-440414337-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Druckerdeinstallation für EPSON WF-3520 Series (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
Druckerdeinstallation für EPSON XP-422 423 425 Series (HKLM\...\EPSON XP-422 423 425 Series) (Version:  - SEIKO EPSON Corporation)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.16483 - Landesfinanzdirektion Thüringen)
Epson Benutzerhandbuch WF-3520 Series (HKLM-x32\...\WF-3520 Series Useg) (Version:  - )
Epson Easy Photo Print 2 (HKLM-x32\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-3520 Series (HKLM-x32\...\WF-3520 Series Netg) (Version:  - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX235 Series Printer Uninstall (HKLM\...\EPSON SX235 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
FJ Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.137 - Realtek Semiconductor Corp.)
Free DVD Video Burner version 3.2.14.415 (HKLM-x32\...\Free DVD Video Burner_is1) (Version: 3.2.14.415 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.0.128 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.0.128 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.0.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.0.128 - DVDVideoSoft Ltd.)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.70.0.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 3.01.00.002 - FUJITSU LIMITED)
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.002 - FUJITSU LIMITED) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.4.5.0 - FUJITSU LIMITED)
Fujitsu System Extension Utility (Version: 3.4.5.0 - FUJITSU LIMITED) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gameforge Live 1.10.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.10.0 - Gameforge)
Google Chrome (HKU\S-1-5-21-1993335669-2350816491-440414337-1000\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Chrome (HKU\S-1-5-21-1993335669-2350816491-440414337-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
GrampsAIO64 (HKLM-x32\...\GrampsAIO64) (Version: 4.0.2 - The GRAMPS project)
Install Merge Module for Board (x32 Version: 1.00.0000 - Your Company Name) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{E97F409F-9E1C-42A0-B72D-765A78DF3696}) (Version: 15.01.0000.0830 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 2 Runtime Environment, SE v1.4.2_10 (HKLM-x32\...\{7148F0A8-6813-11D6-A77B-00B0D0142100}) (Version: 1.4.2_10 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 6.4.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.4.0 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LIFEBOOK Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.3.2.0 - FUJITSU LIMITED)
LIFEBOOK Application Panel (Version: 8.3.2.0 - FUJITSU LIMITED) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.25.00.03 - Huawei Technologies Co.,Ltd)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.659 - Electronic Arts)
Netzwerkhandbuch EPSON SX235 Series (HKLM-x32\...\EPSON SX235 Series Netg) (Version:  - )
Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version:  - )
OMC ModPack Client Version 1.4.1.0 (HKLM-x32\...\{E2F3187C-2B94-486F-8914-E69211487FB6}_is1) (Version: 1.4.1.0 - Odem Mortis)
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.51.17865 - pdfforge GmbH)
PDF Architect 2 Create Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 Edit Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 View Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.2 - pdfforge)
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 6.2.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 6.2.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\{49A588CF-5FD4-4774-BFBF-0764287DE82B}) (Version: 32.01.10.038 - FUJITSU LIMITED)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30129 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-1993335669-2350816491-440414337-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1993335669-2350816491-440414337-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )
WIR 9 - Just Click (HKLM-x32\...\InstallShield_{5C93E423-BCC8-44FB-8A1B-40EB1EC1EAD5}) (Version: 1.00.0000 - Bildungsverlag EINS)
WIR 9 - Just Click (x32 Version: 1.00.0000 - Bildungsverlag EINS) Hidden
World of Warships (HKU\S-1-5-21-1993335669-2350816491-440414337-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version:  - Wargaming.net)
World of Warships (HKU\S-1-5-21-1993335669-2350816491-440414337-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version:  - Wargaming.net)
XSManager (HKLM-x32\...\XSManager) (Version: 3.0 - XSManager)
XVM Version 6.1.6.1 (HKLM-x32\...\{2865cd27-6b8b-4413-8272-cd968f316050}_is1) (Version: 6.1.6.1 - XVM team)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1993335669-2350816491-440414337-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tobias Breunig\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei

==================== Wiederherstellungspunkte =========================

13-12-2015 11:26:18 JRT Pre-Junkware Removal
13-12-2015 12:46:51 Haushaltsbuch 8.9 DEMO wird entfernt
13-12-2015 12:50:57 Haushaltsbuch 6.0 wird entfernt

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2015-12-09 22:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {32189D21-C916-43FC-BC23-0C466F4E989C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {5F694E27-9676-4F5B-8035-B4347DF33157} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000Core => C:\Users\Tobias Breunig\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6719A31D-0B80-42D5-8DB0-4F98E927D308} - System32\Tasks\Fujitsu\DeskUpdate => c:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2013-02-26] (Fujitsu Technology Solutions)
Task: {7AA70C5E-C00E-435C-BDE9-C24B2435B200} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000UA => C:\Users\Tobias Breunig\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8DE7E0C0-03D5-41B3-B2BD-69E5AD266CB9} - System32\Tasks\Google Updater and Installer => C:\Users\Tobias Breunig\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B80D1AEA-0F6A-49C8-8184-1DBA42418441} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C6A8A8D7-8CE0-4615-A54B-008019989C90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)
Task: {C86DC428-E561-4926-8AE7-527758FD30D9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000Core => C:\Users\Tobias Breunig\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-16] (Dropbox, Inc.)
Task: {CB00BF31-F8A4-41DA-8B45-B79EFC43E654} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000UA => C:\Users\Tobias Breunig\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-16] (Dropbox, Inc.)
Task: {D4F7466F-F060-4F50-9553-6F67B2FAE394} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D566011E-D14A-49F4-AFF8-CCA91DE4845D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000Core.job => C:\Users\Tobias Breunig\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000UA.job => C:\Users\Tobias Breunig\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000Core.job => C:\Users\Tobias Breunig\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993335669-2350816491-440414337-1000UA.job => C:\Users\Tobias Breunig\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2012-11-17 18:56 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-11-19 11:55 - 2015-11-19 11:55 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareService.exe
2015-11-19 11:59 - 2015-11-19 11:59 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_system-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_date_time-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_filesystem-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 11670776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareServiceKernel.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\RCF.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_regex-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_thread-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_chrono-vc120-mt-1_57.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 00709360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareActivation.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 00474368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareApplicationUpdater.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareGamingMode.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareReset.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareTime.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 01011968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareDefinitionsUpdater.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareDefinitionsUpdaterScheduler.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareIgnoreList.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareQuarantine.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 01570048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareAntiMalwareEngine.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareAntiRootkitEngine.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareScannerHistory.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01373416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareScanner.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_timer-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01019128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareScannerScheduler.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareRealTimeProtection.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 02489592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareIncompatibles.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 01466600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareAntiSpam.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 01415408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareAntiPhishing.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareParentalControl.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 02995960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareWebProtection.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 01325816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareEmailProtection.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_iostreams-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01856768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareNetworkProtection.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01013992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwarePromo.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 00365288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareFeedback.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareThreatWorkAlliance.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01261800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwarePinCode.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01014504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareNotice.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 01541360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareAvcEngine.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareRealTimeProtectionHistory.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00469744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareStatistics.dll
2015-11-19 21:51 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2014-09-27 17:47 - 2014-02-15 07:59 - 00239184 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2014-02-08 11:23 - 2014-02-08 11:23 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-08 11:23 - 2014-02-08 11:23 - 00107832 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-11-19 11:59 - 2015-11-19 11:59 - 09574112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareTray.exe
2015-11-19 11:59 - 2015-11-19 11:59 - 00492288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_locale-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 02266344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\HtmlFramework.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00868600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareTrayDefaultSkin.dll
2015-11-16 06:47 - 2010-04-12 18:03 - 00329168 ____N () C:\Program Files (x86)\XSManager\WTGService.exe
2012-02-08 01:59 - 2012-01-18 07:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-04-02 22:37 - 2011-12-16 02:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1993335669-2350816491-440414337-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tobias Breunig\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1993335669-2350816491-440414337-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Tobias Breunig\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{61384600-B34A-446E-8316-542112284AD6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{7D1C3E65-686F-4DC6-AA09-4F23ECE8C825}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ADB3AB5A-1CC5-4AE2-B4F3-BB1DE798B7E2}] => (Allow) LPort=2869
FirewallRules: [{33C7AD30-B7DF-41BA-BB3C-D38605DF7E88}] => (Allow) LPort=1900
FirewallRules: [{FB6BA4A1-0E24-4BA3-A9AA-AD6A64A8DB2B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2F109FA5-2E95-4048-8A57-422592B25B8E}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{9C962322-5E1E-475C-964B-B7DA157143AC}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{5F83FD77-FC63-4A6E-97F8-6457589999E2}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [TCP Query User{222729A3-B21E-4423-92CE-6935BAC06BD1}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{6C6DDFCB-0B19-4B64-911F-EC63B1743EBA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{606CCE17-332F-46A1-854B-2E64AD705C65}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C50FF58B-7872-4103-AB87-861A6D5A490B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{4732A370-892B-4875-AEEA-6D308CA8864C}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{CAD49EA6-59CC-42DF-9C4A-BF1D32C61D48}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{DF0D0C14-9BA0-4434-A598-5257368A8FCA}] => (Allow) C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9CA877D7-7D19-438D-A1E8-B38EC3605194}] => (Allow) C:\Users\Tobias Breunig\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{826B2D26-517A-4EC9-976C-724E6BB909C2}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{6D52D33F-9468-4EB0-A2B3-302FDAC64801}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{94835CA8-C09A-42BE-8AF9-29C84EC05A1F}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{BBA895B9-84BC-4E9B-8EA6-A31D0D84F47D}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{DFF96446-EAC4-46D1-AD52-EC55486D5942}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{7360CDD8-5387-41E0-98E6-962A0E4BBE7B}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{F260B54A-D72D-471F-B341-03072FD96159}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{5009C336-29E8-4277-B26C-F9D594C84FF0}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [TCP Query User{39CD046A-FCFA-4D92-996E-659A1E11AD6A}C:\users\tobias breunig\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tobias breunig\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{F414D0E0-4B17-421F-9D7C-AFDF262885D2}C:\users\tobias breunig\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tobias breunig\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{4F967252-3532-4EA7-93AA-AA5E5680D715}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{D1129C4F-8767-4664-BD59-DEEFAD561077}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{96B43984-0940-4F3E-8586-144F59F7AE2B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{F2CF83B9-0E80-4DE0-9CF4-3616526DF1F4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{89F60732-A22D-48C9-81DA-5FDF5CF7BDAA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{49F0DE7F-7775-4765-8C0E-7875823E09A3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{D7FCB5B1-D7DD-40E6-A3A0-BD18C62D8AAA}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCGui.exe
FirewallRules: [{A34D7983-FCAC-42DC-8824-CBBCC57EB8D1}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCGui.exe
FirewallRules: [{3D522C6D-E19B-4D7B-8C6B-D7052C7D8BA4}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCService.exe
FirewallRules: [{4C4EB6C7-6476-47FD-A85E-1F88A20E7272}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCService.exe
FirewallRules: [{862AA2C1-B528-459D-AB2B-19D173532297}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9EAFCE25-4E80-465D-8574-3CDEA12CAF42}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CFB3376F-4985-44C2-AF4C-38C369BF3B34}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{481AAFB9-519B-4A2C-80E8-DB7E5E7C20B8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{21520D91-2FE9-4861-BC30-A16535B807E0}D:\game\wolfenstein - enemy territory\etded.exe] => (Block) D:\game\wolfenstein - enemy territory\etded.exe
FirewallRules: [UDP Query User{E42DD1DA-E05B-442C-AA45-A7B33B1716FE}D:\game\wolfenstein - enemy territory\etded.exe] => (Block) D:\game\wolfenstein - enemy territory\etded.exe
FirewallRules: [TCP Query User{AA4CDA8F-A84F-46BA-992E-9010EFAE3822}D:\game\wolfenstein - enemy territory\et.exe] => (Block) D:\game\wolfenstein - enemy territory\et.exe
FirewallRules: [UDP Query User{FD3818D7-8F56-4B35-8640-09A9FAF57FBC}D:\game\wolfenstein - enemy territory\et.exe] => (Block) D:\game\wolfenstein - enemy territory\et.exe
FirewallRules: [{6ED0C488-23A3-4C4E-A333-2D0809733456}] => (Allow) D:\Game\GameforgeLive\gfl_client.exe
FirewallRules: [TCP Query User{A2E5707B-F5FD-492B-B2AE-55C712C44C1E}D:\game\data\nfsw.exe] => (Block) D:\game\data\nfsw.exe
FirewallRules: [UDP Query User{EC4538BD-76E6-4121-9AE8-BC30453B0575}D:\game\data\nfsw.exe] => (Block) D:\game\data\nfsw.exe
FirewallRules: [TCP Query User{B186B93A-1CAC-4683-9BFA-7C3AF21EFAC7}D:\game\data\nfsw.exe] => (Block) D:\game\data\nfsw.exe
FirewallRules: [UDP Query User{7C444AF2-78D0-423A-995E-43DC86A023DB}D:\game\data\nfsw.exe] => (Block) D:\game\data\nfsw.exe
FirewallRules: [TCP Query User{4974203A-9D31-4A51-9581-7825BE7DD279}C:\games\world_of_tanks\wotlauncher.exe] => (Block) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{1333BD55-9212-448C-BED4-3DEA215FD48E}C:\games\world_of_tanks\wotlauncher.exe] => (Block) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{6151DC30-E7C1-42DC-AC02-B86DE2993DD0}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{CE058120-17B4-47F6-9173-0D04EDFCA513}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{8A5E68FC-F6F2-4EE3-9442-32ED25CEE4D9}C:\games\world_of_tanks\worldoftanks.exe] => (Block) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{34E26BE0-830A-415B-BE8D-AB92F66AE2D0}C:\games\world_of_tanks\worldoftanks.exe] => (Block) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{EA187B5E-23E5-4B75-85C9-73AFB4323884}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{74BD20B7-9A13-4828-AE8D-8D1EA47DEF0E}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{2BA0FA87-C4B8-4790-8075-2B8620AE753C}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [UDP Query User{1FAD72A5-937B-4D9A-91B9-7DC1BE7933AB}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [TCP Query User{55569463-E1E2-4781-AE6C-509630EBB229}D:\games\world_of_tanks\worldoftanks.exe] => (Block) D:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{4B5E9810-4C42-46D2-891A-8442E3384D76}D:\games\world_of_tanks\worldoftanks.exe] => (Block) D:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{32123295-9A32-44E5-8D8E-766F6A424726}D:\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{622B7582-6D3A-464D-B6E9-DBC751F26B9E}D:\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{231A6322-009D-4103-A186-90039C77FFB6}D:\games\world_of_tanks\wotlauncher.exe] => (Block) D:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{FAFF3DDA-D0CE-4BA2-8D78-54595E979DB7}D:\games\world_of_tanks\wotlauncher.exe] => (Block) D:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{0D3788FC-D52F-467C-B633-465991575ACA}D:\games\world_of_tanks\worldoftanks.exe] => (Block) D:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{3C85DD76-7551-4048-ACE9-93DC69294A70}D:\games\world_of_tanks\worldoftanks.exe] => (Block) D:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{D69B6994-00CA-4B8B-B320-FEAB6ACEDFFF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{605AFD90-D7B9-42AC-BB81-1518073F83D7}D:\games\world_of_warplanes\wowplauncher.exe] => (Allow) D:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [UDP Query User{0E69C3CE-DDAD-4A53-9797-3403AB9534EB}D:\games\world_of_warplanes\wowplauncher.exe] => (Allow) D:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [TCP Query User{8A6E8F05-5F44-4832-A457-926199337BCE}D:\games\wotlauncher.exe] => (Allow) D:\games\wotlauncher.exe
FirewallRules: [UDP Query User{EEA8DBF8-E516-427B-95F3-755A31CF8C25}D:\games\wotlauncher.exe] => (Allow) D:\games\wotlauncher.exe
FirewallRules: [TCP Query User{5CAE98EC-8FAD-4A68-9DF4-AC5D990931CB}D:\games\worldoftanks.exe] => (Block) D:\games\worldoftanks.exe
FirewallRules: [UDP Query User{DBFBBD8B-6F4E-4B00-9EF9-AA0506595F88}D:\games\worldoftanks.exe] => (Block) D:\games\worldoftanks.exe
FirewallRules: [TCP Query User{D5E41CC8-4786-4FF0-9133-1938B98F3F1F}D:\games\worldoftanks.exe] => (Allow) D:\games\worldoftanks.exe
FirewallRules: [UDP Query User{0ECD84D3-E691-42FF-B5BA-ED2AFE05DC4D}D:\games\worldoftanks.exe] => (Allow) D:\games\worldoftanks.exe
FirewallRules: [TCP Query User{48442FB7-DC2B-41E3-8135-BB7AB2F3D67C}D:\games\wotlauncher.exe] => (Allow) D:\games\wotlauncher.exe
FirewallRules: [UDP Query User{43DF7B6F-F46E-48EA-91A7-E678E9D76538}D:\games\wotlauncher.exe] => (Allow) D:\games\wotlauncher.exe
FirewallRules: [TCP Query User{1D6339B8-EBA6-403C-B3C3-ADF56F970C3D}D:\wow\wowslauncher.exe] => (Allow) D:\wow\wowslauncher.exe
FirewallRules: [UDP Query User{60E9BE1F-980E-46EE-8636-A8AA47E788DA}D:\wow\wowslauncher.exe] => (Allow) D:\wow\wowslauncher.exe
FirewallRules: [TCP Query User{7E0F0033-0456-4DF8-8A35-0BAC6DC2C870}D:\wot\worldoftanks.exe] => (Block) D:\wot\worldoftanks.exe
FirewallRules: [UDP Query User{4E14A424-8EDD-453B-8A0E-86D169529B0B}D:\wot\worldoftanks.exe] => (Block) D:\wot\worldoftanks.exe
FirewallRules: [TCP Query User{CD2FA1B2-8857-463C-9990-5DEB59C3D927}D:\wot\worldoftanks.exe] => (Block) D:\wot\worldoftanks.exe
FirewallRules: [UDP Query User{1AA26380-6A8B-47B3-9699-048AFEBA2CF0}D:\wot\worldoftanks.exe] => (Block) D:\wot\worldoftanks.exe
FirewallRules: [TCP Query User{81DEE438-144F-45AC-A5C9-FCD6956672C5}D:\wot\wotlauncher.exe] => (Allow) D:\wot\wotlauncher.exe
FirewallRules: [UDP Query User{DCE72118-085B-4E40-B085-87807DCB6341}D:\wot\wotlauncher.exe] => (Allow) D:\wot\wotlauncher.exe
FirewallRules: [TCP Query User{621DA99E-F68C-4A68-A2B7-8CAE8925D311}D:\wot\wotlauncher.exe] => (Allow) D:\wot\wotlauncher.exe
FirewallRules: [UDP Query User{00CD26F1-929C-4DFF-86F4-F3390EDC6CDD}D:\wot\wotlauncher.exe] => (Allow) D:\wot\wotlauncher.exe
FirewallRules: [{0CEFB31C-6F3A-495A-AD8C-C7FD69A13FA0}] => (Allow) C:\Program Files (x86)\OMC ModPack Client\OMC ModPack Client.exe

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: BitDefender Firewall NDIS 6 Filter Driver
Description: BitDefender Firewall NDIS 6 Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BdfNdisf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: bdfwfpf
Description: bdfwfpf
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: bdfwfpf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/15/2015 07:34:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
   at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/15/2015 07:34:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Systray.exe, Version: 1.1.25.25617, Zeitstempel: 0x5447ad92
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.19045, Zeitstempel: 0x56258f05
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1a2c
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Systray.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Systray.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Systray.exe2
Berichtskennung: Avira.OE.Systray.exe3

Error: (12/15/2015 07:34:32 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.Systray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Configuration.ConfigurationErrorsException
Stack:
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
   at System.Configuration.BaseConfigurationRecord.GetSection(System.String)
   at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
   at System.Configuration.ConfigurationManager.get_AppSettings()
   at Avira.OE.WinCore.OeProductInfo.get_Culture()
   at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
   at Avira.OE.Systray.Program.Main(System.String[])

Error: (12/15/2015 07:34:21 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
   at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/15/2015 07:34:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
   at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/15/2015 07:33:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/15/2015 03:40:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
   at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/15/2015 03:39:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
   at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/15/2015 03:38:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/15/2015 03:38:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
   at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   at NLog.LogFactory.get_Configuration()
   at NLog.LogFactory.GetLogger(LoggerCacheKey)
   at NLog.LogFactory.GetLogger(System.String)
   at NLog.LogManager.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


Systemfehler:
=============
Error: (12/15/2015 07:36:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel® Centrino® Wireless Bluetooth® + High Speed Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/15/2015 07:36:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel® Centrino® Wireless Bluetooth® + High Speed Service erreicht.

Error: (12/15/2015 07:34:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (12/15/2015 07:34:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/15/2015 07:34:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/15/2015 07:34:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
BdfNdisf
bdfwfpf

Error: (12/15/2015 07:32:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (12/15/2015 07:32:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (12/15/2015 07:32:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (12/15/2015 07:32:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll


CodeIntegrity:
===================================
  Date: 2015-12-15 19:38:29.347
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-12-15 19:30:57.966
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-12-15 19:13:32.221
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-12-15 15:55:45.070
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-12-15 15:39:33.250
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-12-15 00:30:46.723
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-12-14 23:03:01.552
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-12-14 21:15:33.395
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-12-14 16:58:33.654
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-12-14 16:45:41.083
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 69%
Installierter physikalischer RAM: 3956.3 MB
Verfügbarer physikalischer RAM: 1199.95 MB
Summe virtueller Speicher: 7910.81 MB
Verfügbarer virtueller Speicher: 5085.9 MB

==================== Laufwerke ================================

Drive c: (System) (Fixed) (Total:148 GB) (Free:58.08 GB) NTFS
Drive d: (Data) (Fixed) (Total:300.75 GB) (Free:252.75 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C48EFFB2)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=463.8 GB) - (Type=OF Extended)

==================== Ende von Addition.txt ============================

M-K-D-B · 15.12.2015, 20:59

Servus,

Schritt 1

Deaktiviere dein Anti-Viren-Programm.
Gehe zum Ordner C:\FRST\Quarantine.
Rechtsklicke auf den Ordner Quarantine und wähle > Senden an > Zip-komprimierter Ordner.
Es wird eine zip-Datei mit dem Namen Quarantine.zip im Ordner FRST erstellt.
Lade die Quarantine.zip im Upload-Channel hoch.
Klicke dazu auf Durchsuchen, navigiere zu der zip-Datei ( C:\FRST\Quarantine.zip ) und klicke auf Öffnen.
Klicke abschließend auf Hochladen.
Vielen Dank für deine Hilfe.
Aktiviere dein Anti-Viren-Programm wieder.

Schritt 2
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Schritt 3
Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Wie läuft dein Rechner aktuell? Gibt es noch Probleme? Wenn ja, welche?

Bitte poste mit deiner nächsten Antwort

eine Rückmeldung bezüglich des Uploads,
die Logdatei desSecurityCheck,
die Logdatei von FSS,
die Beantwortung der gestellten Fragen.

Tobi_tobi200 · 17.12.2015, 16:32

Hi,

also das Upload hab ich wie sonst auch gemacht, aber das scheint immer noch zu laden ?!
ansonsten hat alles geklappt:

Code:

ATTFilter

 Results of screen317's Security Check version 1.009  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 2 Runtime Environment, SE v1.4.2_10 
 Java version 32-bit out of Date! 
 Adobe Flash Player 20.0.0.235  
 Adobe Reader 10.1.16 Adobe Reader out of Date!  
 Google Chrome (46.0.2490.86) 
 Google Chrome (47.0.2526.80) 
 Google Chrome (wtsapi32.dll..) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.9.662.8718\AdAwareService.exe 
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.9.662.8718\AdAwareTray.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Code:

ATTFilter

Farbar Service Scanner Version: 10-06-2014
Ran by Tobias Breunig (administrator) on 17-12-2015 at 16:19:59
Running from "C:\Users\Tobias Breunig\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Chrome funktioniert wieder. Ich habe beim Surfen nichts auffälliges entdeckt.

Ich habe jetzt Avira Antivir und AdAware auf dem Rechner. Sollte ich beides zeitgleich laufen lassen ?

M-K-D-B · 18.12.2015, 16:48

Zitat:

Zitat von Tobi_tobi200

Ich habe jetzt Avira Antivir und AdAware auf dem Rechner. Sollte ich beides zeitgleich laufen lassen ?

Wenn du mit "AdAware" Ad-Aware Anti-Virus meinst, dann ist meine Antwort nein.

Ein AV-Programm reicht.

Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

	Emsisoft	MSE

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.

NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:

Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

M-K-D-B · 21.12.2015, 14:43

Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Tobi_tobi200 · 21.12.2015, 17:36

Hallo MKDB,

war am Wochenende nicht am Rechner.

Den defogger habe ich nicht mehr gefunden, aber Combofix deinstalliert und mit Delfix alles erledigt.

Code:

ATTFilter

# DelFix v1.011 - Datei am 21/12/2015 um 17:17:13 erstellt
# Aktualisiert am 18/08/2015 von Xplode
# Benutzer : Tobias Breunig - TOBIASBREUNIG
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\Users\Tobias Breunig\Desktop\FRST-OlderVersion
Gelöscht : C:\ComboFix.txt
Gelöscht : C:\Users\Tobias Breunig\Desktop\AdwCleaner[C1].txt
Gelöscht : C:\Users\Tobias Breunig\Desktop\AdwCleaner_5.024.exe
Gelöscht : C:\Users\Tobias Breunig\Desktop\Combofix.txt
Gelöscht : C:\Users\Tobias Breunig\Desktop\defogger_disable.log
Gelöscht : C:\Users\Tobias Breunig\Desktop\esetsmartinstaller_deu.exe
Gelöscht : C:\Users\Tobias Breunig\Desktop\FRST64.exe
Gelöscht : C:\Users\Tobias Breunig\Desktop\FSS.exe
Gelöscht : C:\Users\Tobias Breunig\Desktop\JRT.exe
Gelöscht : C:\Users\Tobias Breunig\Desktop\JRT.txt
Gelöscht : C:\Users\Tobias Breunig\Desktop\MiniToolBox.exe
Gelöscht : C:\Users\Tobias Breunig\Desktop\SecurityCheck.exe
Gelöscht : C:\Users\Tobias Breunig\Desktop\SystemLook_x64.exe
Gelöscht : HKLM\SOFTWARE\AdwCleaner
Gelöscht : HKLM\SOFTWARE\Swearware

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #395 [ComboFix created restore point | 12/21/2015 16:14:16]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########

Somit müsste wieder alles funktionieren.
Ganz herzlichen Dank für alles und noch eine frohe Weihnachtszeit 2015

Gruß Tobi

14.12.2015, 21:02	#16
M-K-D-B /// TB-Ausbilder	WIN 7, Werbung (neue Tabs und Banner) im Chrome Servus, vor ESET noch das ausführen: Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool Setze einen Haken bei folgenden Einträgen Flush DNS Reset IE Proxy Settings Reset FF Proxy Settings Klicke Go und poste den Inhalt der Result.txt.

WIN 7, Werbung (neue Tabs und Banner) im Chrome

Log-Analyse und Auswertung: WIN 7, Werbung (neue Tabs und Banner) im Chrome