Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Webseiten werden geöffnet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.12.2015, 20:39   #1
blubbblabb
 
Webseiten werden geöffnet - Standard

Webseiten werden geöffnet



Hallo zusammen,

seit einiger Zeit habe ich folgendes Phänomen:
Wenn ich meinen Laptop im Leerlauf lasse, öffnet sich nach einer Zeit mein Browser und startet 3 Webseiten. Diese sind aber zufällig bzw. ändern sich häufig.
Häufig dabei ist wheather1st und repadnet.
Interessant ist auch, dass wenn ich weitere Reiter öffne, die Veränderung der Webseiten wirklich nur bei den 3 Reitern passiert.

Da das Ganze also nur im Leerlauf ist, passiert nix, wenn ich dauernd am Rechner arbeite.

Ich habe schon versucht, den Plagegeist zu finden, aber bisher hat nichts gefruchtet.

Mein Scan mit OTL ergibt folgendes:
Code:
ATTFilter
OTL Extras logfile created on: 13.12.2015 20:14:52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MaG\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18125)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 3,07 Gb Available Physical Memory | 38,89% Memory free
9,13 Gb Paging File | 4,28 Gb Available in Paging File | 46,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 681,75 Gb Total Space | 521,91 Gb Free Space | 76,55% Space Free | Partition Type: NTFS
Drive Z: | 681,75 Gb Total Space | 521,91 Gb Free Space | 76,55% Space Free | Partition Type: FAT32
 
Computer Name: KANOCKELHOPPEL | User Name: MaG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{95CE8116-8D99-4FCA-93D2-F8B7A526F678}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{E08E12CF-131E-4137-84AD-8AA4F82BDCE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ED42765D-0E9B-4792-9BAB-5DA5FE42DA4D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{FB5FA686-D142-4829-8030-7725CE87BF65}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008E93F9-FC69-4EBB-883F-66E68296FE9F}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20947_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{030066CC-AAD3-4867-BB12-D708ADF84DFA}" = dir=out | name=f5 vpn | 
"{0439C5C4-6C55-46D7-BD51-DE35DA1B1F72}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe | 
"{0538CDE4-F10A-431A-85FA-5BB50CAC5BD5}" = dir=out | name=@{microsoft.zunemusic_1.4.18.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{05F4F32E-7913-4C5E-8CF1-680512F4C1B4}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20947_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{060B68A2-0E87-49F3-9125-FCE78C64E83F}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{08B3BB07-C598-45AC-8F67-D52CD9608849}" = dir=out | name=sonicwall mobile connect | 
"{12C44774-64DF-4B86-ADE9-0D0B8E628997}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{14CC88BF-97AB-4BB8-A3B6-2671EF8053D1}" = dir=out | name=@{microsoft.bingsports_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{1714CB00-E0EC-4C0E-A5B2-A4CC580349B8}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{1BDD9F30-9B12-4D95-8DB6-86EA6B618AD6}" = dir=in | name=zinio | 
"{2103EFFD-E5FF-4539-A376-6530F74C82FD}" = dir=in | name=f5 vpn | 
"{256D89D0-97A9-49F7-97EE-457436FF9349}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{2964E4A7-4C21-460F-A479-08042CA954F5}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{2A911024-CAB5-4966-A72E-6545C2C0362F}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{2F44D823-B906-4CAC-BA0D-B205B9DE298F}" = dir=out | name=@{microsoft.bingtravel_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | 
"{33DEAE49-2FE2-4963-81FD-84201208848C}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{34AAFA3E-58E4-4CBA-BE68-9DCC62703344}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{34B635D0-D5D4-420F-A7CE-DA223C7A43FD}" = dir=in | name=sonicwall mobile connect | 
"{3AD01CD3-ADDD-4A42-8934-3646F1D93173}" = dir=out | name=check point vpn | 
"{3DDBC3D8-35F4-44F8-82F8-28DC5E291AE6}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{406AEF3F-13CA-48A2-A2EB-3D5A0AF58576}" = dir=in | name=juniper networks junos pulse | 
"{407EB8EA-8ACC-471D-9572-D4DB5537D539}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\sdd.exe | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{433B6A74-6EB5-435D-90F4-04D81FB54E8C}" = dir=out | name=windows_ie_ac_001 | 
"{43C7692C-66F3-4517-9321-44688429C520}" = dir=out | name=@{microsoft.bingfinance_2.0.0.300_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{52D8B427-DBDC-4CB9-82B9-46D29E9DEDD7}" = dir=out | name=cut the rope | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{561B2837-F244-4873-B07F-BE235E69CE59}" = dir=in | name=skype | 
"{56C08B18-57FA-4A5E-9765-B489999BA5B8}" = dir=out | name=@{microsoft.bingnews_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{57C684D4-69AD-4B4B-A0D1-F29AF0D78A16}" = dir=in | name=check point vpn | 
"{59E21C6C-E358-4462-8F28-AE5AD57FFAFC}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{5E1B99A0-5382-42F8-8967-1410F2F1622A}" = dir=out | name=zinio | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{600FDE3D-EBFE-4B39-BBFA-CD59A85FFE5F}" = dir=out | name=juniper networks junos pulse | 
"{61C9E022-FA77-46A3-8F9C-D8618C5BC2E2}" = dir=in | name=acer explorer | 
"{63865281-D5F5-4D38-8362-F138AC278D23}" = dir=out | name=tunein radio | 
"{640EDFA4-EF12-403C-828E-B14A6C01E212}" = dir=out | name=txtr ebooks | 
"{68992693-29CA-43B5-80AF-EF5CAEE9CA26}" = dir=in | name=onenote | 
"{7571F6E2-911B-4F71-832D-F4CA20EAA8A1}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{762BEE9E-2D67-4777-AA87-87BA6F0B8E8C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{79A02720-C531-4FC9-A2A3-E32C3CF74E98}" = dir=out | name=acer explorer | 
"{8039EE20-5698-4C20-9C5C-F5F1F62DE282}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{80BBF4C4-D90E-4463-A793-C7585FCB09DB}" = dir=out | name=onenote | 
"{8389E18C-FF1A-4106-921D-2CA803000037}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{85CC36FE-D8D5-41E7-A4BF-882D59D29CB3}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{89ECDC59-5605-4B33-BACE-DFAC4B41D44A}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{A160583C-A1BE-43F3-8FC1-C7D5E2EE9DBC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{A42E427F-552C-454A-8E75-863672EBA8BE}" = dir=out | name=@{microsoft.bingweather_3.0.4.337_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} | 
"{A51982E3-8677-4D7A-8315-4590C92BCC5E}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\virtualdrive.exe | 
"{A786D537-591C-4122-BC6A-0CA782F6CA20}" = dir=out | name=@{microsoft.zunemusic_2.6.672.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{A8D581C3-7CF7-4BFA-9D3D-9E00DEA41CF0}" = dir=in | name=music maker jam | 
"{A9398DBD-4C65-452C-B503-69C9FE158860}" = dir=out | name=skype | 
"{AC8A2880-75B7-4EEB-A4D3-7033FE198908}" = dir=out | name=@{microsoft.zunevideo_1.4.19.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{ACDFD2BA-B2CF-46FC-B66A-DC6D98D93D16}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe | 
"{B09DAD64-EE5A-4AD3-A7C8-08380673CC62}" = dir=out | name=newsxpresso | 
"{B1278B12-29BF-4307-97E0-49303009947F}" = dir=out | name=music maker jam | 
"{B34D8AE4-D8C7-4056-8112-932D213FD866}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe | 
"{B41A2AC4-5B49-4C64-B285-9CB1EB1548A3}" = dir=in | name=hp all-in-one printer remote | 
"{B5D04F1F-8B0A-4D24-AA27-C433C89F400B}" = dir=out | name=@{microsoft.bingnews_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | 
"{B86484D9-A867-4139-9961-56EAFC27D0F3}" = dir=out | name=the treasures of montezuma 3 | 
"{B8E62E7E-5B3E-495E-8B22-4F463E68BC43}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{B9344F86-3B5E-41EA-9D86-B5BD2DBA468A}" = dir=out | name=@{microsoft.zunevideo_2.6.446.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{BB8DF291-466C-48C9-8D7E-C03F42159DE8}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe | 
"{C1397DD8-2F9D-4D6E-AB4D-AC351C47A3D8}" = dir=in | app=c:\program files (x86)\dropbox\client\dropbox.exe | 
"{C716DE4F-70D5-454E-AABD-7A9B119AA02B}" = dir=out | name=@{microsoft.bingsports_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | 
"{C7C5B632-E33E-4356-8511-09866EEE7955}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\virtualdrive.exe | 
"{D14CD3F3-1679-4D9C-9C19-3E6EEC5326D6}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{D1710745-DC8F-4360-A03D-B3457B217AEB}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{D27C2C67-608D-4E0E-9378-992FA77258D0}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicatorcom.exe | 
"{D2811984-BF50-43EC-9E80-1E80C7576275}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{D309308A-4A28-4E1D-97C8-18234DAB58AD}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{D7501E89-045B-4D89-B6F1-AA40577F9D8F}" = dir=out | name=@{microsoft.bingweather_2.0.0.288_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{DA4F0212-6072-4934-8983-7B887EE2C4D3}" = dir=out | name=hp all-in-one printer remote | 
"{DAADAA74-9DFC-4A95-A18E-0A1221F46BF6}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\sdd.exe | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DE8330FA-41EF-4B00-B4E8-66E081C702A8}" = dir=out | name=@{microsoft.bingtravel_2.0.0.274_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{E31B11E3-ED46-4D1F-ABC6-99CA0BCEECA6}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{E4E88AC9-5F1B-4746-9F9A-F361F11ED675}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{E516554E-9791-4EF8-95D7-074D6818D569}" = dir=out | name=windows_ie_ac_001 | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E847B8AF-B8CE-4E2D-9F56-BE812C64A3B1}" = dir=out | name=windows_ie_ac_001 | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{F06AF458-FD6D-40E1-ABDB-7CD54101F76B}" = dir=out | name=@{microsoft.bingfinance_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | 
"{F3FF704B-9F51-489B-8D97-A6126EF8708A}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F68C1501-D77F-438B-BC31-4EFD1752D87A}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{F6D4B300-3739-4C79-A6B0-22404E964637}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{F79206ED-21DB-4990-8247-6DED8EE265B6}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{F92D8DEF-68F8-4B68-B9EC-B2E4FA11AD6A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{FAD818EB-9F50-4ACD-BBE7-3AFFD0ABE3F4}" = dir=out | name=weatherbug.a | 
"TCP Query User{0ED62260-935A-4DF0-A148-8A7554A45B8D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{20ECE248-417E-4173-A1FB-9D0FC6189327}C:\users\mag\downloads\teamviewerportable\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\mag\downloads\teamviewerportable\teamviewer.exe | 
"TCP Query User{992A5461-377B-4790-812C-8D55A75DD054}C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe | 
"UDP Query User{3D966FCE-0FF8-44EF-A741-2B3FA6CBB0E6}C:\users\mag\downloads\teamviewerportable\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\mag\downloads\teamviewerportable\teamviewer.exe | 
"UDP Query User{A2D4ACED-1F9E-44C0-9A97-89837E7C4D02}C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe | 
"UDP Query User{F96081B8-83EE-4C80-ADEF-E9182926A7D3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{180500C1-57BB-3AA8-8E55-DCD5ECD16537}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client
"{45BBA5DD-7F9F-AE62-7799-F85C96FD34EF}" = ccc-utility64
"{48DF59F8-2ACD-4F1F-87F3-D820FE7A6178}" = HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät
"{4B3EF5E6-9A2C-0A1B-C61C-B1FD444B84BC}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5C76ED0D-0F6F-4985-8B34-F9AE7834848F}" = HP Unified IO
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67AA948F-8D83-4566-B84A-7CAABCF64E3F}" = Broadcom Card Reader Driver Installer
"{6BF02415-70FD-A0AF-C9BF-9B05AC8FBA91}" = AMD Accelerated Video Transcoding
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}" = Acer Launch Manager
"{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}" = Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten
"{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}" = Broadcom NetLink Controller
"{E3CA751C-E133-0BF1-3151-7A6D3FB88015}" = AMD Catalyst Install Manager
"{E7ACB435-E0B4-4770-77DE-ED38887CD133}" = AMD Fuel
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1" = Authorizer 2.9.0d5
"CCleaner" = CCleaner
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"Reason8.0Stable_64_is1" = Reason 8 8.3.2d7
"Sandboxie" = Sandboxie 5.06 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039BC111-3B00-B8C5-E02C-0CA1440A9469}_is1" = SuperEasy Audio Converter 2 v.2.1.3063
"{04973ECC-476F-CE5A-247E-47E04D00941B}" = CCC Help Chinese Traditional
"{070232F8-068B-1FF6-B5C4-F8F38E09C7E1}" = CCC Help Turkish
"{099218A5-A723-43DC-8DB5-6173656A1E94}" = Dropbox Update Helper
"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
"{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher
"{104DE091-6C4F-C5A9-F619-5D6C965A0296}" = CCC Help Chinese Traditional
"{11C007CB-AD6B-4898-A6AF-BCCE6C2EF5B9}" = Nero WaveEditor
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}" = Google Drive
"{1D30EA2E-5341-493E-8D71-0EED788B6CD9}" = Nero WaveEditor Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCC073B-CC01-4443-AD20-E559F66E6E83}" = Office Addin 2003
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{24EC20E9-E55D-2438-7EFB-EBDE180463B5}" = CCC Help Portuguese
"{25A3B953-1423-3F15-640E-B620DD0F419A}" = Catalyst Control Center - Branding
"{268949A6-DDCD-CFE5-BE95-7347AC66709C}" = CCC Help Korean
"{26A24AE4-039D-4CA4-87B4-2F83218065F0}" = Java 8 Update 65
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WLAN and Bluetooth Client Installation Program
"{285C9F30-3BF8-697B-BD1D-353435E94B78}" = CCC Help Hungarian
"{29967A7C-6E18-91CD-BBE4-9C09F401E950}" = CCC Help Italian
"{2E302F5E-9C1C-CF99-D788-E4D3D707A0AD}" = CCC Help Chinese Standard
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{33BE5D36-1822-1B12-54A4-1CD01656B422}" = CCC Help Polish
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" =  clear.fi SDK- Movie 2
"{3886CE18-322D-B7B8-F162-A96620DC4B47}" = Catalyst Control Center
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3C5FB6E7-DFAA-1E8D-6FEB-4B1CB8BF8F04}" = CCC Help Finnish
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3DBFC71A-D5F9-7A39-9C07-0FEB041824CB}" = CCC Help Japanese
"{427B5B6C-7953-78D5-8A63-E113C848C9F5}" = CCC Help Danish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}" = Nero BackItUp 12 Essentials OEM.a01
"{53DB1E4D-74B6-2C04-0A2B-3D3E0DC20D63}" = CCC Help Norwegian
"{54D05374-2428-7BE0-58CD-CE8031163DE6}" = CCC Help Russian
"{5785302F-570A-6D2C-E61B-E808A144102D}" = Catalyst Control Center Profiles Mobile
"{585D1F10-5802-4A6C-BBEA-89814239C84A}" = Catalyst Control Center - Branding
"{593F5702-AB44-F64D-2F45-1F37CDEA01B8}" = CCC Help Greek
"{5b07d59f-99e0-4c52-ad25-965f7e38d6ac}" = Avira Launcher
"{5C6AFE98-08BF-086A-300D-18F77D284966}" = CCC Help Swedish
"{5C757800-27E8-2AE3-889A-8B959AE689F8}" = CCC Help Japanese
"{5D2B5E19-C333-4519-3D32-AAB8EEE9ACA4}" = AMD Catalyst Control Center
"{5D3EC645-B957-36A1-068A-FE8450963669}" = CCC Help Spanish
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{61B90A4D-8CC9-2FED-2495-AC8C9467C984}" = CCC Help Norwegian
"{62A87765-B535-FBCC-4743-45E7CF9F9810}" = CCC Help Swedish
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{652F176B-E10A-38BF-0B12-AFC52A17E56D}" = CCC Help Czech
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{78545512-1F84-4357-8A9A-D94D9C3CE4FA}" = HP Support Solutions Framework
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7C5B13DA-6A68-86C7-ED29-610CA0F49555}" = CCC Help French
"{80680785-2EE1-053F-9CD3-4B2C904596EE}" = Catalyst Control Center InstallProxy
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85EBE536-24B8-4B5A-D6E9-FC34A7C52B39}" = CCC Help Spanish
"{8649C9CA-1F41-11E9-0F1E-DD494443A7F0}" = CCC Help Italian
"{86E0DAF6-D3E4-ED45-908F-41EE680CCF0C}" = CCC Help German
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8F6ABAF5-4B5D-78CF-FD6A-7EEDC71E74F2}" = Catalyst Control Center Localization All
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{95B8F519-8C35-9010-A63C-51B3E0EE8D4E}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D67E683-1144-4C0C-A9F3-5171F7678FF3}" = Avira Launcher
"{9D9F2DBE-3319-9844-2EDE-0DF98E832E8C}" = CCC Help Hungarian
"{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Hilfe
"{A2D43081-CF7B-4637-A9F3-E2651AA5C4A8}" = Nero RescueAgent
"{A3806AB7-AB46-7672-A825-F9AE0DE6910A}" = CCC Help Finnish
"{A46EBB0F-F784-E1CA-A97C-70E02C575057}" = CCC Help Thai
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud Portal
"{AB96AFC8-CC8C-46DA-F710-FE3C6B26E137}" = CCC Help French
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AF87F2CA-71AA-9786-C8D9-3C38244E53DA}" = CCC Help Russian
"{B079957C-3276-4B9F-DB08-D1CA8C090D9E}" = CCC Help Greek
"{B12BE177-DC00-5746-3AB9-91CD090AF555}" = Catalyst Control Center Localization All
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B5A89E67-E8D0-70E8-6634-EE3554FD6353}" = CCC Help Dutch
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}" = HPDiagnosticAlert
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B791E0AB-87A9-41A4-8D98-D13C2E37D928}" = Nero Info
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{BEDC9772-10E8-4BBA-9048-CD78CD93BF38}" = PDF Architect 3 View Module
"{BF5509A0-250A-25EA-0C19-61505E9EBA13}" = CCC Help Chinese Standard
"{C4EE2BA3-EEA5-9650-86E0-0405ECA5C22C}" = CCC Help Thai
"{C69EA753-0D3F-E48B-8C98-7F6310DC29B8}" = CCC Help German
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{CDFE8F95-F80F-4115-9C3F-0E1FD8F9F58C}" = Nero ControlCenter Help (CHM)
"{D2C51AA1-77F3-5D86-114C-20DEBB3425DE}" = CCC Help English
"{D4073D4E-4338-90DD-F2A2-E184826C5539}" = CCC Help Turkish
"{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp
"{DF47AB90-FB92-42F4-926E-1C4FF16029E7}" = Boxcryptor Classic 1.7
"{E9397ACE-64E3-49EA-98B0-F787F0637029}" = PDF Architect 3 Edit Module
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EB766D4A-C56C-946D-F74D-43C78FE4521E}" = CCC Help Korean
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" =  clear.fi SDK - Video 2
"{ECA361B3-855E-EEAB-C4E9-FFA6F25A4DF4}" = OEM Application Profile
"{ED0D7699-1943-0C29-7465-6530F8DE2DA2}" = CCC Help Polish
"{EDA5BB56-AAF4-6889-AD8E-E25A17BD140B}" = CCC Help Czech
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{EE430B59-A026-4C96-8906-E4C05B7FCC37}" = Nero WaveEditor
"{EEF14371-2D24-5A2D-0EF2-22010DB4CFA6}" = CCC Help Danish
"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1390872-2500-4408-A46C-CD16C960C661}" = HP Unified IO
"{F1642ACD-1F50-FCC2-BDA6-C83762316958}" = PX Profile Update
"{F2401C6F-8A6E-17B4-F550-3C54FAC8A5E8}" = Catalyst Control Center InstallProxy
"{FAB06EA0-4907-47CE-B002-4EEFA36F806D}" = PDF Architect 3 Create Module
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FDD69799-37B2-9ACE-F70C-ABD1F96FD04C}" = CCC Help Portuguese
"{FDF2FE33-426D-45C2-4E70-76C162F1B790}" = CCC Help English
"4K Video Downloader_is1" = 4K Video Downloader 3.6
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"Avira Antivirus" = Avira Antivirus
"Click2Music" = Click2Music
"Dropbox" = Dropbox
"DYMO Label v.8" = DYMO Label v.8
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"IObit_StartMenu8_is1" = Start Menu 8
"Line 6 Uninstaller" = Line 6 Uninstaller
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.2.0.1024
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Paperless Converter_is1" = Paperless Converter version 9.07
"Paperless Printer_is1" = Paperless Printer version 6.0.0.1
"PDF Architect 3" = PDF Architect 3
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WUCCCApp" = Catalyst Control Center
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = f.lux
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.12.2015 15:47:53 | Computer Name = KanockelHoppel | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: delegate_execute.exe, Version: 47.0.2526.80,
 Zeitstempel: 0x5661e826  Name des fehlerhaften Moduls: delegate_execute.exe, Version:
 47.0.2526.80, Zeitstempel: 0x5661e826  Ausnahmecode: 0x80000003  Fehleroffset: 0x00007f81
ID
 des fehlerhaften Prozesses: 0xdd8  Startzeit der fehlerhaften Anwendung: 0x01d132ba7d67b26c
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\delegate_execute.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\delegate_execute.exe
Berichtskennung:
 bbb8c115-9ead-11e5-bf14-201a0671fff5  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 09.12.2015 16:28:57 | Computer Name = KanockelHoppel | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 10.12.2015 16:16:31 | Computer Name = KanockelHoppel | Source = Windows Search Service | ID = 3079
Description = 
 
Error - 10.12.2015 16:39:10 | Computer Name = KanockelHoppel | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 11.12.2015 16:20:48 | Computer Name = KanockelHoppel | Source = Windows Search Service | ID = 3079
Description = 
 
Error - 11.12.2015 16:49:30 | Computer Name = KanockelHoppel | Source = Microsoft-Windows-LocationProvider | ID = 2006
Description = There was an error with the Windows Location Provider database
 
Error - 13.12.2015 08:19:21 | Computer Name = KanockelHoppel | Source = Windows Search Service | ID = 3079
Description = 
 
Error - 13.12.2015 09:10:45 | Computer Name = KanockelHoppel | Source = Application Hang | ID = 1002
Description = Programm acmsetup.exe, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 13e8    Startzeit:
 01d135a6739aa026    Endzeit: 0    Anwendungspfad: Z:\~MSSETUP.T\tmp.t\acmsetup.exe    Berichts-ID:
 e7ac2a12-a19a-11e5-bf17-201a0671fff5    Vollständiger Name des fehlerhaften Pakets:
     Anwendungs-ID, die relativ zum fehlerhaften Paket ist:   
 
Error - 13.12.2015 09:13:39 | Computer Name = KanockelHoppel | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 13.12.2015 14:56:49 | Computer Name = KanockelHoppel | Source = Windows Search Service | ID = 3079
Description = 
 
[ System Events ]
Error - 13.12.2015 08:15:42 | Computer Name = KanockelHoppel | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Spybot-S&D 2 Scanner Service erreicht.
 
Error - 13.12.2015 08:15:42 | Computer Name = KanockelHoppel | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 13.12.2015 12:23:56 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016
Description = 
 
Error - 13.12.2015 12:23:56 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016
Description = 
 
Error - 13.12.2015 12:23:56 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016
Description = 
 
Error - 13.12.2015 12:23:56 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016
Description = 
 
Error - 13.12.2015 12:23:57 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016
Description = 
 
Error - 13.12.2015 12:23:57 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016
Description = 
 
Error - 13.12.2015 12:23:57 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016
Description = 
 
Error - 13.12.2015 12:23:57 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
Und die OTL.txt-File
Code:
ATTFilter
OTL logfile created on: 13.12.2015 20:14:52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MaG\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18125)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 3,07 Gb Available Physical Memory | 38,89% Memory free
9,13 Gb Paging File | 4,28 Gb Available in Paging File | 46,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 681,75 Gb Total Space | 521,91 Gb Free Space | 76,55% Space Free | Partition Type: NTFS
Drive Z: | 681,75 Gb Total Space | 521,91 Gb Free Space | 76,55% Space Free | Partition Type: FAT32
 
Computer Name: KANOCKELHOPPEL | User Name: MaG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\MaG\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe (IObit)
PRC - C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\IObit\Classic Start\StartMenu_Hook.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Classic Start\SMService.exe (IObit)
PRC - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation)
PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes)
PRC - C:\Program Files (x86)\PDF Architect 3\creator-ws.exe (pdfforge GmbH)
PRC - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe (Secomba GmbH)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Users\MaG\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._core_.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._controls_.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._windows_.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._gdi_.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._misc_.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\unicodedata.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\pysqlite2._sqlite.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\windows._lib_cacheinvalidation.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\pythoncom27.dll ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32com.shell.shell.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32gui.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\pyexpat.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._wizard.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32file.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32security.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32api.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\usb_ext.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._animate.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._html2.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32inet.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32process.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32pdh.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32pipe.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32ts.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32event.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\thumbnails_ext.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32profile.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32crypt.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\select.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_ssl.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_hashlib.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_elementtree.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\pywintypes27.dll ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_ctypes.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_socket.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_psutil_windows.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_multiprocessing.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_yappi.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\common.time34.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\hashobjs_ext.pyd ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\173a22546b0edc901297108f25229d5e\System.IdentityModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\bdec9c7688afbbb0209e3a43dcde5079\System.Data.Linq.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\d6180cfaac57962ca62186c1151b5f7f\System.ServiceModel.Internals.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\780d94e5d6c1620ed4556ed4d6586007\System.Numerics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\fbb07ef2f687508f75bfeacd97f2453b\SMDiagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\c9a7382a4f3e988b25ec829e08e118fd\System.ComponentModel.Composition.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fbcc841985004e93985727bbcc8abb0b\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\6ea7a7e4e486dea084e6b14dd1fd765e\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\5c44c09f1895981c038cacfbda28fdbd\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\9a349fb029581f4752d2c6cfcfeab816\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\ca77cfc1da7241e2dd280b446dc7b92b\System.Xml.Linq.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d626184834dde3f4906aff139d4e5bbf\System.Xaml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\4ee7f7e41d916e3f4ffa520ff42bdbd4\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f96edd5482f69d76e661cb0e279c25f6\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\673e962beaf835de9a3660ea255d2a5e\System.ServiceModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\7d61ab80c44108150bad37e8d916e220\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\fadd99ca6318632b3f3d4f31eb91db7a\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c98b70fea45b348a5283fad4dfa4b220\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\e3abc4d3f7fef760d13bf957613960cb\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\d9961946cc4b6fb67e19cd2f8ce90a76\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\e09d73263866a3b0472fd3a4d9aaccae\PresentationFramework.Aero2.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\2f55a37d0019f1ae3660755f160d73da\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\8cb954738fb5d385430c075e24483e71\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\579202ba970d73dae32cc3a5c68af8e2\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\257fa713928375c0ac9b9f24904e988f\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\1a6b5095c4416a37f9ca4cf4436d1311\System.ni.dll ()
MOD - C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\fastpath.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.dll ()
MOD - C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\wtsapi32.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9b1531097c798aa059b87e8bff3f5591\System.Windows.Forms.ni.dll ()
MOD - C:\Program Files (x86)\IObit\Classic Start\sqlite3.dll ()
MOD - C:\Program Files (x86)\IObit\Classic Start\ProductStatistics.dll ()
MOD - C:\Program Files (x86)\IObit\Classic Start\parseAuto.dll ()
MOD - C:\Program Files (x86)\IObit\Classic Start\madexcept_.bpl ()
MOD - C:\Program Files (x86)\IObit\Classic Start\madbasic_.bpl ()
MOD - C:\Program Files (x86)\IObit\Classic Start\maddisAsm_.bpl ()
MOD - C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll ()
MOD - C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll ()
MOD - C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll ()
MOD - C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll ()
MOD - C:\Program Files (x86)\Dropbox\Client\librsync.dll ()
MOD - C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32service.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32ts.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32security.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32process.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32profile.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32gui.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32file.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32event.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32api.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\sip.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\select.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll ()
MOD - C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\159c1674c74e3372bda64afddf88cb3b\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ee6d89830b1aea077e5fc12fb95df6a0\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\035d2a25a1bf16475e1bbc0a112b3388\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\49201f5658aca21352debffb85ff41df\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4976746d2f27ea6b60301a84d6c3e4be\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\5bd3374f05d46ba0563f44d032209f08\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\d03a3ddcd6a395878751c5e90fa16915\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll ()
MOD - C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:64bit: - (igfxCUIService1.0.0.0) -- C:\Windows\SysNative\igfxCUIService.exe (Intel Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (BthHFSrv) -- C:\Windows\SysNative\BthHFSrv.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Avira.ServiceHost) -- C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG)
SRV - (SMService) -- C:\Program Files (x86)\IObit\Classic Start\SMService.exe (IObit)
SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC)
SRV - (MBAMService) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes)
SRV - (PDF Architect 3) -- C:\Program Files (x86)\PDF Architect 3\ws.exe (pdfforge GmbH)
SRV - (PDF Architect 3 Creator) -- C:\Program Files (x86)\PDF Architect 3\creator-ws.exe (pdfforge GmbH)
SRV - (PDF Architect 3 CrashHandler) -- C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe (pdfforge GmbH)
SRV - (dbupdatem) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
SRV - (dbupdate) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
SRV - (HPSupportSolutionsFrameworkService) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Company)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (PrintNotify) -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Windows (R) Win 7 DDK provider)
SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (LMSvc) -- C:\Programme\Acer\Acer Launch Manager\LMSvc.exe (Acer Incorporate)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (CCDMonitorService) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (DymoPnpService) -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avnetflt) -- C:\Windows\SysNative\drivers\avnetflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (SEE) -- C:\Windows\SysNative\drivers\see.sys (SoftEther Corporation)
DRV:64bit: - (Neo_VPN) -- C:\Windows\SysNative\drivers\Neo_VPN.sys (SoftEther Corporation)
DRV:64bit: - (VBoxNetLwf) -- C:\Windows\SysNative\drivers\VBoxNetLwf.sys (Oracle Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp6.sys (Oracle Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (Wof) -- C:\WINDOWS\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (cbfs4) -- C:\Windows\SysNative\drivers\cbfs4.sys (EldoS Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Qualcomm Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Qualcomm Atheros)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (LMDriver) -- C:\Windows\SysNative\drivers\LMDriver.sys (Acer Incorporated)
DRV:64bit: - (RadioShim) -- C:\Windows\SysNative\drivers\RadioShim.sys (Acer Incorporated)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (Sandboxie Holdings, LLC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{38AFC276-312F-43FF-A52A-7DA86F63BC34}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
IE:64bit: - HKLM\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{38AFC276-312F-43FF-A52A-7DA86F63BC34}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
IE - HKLM\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {38AFC276-312F-43FF-A52A-7DA86F63BC34}
IE - HKCU\..\SearchScopes\{38AFC276-312F-43FF-A52A-7DA86F63BC34}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\PDF Architect 3: C:\Program Files (x86)\PDF Architect 3\np-previewer.dll (pdfforge GmbH)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\pdf_architect_3_conv@pdfarchitect.org: C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension\ [2015.09.26 12:23:29 | 000,000,000 | ---D | M]
 
[2015.11.29 19:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MaG\AppData\Roaming\mozilla\Firefox\Profiles\GWy82fZH.default\extensions
[2015.11.29 19:54:10 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\MaG\AppData\Roaming\mozilla\Firefox\Profiles\GWy82fZH.default\extensions\abs@avira.com
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.7.0_0\
CHR - Extension: No name found = C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_1\
CHR - Extension: No name found = C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_1\
 
O1 HOSTS File: ([2015.10.25 06:17:49 | 000,450,831 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 15473 more lines...
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (PDF Architect 3 Helper) - {06E08260-0695-4EC1-A74B-1310D8899D93} - C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll (pdfforge GmbH)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect 3 Toolbar) - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll (pdfforge GmbH)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira SystrayStartTrigger] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dropbox] C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [BoxcryptorClassic.exe] C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe (Secomba GmbH)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [DymoQuickPrint] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)
O4 - HKCU..\Run: [f.lux] C:\Users\MaG\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [HP Deskjet 3070 B611 series (NET)] C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - HKCU..\Run: [SpybotPostWindows10UpgradeReInstall] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" (Atheros Communications)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableFirstLogonAnimation = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisplayLastLogonInfo = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPreviewPane = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinkeys = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC547890-78E3-4C07-AE37-F747FD513F4C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: EldosMountNotificator-cbfs4 - {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - C:\Windows\SysNative\cbfsMntNtf4.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator-cbfs4 - {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - Virtual Storage Mount Notification - C:\Windows\SysNative\cbfsMntNtf4.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015.10.22 21:36:52 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2034.10.18 01:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2015.12.13 14:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 6.0
[2015.12.13 14:03:34 | 000,145,360 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WEBPOST.DLL
[2015.12.13 14:03:34 | 000,121,984 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CRSWPP.DLL
[2015.12.13 14:03:34 | 000,112,064 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WPWIZDLL.DLL
[2015.12.13 14:03:34 | 000,099,008 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\POSTWPP.DLL
[2015.12.13 14:03:34 | 000,098,960 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FTPWPP.DLL
[2015.12.13 14:03:34 | 000,093,456 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FPWPP.DLL
[2015.12.13 14:03:34 | 000,050,816 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PIPARSE.DLL
[2015.12.13 14:03:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Publish
[2015.12.13 14:03:34 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Web Publishing
[2015.12.13 14:03:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2015.12.13 14:02:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2015.12.13 13:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
[2015.12.11 21:48:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\AutoKMS
[2015.12.09 20:51:00 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysWow64\GWX
[2015.12.09 20:51:00 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysNative\GWX
[2015.12.08 21:14:07 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rmcast.sys
[2015.12.08 21:12:23 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2015.12.08 21:12:23 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015.12.08 21:12:21 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2015.12.08 21:12:20 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2015.12.08 21:12:19 | 005,923,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015.12.08 21:12:19 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2015.12.08 21:12:10 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2015.12.08 21:11:57 | 000,718,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2015.12.08 21:11:56 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll
[2015.12.08 21:11:56 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll
[2015.12.08 21:11:54 | 002,123,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2015.12.08 21:11:53 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2015.12.08 21:11:51 | 002,880,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2015.12.08 21:11:51 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll
[2015.12.08 21:11:51 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iepeers.dll
[2015.12.08 21:11:51 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll
[2015.12.08 21:11:51 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2015.12.08 21:11:51 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll
[2015.12.08 21:11:27 | 001,200,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2015.12.08 21:11:26 | 000,868,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2015.12.08 21:11:24 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GlobCollationHost.dll
[2015.12.08 21:11:24 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GlobCollationHost.dll
[2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdgeoqw.dll
[2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kbdgeoqw.dll
[2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZST.DLL
[2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZST.DLL
[2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZEL.DLL
[2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZEL.DLL
[2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZE.DLL
[2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZE.DLL
[2015.12.08 21:11:21 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpapisrv.dll
[2015.12.08 21:11:20 | 007,455,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2015.12.08 21:11:20 | 001,735,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2015.12.08 21:11:20 | 001,487,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2015.12.08 21:11:20 | 001,355,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2015.12.08 21:11:19 | 001,706,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comsvcs.dll
[2015.12.08 21:11:19 | 001,659,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2015.12.08 21:11:19 | 001,519,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2015.12.08 21:11:19 | 001,344,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll
[2015.12.08 21:11:19 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\catsrvut.dll
[2015.12.08 21:11:19 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll
[2015.12.08 21:11:19 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntvdm64.dll
[2015.12.08 21:11:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ntvdm64.dll
[2015.12.08 21:11:16 | 001,994,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll
[2015.12.08 21:11:16 | 001,753,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2015.12.08 21:11:16 | 001,540,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\user32.dll
[2015.12.08 21:11:16 | 001,490,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2015.12.08 21:11:15 | 001,385,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll
[2015.12.08 21:11:01 | 002,243,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2015.12.08 21:11:01 | 000,897,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2015.12.08 21:11:01 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2015.12.08 21:11:01 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2015.12.08 21:11:01 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll
[2015.12.08 21:11:01 | 000,136,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2015.12.08 21:11:01 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll
[2015.12.08 21:11:01 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2015.12.08 21:11:01 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2015.12.08 21:11:01 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups2.dll
[2015.12.08 21:11:01 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe
[2015.12.08 21:11:01 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe
[2015.12.08 21:11:00 | 002,775,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2015.12.08 21:11:00 | 002,462,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2015.12.08 21:10:59 | 000,572,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winlogon.exe
[2015.12.08 21:10:59 | 000,468,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2015.12.08 21:10:59 | 000,443,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usbport.sys
[2015.12.08 21:10:59 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wininit.exe
[2015.12.08 21:10:59 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PCPKsp.dll
[2015.12.08 21:10:59 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PCPKsp.dll
[2015.12.08 21:10:59 | 000,027,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usbd.sys
[2015.12.07 20:45:06 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\TeamViewer
[2015.11.29 19:54:17 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\Avira
[2015.11.29 19:54:10 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\Mozilla
[2015.11.29 19:52:45 | 000,146,696 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys
[2015.11.29 19:52:45 | 000,135,880 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys
[2015.11.29 19:52:45 | 000,073,032 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys
[2015.11.29 19:52:45 | 000,035,488 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys
[2015.11.29 19:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2015.11.29 19:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2015.11.29 19:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2015.11.29 19:23:34 | 000,029,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aspnet_counters.dll
[2015.11.29 19:23:33 | 000,028,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aspnet_counters.dll
[2015.11.25 21:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
[2015.11.23 21:31:59 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015.11.23 21:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2015.11.23 21:31:43 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2015.11.23 21:31:43 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2015.11.23 21:31:43 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2015.11.23 21:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2015.11.23 21:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015.11.23 21:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\{BBC32A4C-2E5E-4FC6-8C4F-DFFC9141B6B9}
[2015.11.23 21:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\{162B2171-A3DE-46CF-BB3A-8120224EDFC9}
[2015.11.16 21:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\{89F7B217-4B45-4E13-A7C6-197DB94C2A4E}
[2015.11.16 21:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\{6122987E-0DC3-4CF4-A864-B6228ED61460}
[2015.11.15 17:41:19 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\freac
[2015.11.15 17:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter
[2015.11.15 17:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\freac
[2015.11.15 17:03:48 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\SuperEasy Software
[2015.11.15 17:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software
[2015.11.15 17:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SuperEasy Software
[2015.11.15 17:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HDX4
[2015.11.15 17:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperEasy Software
[2015.11.15 17:00:38 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Local\CrashDumps
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2021.10.21 14:36:56 | 000,000,852 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\RTKHDRC.dat
[2021.10.04 08:34:42 | 000,000,712 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\RTMICEQ0.dat
[2015.12.13 20:07:33 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015.12.13 20:00:54 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015.12.13 19:54:42 | 000,001,974 | ---- | M] () -- C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk
[2015.12.13 19:54:41 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015.12.13 19:54:12 | 000,001,144 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015.12.13 19:52:30 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015.12.13 18:01:09 | 000,001,138 | ---- | M] () -- C:\WINDOWS\SysWow64\InstallUtil.InstallLog
[2015.12.13 14:03:36 | 000,000,535 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2015.12.13 14:03:36 | 000,000,288 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2015.12.13 14:01:59 | 000,143,300 | ---- | M] () -- C:\WINDOWS\vssetup.ttf
[2015.12.13 14:01:59 | 000,001,409 | ---- | M] () -- C:\WINDOWS\vssetup.for
[2015.12.13 13:23:05 | 001,785,582 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015.12.13 13:23:05 | 000,769,092 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat
[2015.12.13 13:23:05 | 000,725,380 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015.12.13 13:23:05 | 000,160,376 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat
[2015.12.13 13:23:05 | 000,136,436 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015.12.10 21:11:50 | 000,495,520 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2015.12.08 21:03:41 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015.12.07 20:49:29 | 000,001,481 | ---- | M] () -- C:\Users\MaG\Desktop\TeamViewer.exe - Verknüpfung.lnk
[2015.12.07 20:39:24 | 000,001,580 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2015.12.02 21:09:54 | 000,146,696 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys
[2015.12.02 21:09:54 | 000,135,880 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys
[2015.12.02 21:09:54 | 000,073,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys
[2015.12.02 21:09:54 | 000,035,488 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys
[2015.12.01 18:19:27 | 000,826,872 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2015.12.01 18:19:27 | 000,176,632 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2015.11.24 06:29:51 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015.11.23 21:31:48 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2015.11.22 07:59:22 | 001,735,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2015.11.22 07:59:22 | 001,659,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2015.11.22 07:59:22 | 001,519,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2015.11.22 07:59:22 | 001,487,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2015.11.22 07:59:22 | 001,355,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2015.11.22 07:59:17 | 007,455,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2015.11.21 19:32:33 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntvdm64.dll
[2015.11.21 18:50:31 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ntvdm64.dll
[2015.11.21 17:59:56 | 001,706,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comsvcs.dll
[2015.11.21 17:49:44 | 001,344,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll
[2015.11.21 17:47:09 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\catsrvut.dll
[2015.11.21 17:40:31 | 000,414,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll
[2015.11.21 07:45:33 | 000,001,542 | ---- | M] () -- C:\WINDOWS\SysNative\.crusader
[2015.11.20 23:47:40 | 000,136,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2015.11.20 19:18:57 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups2.dll
[2015.11.20 17:47:36 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe
[2015.11.20 17:46:51 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll
[2015.11.20 17:44:35 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2015.11.20 17:44:05 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2015.11.20 17:43:05 | 000,897,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2015.11.20 17:42:20 | 002,243,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2015.11.20 17:30:10 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe
[2015.11.20 17:29:43 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll
[2015.11.20 17:28:06 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2015.11.20 17:27:42 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2015.11.15 17:41:05 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\freac - free audio converter.lnk
[2015.11.15 17:03:39 | 000,001,375 | ---- | M] () -- C:\Users\Public\Desktop\Audio Converter 2.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015.12.13 14:03:36 | 000,000,535 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2015.12.13 14:03:36 | 000,000,288 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2015.12.13 14:01:59 | 000,143,300 | ---- | C] () -- C:\WINDOWS\vssetup.ttf
[2015.12.13 14:01:59 | 000,001,409 | ---- | C] () -- C:\WINDOWS\vssetup.for
[2015.12.07 20:49:29 | 000,001,481 | ---- | C] () -- C:\Users\MaG\Desktop\TeamViewer.exe - Verknüpfung.lnk
[2015.12.05 17:55:41 | 000,001,148 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015.12.05 17:55:40 | 000,001,144 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015.11.29 19:54:29 | 000,001,138 | ---- | C] () -- C:\WINDOWS\SysWow64\InstallUtil.InstallLog
[2015.11.23 21:31:48 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2015.11.15 17:41:05 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\freac - free audio converter.lnk
[2015.11.15 17:03:39 | 000,001,375 | ---- | C] () -- C:\Users\Public\Desktop\Audio Converter 2.lnk
[2015.11.03 09:36:37 | 000,001,580 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2015.11.02 15:23:00 | 000,004,096 | -H-- | C] () -- C:\Users\MaG\AppData\Local\keyfile3.drm
[2015.09.26 12:17:33 | 000,000,740 | ---- | C] () -- C:\Users\MaG\AppData\Local\recently-used.xbel
[2015.09.22 19:49:10 | 000,000,362 | ---- | C] () -- C:\Users\MaG\AppData\Local\hpiDp.vbs
[2015.09.19 19:49:10 | 000,000,362 | ---- | C] () -- C:\Users\MaG\AppData\Local\t4t5KB.vbs
[2015.08.23 09:46:40 | 000,000,362 | ---- | C] () -- C:\Users\MaG\AppData\Local\boukZ.vbs
[2015.08.23 07:48:56 | 000,000,516 | ---- | C] () -- C:\Users\MaG\AppData\Local\7o5cj3r.vbs
[2015.08.16 21:11:26 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015.08.08 19:35:05 | 000,000,516 | ---- | C] () -- C:\Users\MaG\AppData\Local\6U3x63w.vbs
[2015.08.08 19:24:22 | 003,531,374 | ---- | C] () -- C:\Users\MaG\AppData\Local\curl.zip
[2015.07.19 21:19:43 | 000,000,396 | ---- | C] () -- C:\Users\MaG\AppData\Local\G0rg5H.vbs
[2015.07.18 20:48:03 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2015.07.18 19:07:27 | 001,774,862 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2015.03.19 20:01:54 | 000,187,904 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2015.03.19 20:01:48 | 017,289,048 | ---- | C] () -- C:\WINDOWS\SysWow64\igd11dxva32.dll
[2014.11.21 05:05:31 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2014.11.21 05:03:37 | 000,107,008 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014.11.21 04:42:28 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014.07.21 21:04:58 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2014.07.21 21:04:58 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2014.07.21 21:04:46 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2014.07.21 21:04:04 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2014.07.21 21:04:04 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2014.07.21 21:03:42 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2014.02.11 22:40:42 | 000,000,217 | ---- | C] () -- C:\Users\MaG\.swfinfo
 
========== ZeroAccess Check ==========
 
[2015.11.15 17:07:24 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015.08.27 03:43:09 | 022,372,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015.08.27 03:42:51 | 019,795,904 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014.11.21 05:03:53 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014.11.21 05:05:05 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014.11.21 05:03:52 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\MaG\OneDrive:ms-properties
@Alternate Data Stream - 220 bytes -> C:\Users\MaG\OneDrive.old:ms-properties

< End of report >
         
ich muss aber gestehen, dass ich mit OTL noch nicht gearbeitet habe - da brauche ich Hilfe

Alt 13.12.2015, 20:43   #2
blubbblabb
 
Webseiten werden geöffnet - Standard

Webseiten werden geöffnet



Mein Scan mit OTL ergibt folgendes:
Code:
ATTFilter
OTL Extras logfile created on: 13.12.2015 20:14:52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MaG\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18125)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 3,07 Gb Available Physical Memory | 38,89% Memory free
9,13 Gb Paging File | 4,28 Gb Available in Paging File | 46,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 681,75 Gb Total Space | 521,91 Gb Free Space | 76,55% Space Free | Partition Type: NTFS
Drive Z: | 681,75 Gb Total Space | 521,91 Gb Free Space | 76,55% Space Free | Partition Type: FAT32
 
Computer Name: KANOCKELHOPPEL | User Name: MaG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{95CE8116-8D99-4FCA-93D2-F8B7A526F678}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{E08E12CF-131E-4137-84AD-8AA4F82BDCE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ED42765D-0E9B-4792-9BAB-5DA5FE42DA4D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{FB5FA686-D142-4829-8030-7725CE87BF65}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008E93F9-FC69-4EBB-883F-66E68296FE9F}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20947_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{030066CC-AAD3-4867-BB12-D708ADF84DFA}" = dir=out | name=f5 vpn | 
"{0439C5C4-6C55-46D7-BD51-DE35DA1B1F72}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe | 
"{0538CDE4-F10A-431A-85FA-5BB50CAC5BD5}" = dir=out | name=@{microsoft.zunemusic_1.4.18.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{05F4F32E-7913-4C5E-8CF1-680512F4C1B4}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20947_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{060B68A2-0E87-49F3-9125-FCE78C64E83F}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{08B3BB07-C598-45AC-8F67-D52CD9608849}" = dir=out | name=sonicwall mobile connect | 
"{12C44774-64DF-4B86-ADE9-0D0B8E628997}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{14CC88BF-97AB-4BB8-A3B6-2671EF8053D1}" = dir=out | name=@{microsoft.bingsports_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{1714CB00-E0EC-4C0E-A5B2-A4CC580349B8}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{1BDD9F30-9B12-4D95-8DB6-86EA6B618AD6}" = dir=in | name=zinio | 
"{2103EFFD-E5FF-4539-A376-6530F74C82FD}" = dir=in | name=f5 vpn | 
"{256D89D0-97A9-49F7-97EE-457436FF9349}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{2964E4A7-4C21-460F-A479-08042CA954F5}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{2A911024-CAB5-4966-A72E-6545C2C0362F}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{2F44D823-B906-4CAC-BA0D-B205B9DE298F}" = dir=out | name=@{microsoft.bingtravel_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | 
"{33DEAE49-2FE2-4963-81FD-84201208848C}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{34AAFA3E-58E4-4CBA-BE68-9DCC62703344}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{34B635D0-D5D4-420F-A7CE-DA223C7A43FD}" = dir=in | name=sonicwall mobile connect | 
"{3AD01CD3-ADDD-4A42-8934-3646F1D93173}" = dir=out | name=check point vpn | 
"{3DDBC3D8-35F4-44F8-82F8-28DC5E291AE6}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{406AEF3F-13CA-48A2-A2EB-3D5A0AF58576}" = dir=in | name=juniper networks junos pulse | 
"{407EB8EA-8ACC-471D-9572-D4DB5537D539}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\sdd.exe | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{433B6A74-6EB5-435D-90F4-04D81FB54E8C}" = dir=out | name=windows_ie_ac_001 | 
"{43C7692C-66F3-4517-9321-44688429C520}" = dir=out | name=@{microsoft.bingfinance_2.0.0.300_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{52D8B427-DBDC-4CB9-82B9-46D29E9DEDD7}" = dir=out | name=cut the rope | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{561B2837-F244-4873-B07F-BE235E69CE59}" = dir=in | name=skype | 
"{56C08B18-57FA-4A5E-9765-B489999BA5B8}" = dir=out | name=@{microsoft.bingnews_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{57C684D4-69AD-4B4B-A0D1-F29AF0D78A16}" = dir=in | name=check point vpn | 
"{59E21C6C-E358-4462-8F28-AE5AD57FFAFC}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{5E1B99A0-5382-42F8-8967-1410F2F1622A}" = dir=out | name=zinio | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{600FDE3D-EBFE-4B39-BBFA-CD59A85FFE5F}" = dir=out | name=juniper networks junos pulse | 
"{61C9E022-FA77-46A3-8F9C-D8618C5BC2E2}" = dir=in | name=acer explorer | 
"{63865281-D5F5-4D38-8362-F138AC278D23}" = dir=out | name=tunein radio | 
"{640EDFA4-EF12-403C-828E-B14A6C01E212}" = dir=out | name=txtr ebooks | 
"{68992693-29CA-43B5-80AF-EF5CAEE9CA26}" = dir=in | name=onenote | 
"{7571F6E2-911B-4F71-832D-F4CA20EAA8A1}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{762BEE9E-2D67-4777-AA87-87BA6F0B8E8C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{79A02720-C531-4FC9-A2A3-E32C3CF74E98}" = dir=out | name=acer explorer | 
"{8039EE20-5698-4C20-9C5C-F5F1F62DE282}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{80BBF4C4-D90E-4463-A793-C7585FCB09DB}" = dir=out | name=onenote | 
"{8389E18C-FF1A-4106-921D-2CA803000037}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{85CC36FE-D8D5-41E7-A4BF-882D59D29CB3}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{89ECDC59-5605-4B33-BACE-DFAC4B41D44A}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{A160583C-A1BE-43F3-8FC1-C7D5E2EE9DBC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{A42E427F-552C-454A-8E75-863672EBA8BE}" = dir=out | name=@{microsoft.bingweather_3.0.4.337_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} | 
"{A51982E3-8677-4D7A-8315-4590C92BCC5E}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\virtualdrive.exe | 
"{A786D537-591C-4122-BC6A-0CA782F6CA20}" = dir=out | name=@{microsoft.zunemusic_2.6.672.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{A8D581C3-7CF7-4BFA-9D3D-9E00DEA41CF0}" = dir=in | name=music maker jam | 
"{A9398DBD-4C65-452C-B503-69C9FE158860}" = dir=out | name=skype | 
"{AC8A2880-75B7-4EEB-A4D3-7033FE198908}" = dir=out | name=@{microsoft.zunevideo_1.4.19.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{ACDFD2BA-B2CF-46FC-B66A-DC6D98D93D16}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe | 
"{B09DAD64-EE5A-4AD3-A7C8-08380673CC62}" = dir=out | name=newsxpresso | 
"{B1278B12-29BF-4307-97E0-49303009947F}" = dir=out | name=music maker jam | 
"{B34D8AE4-D8C7-4056-8112-932D213FD866}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe | 
"{B41A2AC4-5B49-4C64-B285-9CB1EB1548A3}" = dir=in | name=hp all-in-one printer remote | 
"{B5D04F1F-8B0A-4D24-AA27-C433C89F400B}" = dir=out | name=@{microsoft.bingnews_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | 
"{B86484D9-A867-4139-9961-56EAFC27D0F3}" = dir=out | name=the treasures of montezuma 3 | 
"{B8E62E7E-5B3E-495E-8B22-4F463E68BC43}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{B9344F86-3B5E-41EA-9D86-B5BD2DBA468A}" = dir=out | name=@{microsoft.zunevideo_2.6.446.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{BB8DF291-466C-48C9-8D7E-C03F42159DE8}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe | 
"{C1397DD8-2F9D-4D6E-AB4D-AC351C47A3D8}" = dir=in | app=c:\program files (x86)\dropbox\client\dropbox.exe | 
"{C716DE4F-70D5-454E-AABD-7A9B119AA02B}" = dir=out | name=@{microsoft.bingsports_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | 
"{C7C5B632-E33E-4356-8511-09866EEE7955}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\virtualdrive.exe | 
"{D14CD3F3-1679-4D9C-9C19-3E6EEC5326D6}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{D1710745-DC8F-4360-A03D-B3457B217AEB}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{D27C2C67-608D-4E0E-9378-992FA77258D0}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicatorcom.exe | 
"{D2811984-BF50-43EC-9E80-1E80C7576275}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{D309308A-4A28-4E1D-97C8-18234DAB58AD}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{D7501E89-045B-4D89-B6F1-AA40577F9D8F}" = dir=out | name=@{microsoft.bingweather_2.0.0.288_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{DA4F0212-6072-4934-8983-7B887EE2C4D3}" = dir=out | name=hp all-in-one printer remote | 
"{DAADAA74-9DFC-4A95-A18E-0A1221F46BF6}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\sdd.exe | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DE8330FA-41EF-4B00-B4E8-66E081C702A8}" = dir=out | name=@{microsoft.bingtravel_2.0.0.274_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{E31B11E3-ED46-4D1F-ABC6-99CA0BCEECA6}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{E4E88AC9-5F1B-4746-9F9A-F361F11ED675}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{E516554E-9791-4EF8-95D7-074D6818D569}" = dir=out | name=windows_ie_ac_001 | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E847B8AF-B8CE-4E2D-9F56-BE812C64A3B1}" = dir=out | name=windows_ie_ac_001 | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{F06AF458-FD6D-40E1-ABDB-7CD54101F76B}" = dir=out | name=@{microsoft.bingfinance_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | 
"{F3FF704B-9F51-489B-8D97-A6126EF8708A}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F68C1501-D77F-438B-BC31-4EFD1752D87A}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{F6D4B300-3739-4C79-A6B0-22404E964637}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{F79206ED-21DB-4990-8247-6DED8EE265B6}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{F92D8DEF-68F8-4B68-B9EC-B2E4FA11AD6A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{FAD818EB-9F50-4ACD-BBE7-3AFFD0ABE3F4}" = dir=out | name=weatherbug.a | 
"TCP Query User{0ED62260-935A-4DF0-A148-8A7554A45B8D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{20ECE248-417E-4173-A1FB-9D0FC6189327}C:\users\mag\downloads\teamviewerportable\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\mag\downloads\teamviewerportable\teamviewer.exe | 
"TCP Query User{992A5461-377B-4790-812C-8D55A75DD054}C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe | 
"UDP Query User{3D966FCE-0FF8-44EF-A741-2B3FA6CBB0E6}C:\users\mag\downloads\teamviewerportable\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\mag\downloads\teamviewerportable\teamviewer.exe | 
"UDP Query User{A2D4ACED-1F9E-44C0-9A97-89837E7C4D02}C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe | 
"UDP Query User{F96081B8-83EE-4C80-ADEF-E9182926A7D3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{180500C1-57BB-3AA8-8E55-DCD5ECD16537}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client
"{45BBA5DD-7F9F-AE62-7799-F85C96FD34EF}" = ccc-utility64
"{48DF59F8-2ACD-4F1F-87F3-D820FE7A6178}" = HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät
"{4B3EF5E6-9A2C-0A1B-C61C-B1FD444B84BC}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5C76ED0D-0F6F-4985-8B34-F9AE7834848F}" = HP Unified IO
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67AA948F-8D83-4566-B84A-7CAABCF64E3F}" = Broadcom Card Reader Driver Installer
"{6BF02415-70FD-A0AF-C9BF-9B05AC8FBA91}" = AMD Accelerated Video Transcoding
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}" = Acer Launch Manager
"{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}" = Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten
"{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}" = Broadcom NetLink Controller
"{E3CA751C-E133-0BF1-3151-7A6D3FB88015}" = AMD Catalyst Install Manager
"{E7ACB435-E0B4-4770-77DE-ED38887CD133}" = AMD Fuel
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1" = Authorizer 2.9.0d5
"CCleaner" = CCleaner
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"Reason8.0Stable_64_is1" = Reason 8 8.3.2d7
"Sandboxie" = Sandboxie 5.06 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039BC111-3B00-B8C5-E02C-0CA1440A9469}_is1" = SuperEasy Audio Converter 2 v.2.1.3063
"{04973ECC-476F-CE5A-247E-47E04D00941B}" = CCC Help Chinese Traditional
"{070232F8-068B-1FF6-B5C4-F8F38E09C7E1}" = CCC Help Turkish
"{099218A5-A723-43DC-8DB5-6173656A1E94}" = Dropbox Update Helper
"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
"{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher
"{104DE091-6C4F-C5A9-F619-5D6C965A0296}" = CCC Help Chinese Traditional
"{11C007CB-AD6B-4898-A6AF-BCCE6C2EF5B9}" = Nero WaveEditor
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}" = Google Drive
"{1D30EA2E-5341-493E-8D71-0EED788B6CD9}" = Nero WaveEditor Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCC073B-CC01-4443-AD20-E559F66E6E83}" = Office Addin 2003
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{24EC20E9-E55D-2438-7EFB-EBDE180463B5}" = CCC Help Portuguese
"{25A3B953-1423-3F15-640E-B620DD0F419A}" = Catalyst Control Center - Branding
"{268949A6-DDCD-CFE5-BE95-7347AC66709C}" = CCC Help Korean
"{26A24AE4-039D-4CA4-87B4-2F83218065F0}" = Java 8 Update 65
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WLAN and Bluetooth Client Installation Program
"{285C9F30-3BF8-697B-BD1D-353435E94B78}" = CCC Help Hungarian
"{29967A7C-6E18-91CD-BBE4-9C09F401E950}" = CCC Help Italian
"{2E302F5E-9C1C-CF99-D788-E4D3D707A0AD}" = CCC Help Chinese Standard
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{33BE5D36-1822-1B12-54A4-1CD01656B422}" = CCC Help Polish
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" =  clear.fi SDK- Movie 2
"{3886CE18-322D-B7B8-F162-A96620DC4B47}" = Catalyst Control Center
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3C5FB6E7-DFAA-1E8D-6FEB-4B1CB8BF8F04}" = CCC Help Finnish
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3DBFC71A-D5F9-7A39-9C07-0FEB041824CB}" = CCC Help Japanese
"{427B5B6C-7953-78D5-8A63-E113C848C9F5}" = CCC Help Danish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}" = Nero BackItUp 12 Essentials OEM.a01
"{53DB1E4D-74B6-2C04-0A2B-3D3E0DC20D63}" = CCC Help Norwegian
"{54D05374-2428-7BE0-58CD-CE8031163DE6}" = CCC Help Russian
"{5785302F-570A-6D2C-E61B-E808A144102D}" = Catalyst Control Center Profiles Mobile
"{585D1F10-5802-4A6C-BBEA-89814239C84A}" = Catalyst Control Center - Branding
"{593F5702-AB44-F64D-2F45-1F37CDEA01B8}" = CCC Help Greek
"{5b07d59f-99e0-4c52-ad25-965f7e38d6ac}" = Avira Launcher
"{5C6AFE98-08BF-086A-300D-18F77D284966}" = CCC Help Swedish
"{5C757800-27E8-2AE3-889A-8B959AE689F8}" = CCC Help Japanese
"{5D2B5E19-C333-4519-3D32-AAB8EEE9ACA4}" = AMD Catalyst Control Center
"{5D3EC645-B957-36A1-068A-FE8450963669}" = CCC Help Spanish
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{61B90A4D-8CC9-2FED-2495-AC8C9467C984}" = CCC Help Norwegian
"{62A87765-B535-FBCC-4743-45E7CF9F9810}" = CCC Help Swedish
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{652F176B-E10A-38BF-0B12-AFC52A17E56D}" = CCC Help Czech
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{78545512-1F84-4357-8A9A-D94D9C3CE4FA}" = HP Support Solutions Framework
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7C5B13DA-6A68-86C7-ED29-610CA0F49555}" = CCC Help French
"{80680785-2EE1-053F-9CD3-4B2C904596EE}" = Catalyst Control Center InstallProxy
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85EBE536-24B8-4B5A-D6E9-FC34A7C52B39}" = CCC Help Spanish
"{8649C9CA-1F41-11E9-0F1E-DD494443A7F0}" = CCC Help Italian
"{86E0DAF6-D3E4-ED45-908F-41EE680CCF0C}" = CCC Help German
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8F6ABAF5-4B5D-78CF-FD6A-7EEDC71E74F2}" = Catalyst Control Center Localization All
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{95B8F519-8C35-9010-A63C-51B3E0EE8D4E}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D67E683-1144-4C0C-A9F3-5171F7678FF3}" = Avira Launcher
"{9D9F2DBE-3319-9844-2EDE-0DF98E832E8C}" = CCC Help Hungarian
"{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Hilfe
"{A2D43081-CF7B-4637-A9F3-E2651AA5C4A8}" = Nero RescueAgent
"{A3806AB7-AB46-7672-A825-F9AE0DE6910A}" = CCC Help Finnish
"{A46EBB0F-F784-E1CA-A97C-70E02C575057}" = CCC Help Thai
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud Portal
"{AB96AFC8-CC8C-46DA-F710-FE3C6B26E137}" = CCC Help French
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AF87F2CA-71AA-9786-C8D9-3C38244E53DA}" = CCC Help Russian
"{B079957C-3276-4B9F-DB08-D1CA8C090D9E}" = CCC Help Greek
"{B12BE177-DC00-5746-3AB9-91CD090AF555}" = Catalyst Control Center Localization All
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B5A89E67-E8D0-70E8-6634-EE3554FD6353}" = CCC Help Dutch
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}" = HPDiagnosticAlert
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B791E0AB-87A9-41A4-8D98-D13C2E37D928}" = Nero Info
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{BEDC9772-10E8-4BBA-9048-CD78CD93BF38}" = PDF Architect 3 View Module
"{BF5509A0-250A-25EA-0C19-61505E9EBA13}" = CCC Help Chinese Standard
"{C4EE2BA3-EEA5-9650-86E0-0405ECA5C22C}" = CCC Help Thai
"{C69EA753-0D3F-E48B-8C98-7F6310DC29B8}" = CCC Help German
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{CDFE8F95-F80F-4115-9C3F-0E1FD8F9F58C}" = Nero ControlCenter Help (CHM)
"{D2C51AA1-77F3-5D86-114C-20DEBB3425DE}" = CCC Help English
"{D4073D4E-4338-90DD-F2A2-E184826C5539}" = CCC Help Turkish
"{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp
"{DF47AB90-FB92-42F4-926E-1C4FF16029E7}" = Boxcryptor Classic 1.7
"{E9397ACE-64E3-49EA-98B0-F787F0637029}" = PDF Architect 3 Edit Module
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EB766D4A-C56C-946D-F74D-43C78FE4521E}" = CCC Help Korean
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" =  clear.fi SDK - Video 2
"{ECA361B3-855E-EEAB-C4E9-FFA6F25A4DF4}" = OEM Application Profile
"{ED0D7699-1943-0C29-7465-6530F8DE2DA2}" = CCC Help Polish
"{EDA5BB56-AAF4-6889-AD8E-E25A17BD140B}" = CCC Help Czech
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{EE430B59-A026-4C96-8906-E4C05B7FCC37}" = Nero WaveEditor
"{EEF14371-2D24-5A2D-0EF2-22010DB4CFA6}" = CCC Help Danish
"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1390872-2500-4408-A46C-CD16C960C661}" = HP Unified IO
"{F1642ACD-1F50-FCC2-BDA6-C83762316958}" = PX Profile Update
"{F2401C6F-8A6E-17B4-F550-3C54FAC8A5E8}" = Catalyst Control Center InstallProxy
"{FAB06EA0-4907-47CE-B002-4EEFA36F806D}" = PDF Architect 3 Create Module
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FDD69799-37B2-9ACE-F70C-ABD1F96FD04C}" = CCC Help Portuguese
"{FDF2FE33-426D-45C2-4E70-76C162F1B790}" = CCC Help English
"4K Video Downloader_is1" = 4K Video Downloader 3.6
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"Avira Antivirus" = Avira Antivirus
"Click2Music" = Click2Music
"Dropbox" = Dropbox
"DYMO Label v.8" = DYMO Label v.8
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"IObit_StartMenu8_is1" = Start Menu 8
"Line 6 Uninstaller" = Line 6 Uninstaller
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.2.0.1024
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Paperless Converter_is1" = Paperless Converter version 9.07
"Paperless Printer_is1" = Paperless Printer version 6.0.0.1
"PDF Architect 3" = PDF Architect 3
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WUCCCApp" = Catalyst Control Center
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = f.lux
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.12.2015 15:47:53 | Computer Name = KanockelHoppel | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: delegate_execute.exe, Version: 47.0.2526.80,
 Zeitstempel: 0x5661e826  Name des fehlerhaften Moduls: delegate_execute.exe, Version:
 47.0.2526.80, Zeitstempel: 0x5661e826  Ausnahmecode: 0x80000003  Fehleroffset: 0x00007f81
ID
 des fehlerhaften Prozesses: 0xdd8  Startzeit der fehlerhaften Anwendung: 0x01d132ba7d67b26c
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\delegate_execute.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\delegate_execute.exe
Berichtskennung:
 bbb8c115-9ead-11e5-bf14-201a0671fff5  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 09.12.2015 16:28:57 | Computer Name = KanockelHoppel | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 10.12.2015 16:16:31 | Computer Name = KanockelHoppel | Source = Windows Search Service | ID = 3079
Description = 
 
Error - 10.12.2015 16:39:10 | Computer Name = KanockelHoppel | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 11.12.2015 16:20:48 | Computer Name = KanockelHoppel | Source = Windows Search Service | ID = 3079
Description = 
 
Error - 11.12.2015 16:49:30 | Computer Name = KanockelHoppel | Source = Microsoft-Windows-LocationProvider | ID = 2006
Description = There was an error with the Windows Location Provider database
 
Error - 13.12.2015 08:19:21 | Computer Name = KanockelHoppel | Source = Windows Search Service | ID = 3079
Description = 
 
Error - 13.12.2015 09:10:45 | Computer Name = KanockelHoppel | Source = Application Hang | ID = 1002
Description = Programm acmsetup.exe, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 13e8    Startzeit:
 01d135a6739aa026    Endzeit: 0    Anwendungspfad: Z:\~MSSETUP.T\tmp.t\acmsetup.exe    Berichts-ID:
 e7ac2a12-a19a-11e5-bf17-201a0671fff5    Vollständiger Name des fehlerhaften Pakets:
     Anwendungs-ID, die relativ zum fehlerhaften Paket ist:   
 
Error - 13.12.2015 09:13:39 | Computer Name = KanockelHoppel | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 13.12.2015 14:56:49 | Computer Name = KanockelHoppel | Source = Windows Search Service | ID = 3079
Description = 
 
[ System Events ]
Error - 13.12.2015 08:15:42 | Computer Name = KanockelHoppel | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Spybot-S&D 2 Scanner Service erreicht.
 
Error - 13.12.2015 08:15:42 | Computer Name = KanockelHoppel | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 13.12.2015 12:23:56 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016
Description = 
 
Error - 13.12.2015 12:23:56 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016
Description = 
 
Error - 13.12.2015 12:23:56 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016
Description = 
 
Error - 13.12.2015 12:23:56 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016
Description = 
 
Error - 13.12.2015 12:23:57 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016
Description = 
 
Error - 13.12.2015 12:23:57 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016
Description = 
 
Error - 13.12.2015 12:23:57 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016
Description = 
 
Error - 13.12.2015 12:23:57 | Computer Name = KanockelHoppel | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
__________________


Alt 13.12.2015, 20:44   #3
blubbblabb
 
Webseiten werden geöffnet - Standard

Webseiten werden geöffnet



Und die OTL.txt-File
Code:
ATTFilter
OTL logfile created on: 13.12.2015 20:14:52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MaG\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18125)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 3,07 Gb Available Physical Memory | 38,89% Memory free
9,13 Gb Paging File | 4,28 Gb Available in Paging File | 46,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 681,75 Gb Total Space | 521,91 Gb Free Space | 76,55% Space Free | Partition Type: NTFS
Drive Z: | 681,75 Gb Total Space | 521,91 Gb Free Space | 76,55% Space Free | Partition Type: FAT32
 
Computer Name: KANOCKELHOPPEL | User Name: MaG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\MaG\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe (IObit)
PRC - C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\IObit\Classic Start\StartMenu_Hook.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Classic Start\SMService.exe (IObit)
PRC - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation)
PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes)
PRC - C:\Program Files (x86)\PDF Architect 3\creator-ws.exe (pdfforge GmbH)
PRC - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe (Secomba GmbH)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Users\MaG\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._core_.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._controls_.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._windows_.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._gdi_.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._misc_.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\unicodedata.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\pysqlite2._sqlite.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\windows._lib_cacheinvalidation.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\pythoncom27.dll ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32com.shell.shell.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32gui.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\pyexpat.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._wizard.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32file.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32security.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32api.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\usb_ext.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._animate.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._html2.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32inet.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32process.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32pdh.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32pipe.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32ts.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32event.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\thumbnails_ext.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32profile.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32crypt.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\select.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_ssl.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_hashlib.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_elementtree.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\pywintypes27.dll ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_ctypes.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_socket.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_psutil_windows.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_multiprocessing.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\_yappi.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\common.time34.pyd ()
MOD - C:\Users\MaG\AppData\Local\Temp\_MEI46882\hashobjs_ext.pyd ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\173a22546b0edc901297108f25229d5e\System.IdentityModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\bdec9c7688afbbb0209e3a43dcde5079\System.Data.Linq.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\d6180cfaac57962ca62186c1151b5f7f\System.ServiceModel.Internals.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\780d94e5d6c1620ed4556ed4d6586007\System.Numerics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\fbb07ef2f687508f75bfeacd97f2453b\SMDiagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\c9a7382a4f3e988b25ec829e08e118fd\System.ComponentModel.Composition.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fbcc841985004e93985727bbcc8abb0b\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\6ea7a7e4e486dea084e6b14dd1fd765e\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\5c44c09f1895981c038cacfbda28fdbd\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\9a349fb029581f4752d2c6cfcfeab816\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\ca77cfc1da7241e2dd280b446dc7b92b\System.Xml.Linq.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d626184834dde3f4906aff139d4e5bbf\System.Xaml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\4ee7f7e41d916e3f4ffa520ff42bdbd4\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f96edd5482f69d76e661cb0e279c25f6\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\673e962beaf835de9a3660ea255d2a5e\System.ServiceModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\7d61ab80c44108150bad37e8d916e220\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\fadd99ca6318632b3f3d4f31eb91db7a\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c98b70fea45b348a5283fad4dfa4b220\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\e3abc4d3f7fef760d13bf957613960cb\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\d9961946cc4b6fb67e19cd2f8ce90a76\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\e09d73263866a3b0472fd3a4d9aaccae\PresentationFramework.Aero2.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\2f55a37d0019f1ae3660755f160d73da\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\8cb954738fb5d385430c075e24483e71\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\579202ba970d73dae32cc3a5c68af8e2\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\257fa713928375c0ac9b9f24904e988f\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\1a6b5095c4416a37f9ca4cf4436d1311\System.ni.dll ()
MOD - C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\fastpath.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.dll ()
MOD - C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\wtsapi32.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9b1531097c798aa059b87e8bff3f5591\System.Windows.Forms.ni.dll ()
MOD - C:\Program Files (x86)\IObit\Classic Start\sqlite3.dll ()
MOD - C:\Program Files (x86)\IObit\Classic Start\ProductStatistics.dll ()
MOD - C:\Program Files (x86)\IObit\Classic Start\parseAuto.dll ()
MOD - C:\Program Files (x86)\IObit\Classic Start\madexcept_.bpl ()
MOD - C:\Program Files (x86)\IObit\Classic Start\madbasic_.bpl ()
MOD - C:\Program Files (x86)\IObit\Classic Start\maddisAsm_.bpl ()
MOD - C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll ()
MOD - C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll ()
MOD - C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll ()
MOD - C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll ()
MOD - C:\Program Files (x86)\Dropbox\Client\librsync.dll ()
MOD - C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32service.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32ts.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32security.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32process.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32profile.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32gui.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32file.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32event.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32api.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\sip.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\select.pyd ()
MOD - C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll ()
MOD - C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\159c1674c74e3372bda64afddf88cb3b\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ee6d89830b1aea077e5fc12fb95df6a0\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\035d2a25a1bf16475e1bbc0a112b3388\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\49201f5658aca21352debffb85ff41df\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4976746d2f27ea6b60301a84d6c3e4be\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\5bd3374f05d46ba0563f44d032209f08\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\d03a3ddcd6a395878751c5e90fa16915\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll ()
MOD - C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:64bit: - (igfxCUIService1.0.0.0) -- C:\Windows\SysNative\igfxCUIService.exe (Intel Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (BthHFSrv) -- C:\Windows\SysNative\BthHFSrv.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Avira.ServiceHost) -- C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG)
SRV - (SMService) -- C:\Program Files (x86)\IObit\Classic Start\SMService.exe (IObit)
SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC)
SRV - (MBAMService) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes)
SRV - (PDF Architect 3) -- C:\Program Files (x86)\PDF Architect 3\ws.exe (pdfforge GmbH)
SRV - (PDF Architect 3 Creator) -- C:\Program Files (x86)\PDF Architect 3\creator-ws.exe (pdfforge GmbH)
SRV - (PDF Architect 3 CrashHandler) -- C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe (pdfforge GmbH)
SRV - (dbupdatem) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
SRV - (dbupdate) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
SRV - (HPSupportSolutionsFrameworkService) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Company)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (PrintNotify) -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Windows (R) Win 7 DDK provider)
SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (LMSvc) -- C:\Programme\Acer\Acer Launch Manager\LMSvc.exe (Acer Incorporate)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (CCDMonitorService) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (DymoPnpService) -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avnetflt) -- C:\Windows\SysNative\drivers\avnetflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (SEE) -- C:\Windows\SysNative\drivers\see.sys (SoftEther Corporation)
DRV:64bit: - (Neo_VPN) -- C:\Windows\SysNative\drivers\Neo_VPN.sys (SoftEther Corporation)
DRV:64bit: - (VBoxNetLwf) -- C:\Windows\SysNative\drivers\VBoxNetLwf.sys (Oracle Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp6.sys (Oracle Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (Wof) -- C:\WINDOWS\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (cbfs4) -- C:\Windows\SysNative\drivers\cbfs4.sys (EldoS Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Qualcomm Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Qualcomm Atheros)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (LMDriver) -- C:\Windows\SysNative\drivers\LMDriver.sys (Acer Incorporated)
DRV:64bit: - (RadioShim) -- C:\Windows\SysNative\drivers\RadioShim.sys (Acer Incorporated)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (Sandboxie Holdings, LLC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{38AFC276-312F-43FF-A52A-7DA86F63BC34}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
IE:64bit: - HKLM\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{38AFC276-312F-43FF-A52A-7DA86F63BC34}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
IE - HKLM\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {38AFC276-312F-43FF-A52A-7DA86F63BC34}
IE - HKCU\..\SearchScopes\{38AFC276-312F-43FF-A52A-7DA86F63BC34}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.65.2: C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\PDF Architect 3: C:\Program Files (x86)\PDF Architect 3\np-previewer.dll (pdfforge GmbH)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\pdf_architect_3_conv@pdfarchitect.org: C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension\ [2015.09.26 12:23:29 | 000,000,000 | ---D | M]
 
[2015.11.29 19:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MaG\AppData\Roaming\mozilla\Firefox\Profiles\GWy82fZH.default\extensions
[2015.11.29 19:54:10 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\MaG\AppData\Roaming\mozilla\Firefox\Profiles\GWy82fZH.default\extensions\abs@avira.com
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.7.0_0\
CHR - Extension: No name found = C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_1\
CHR - Extension: No name found = C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_1\
 
O1 HOSTS File: ([2015.10.25 06:17:49 | 000,450,831 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 15473 more lines...
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (PDF Architect 3 Helper) - {06E08260-0695-4EC1-A74B-1310D8899D93} - C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll (pdfforge GmbH)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect 3 Toolbar) - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll (pdfforge GmbH)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira SystrayStartTrigger] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dropbox] C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [BoxcryptorClassic.exe] C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe (Secomba GmbH)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [DymoQuickPrint] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)
O4 - HKCU..\Run: [f.lux] C:\Users\MaG\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [HP Deskjet 3070 B611 series (NET)] C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - HKCU..\Run: [SpybotPostWindows10UpgradeReInstall] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" (Atheros Communications)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableFirstLogonAnimation = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisplayLastLogonInfo = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPreviewPane = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinkeys = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC547890-78E3-4C07-AE37-F747FD513F4C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: EldosMountNotificator-cbfs4 - {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - C:\Windows\SysNative\cbfsMntNtf4.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator-cbfs4 - {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - Virtual Storage Mount Notification - C:\Windows\SysNative\cbfsMntNtf4.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015.10.22 21:36:52 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2034.10.18 01:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2015.12.13 14:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 6.0
[2015.12.13 14:03:34 | 000,145,360 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WEBPOST.DLL
[2015.12.13 14:03:34 | 000,121,984 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CRSWPP.DLL
[2015.12.13 14:03:34 | 000,112,064 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WPWIZDLL.DLL
[2015.12.13 14:03:34 | 000,099,008 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\POSTWPP.DLL
[2015.12.13 14:03:34 | 000,098,960 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FTPWPP.DLL
[2015.12.13 14:03:34 | 000,093,456 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FPWPP.DLL
[2015.12.13 14:03:34 | 000,050,816 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PIPARSE.DLL
[2015.12.13 14:03:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Publish
[2015.12.13 14:03:34 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Web Publishing
[2015.12.13 14:03:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2015.12.13 14:02:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2015.12.13 13:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
[2015.12.11 21:48:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\AutoKMS
[2015.12.09 20:51:00 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysWow64\GWX
[2015.12.09 20:51:00 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysNative\GWX
[2015.12.08 21:14:07 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rmcast.sys
[2015.12.08 21:12:23 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2015.12.08 21:12:23 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015.12.08 21:12:21 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2015.12.08 21:12:20 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2015.12.08 21:12:19 | 005,923,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015.12.08 21:12:19 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2015.12.08 21:12:10 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2015.12.08 21:11:57 | 000,718,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2015.12.08 21:11:56 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll
[2015.12.08 21:11:56 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll
[2015.12.08 21:11:54 | 002,123,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2015.12.08 21:11:53 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2015.12.08 21:11:51 | 002,880,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2015.12.08 21:11:51 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll
[2015.12.08 21:11:51 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iepeers.dll
[2015.12.08 21:11:51 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll
[2015.12.08 21:11:51 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2015.12.08 21:11:51 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll
[2015.12.08 21:11:27 | 001,200,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2015.12.08 21:11:26 | 000,868,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2015.12.08 21:11:24 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GlobCollationHost.dll
[2015.12.08 21:11:24 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GlobCollationHost.dll
[2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdgeoqw.dll
[2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kbdgeoqw.dll
[2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZST.DLL
[2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZST.DLL
[2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZEL.DLL
[2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZEL.DLL
[2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAZE.DLL
[2015.12.08 21:11:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KBDAZE.DLL
[2015.12.08 21:11:21 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpapisrv.dll
[2015.12.08 21:11:20 | 007,455,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2015.12.08 21:11:20 | 001,735,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2015.12.08 21:11:20 | 001,487,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2015.12.08 21:11:20 | 001,355,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2015.12.08 21:11:19 | 001,706,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comsvcs.dll
[2015.12.08 21:11:19 | 001,659,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2015.12.08 21:11:19 | 001,519,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2015.12.08 21:11:19 | 001,344,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll
[2015.12.08 21:11:19 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\catsrvut.dll
[2015.12.08 21:11:19 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll
[2015.12.08 21:11:19 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntvdm64.dll
[2015.12.08 21:11:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ntvdm64.dll
[2015.12.08 21:11:16 | 001,994,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll
[2015.12.08 21:11:16 | 001,753,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2015.12.08 21:11:16 | 001,540,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\user32.dll
[2015.12.08 21:11:16 | 001,490,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2015.12.08 21:11:15 | 001,385,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll
[2015.12.08 21:11:01 | 002,243,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2015.12.08 21:11:01 | 000,897,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2015.12.08 21:11:01 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2015.12.08 21:11:01 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2015.12.08 21:11:01 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll
[2015.12.08 21:11:01 | 000,136,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2015.12.08 21:11:01 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll
[2015.12.08 21:11:01 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2015.12.08 21:11:01 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2015.12.08 21:11:01 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups2.dll
[2015.12.08 21:11:01 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe
[2015.12.08 21:11:01 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe
[2015.12.08 21:11:00 | 002,775,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2015.12.08 21:11:00 | 002,462,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2015.12.08 21:10:59 | 000,572,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winlogon.exe
[2015.12.08 21:10:59 | 000,468,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2015.12.08 21:10:59 | 000,443,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usbport.sys
[2015.12.08 21:10:59 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wininit.exe
[2015.12.08 21:10:59 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PCPKsp.dll
[2015.12.08 21:10:59 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PCPKsp.dll
[2015.12.08 21:10:59 | 000,027,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usbd.sys
[2015.12.07 20:45:06 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\TeamViewer
[2015.11.29 19:54:17 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\Avira
[2015.11.29 19:54:10 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\Mozilla
[2015.11.29 19:52:45 | 000,146,696 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys
[2015.11.29 19:52:45 | 000,135,880 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys
[2015.11.29 19:52:45 | 000,073,032 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys
[2015.11.29 19:52:45 | 000,035,488 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys
[2015.11.29 19:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2015.11.29 19:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2015.11.29 19:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2015.11.29 19:23:34 | 000,029,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aspnet_counters.dll
[2015.11.29 19:23:33 | 000,028,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aspnet_counters.dll
[2015.11.25 21:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
[2015.11.23 21:31:59 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015.11.23 21:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2015.11.23 21:31:43 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2015.11.23 21:31:43 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2015.11.23 21:31:43 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2015.11.23 21:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2015.11.23 21:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015.11.23 21:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\{BBC32A4C-2E5E-4FC6-8C4F-DFFC9141B6B9}
[2015.11.23 21:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\{162B2171-A3DE-46CF-BB3A-8120224EDFC9}
[2015.11.16 21:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\{89F7B217-4B45-4E13-A7C6-197DB94C2A4E}
[2015.11.16 21:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\{6122987E-0DC3-4CF4-A864-B6228ED61460}
[2015.11.15 17:41:19 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\freac
[2015.11.15 17:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter
[2015.11.15 17:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\freac
[2015.11.15 17:03:48 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Roaming\SuperEasy Software
[2015.11.15 17:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software
[2015.11.15 17:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SuperEasy Software
[2015.11.15 17:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HDX4
[2015.11.15 17:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperEasy Software
[2015.11.15 17:00:38 | 000,000,000 | ---D | C] -- C:\Users\MaG\AppData\Local\CrashDumps
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2021.10.21 14:36:56 | 000,000,852 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\RTKHDRC.dat
[2021.10.04 08:34:42 | 000,000,712 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\RTMICEQ0.dat
[2015.12.13 20:07:33 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2015.12.13 20:00:54 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015.12.13 19:54:42 | 000,001,974 | ---- | M] () -- C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk
[2015.12.13 19:54:41 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015.12.13 19:54:12 | 000,001,144 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015.12.13 19:52:30 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015.12.13 18:01:09 | 000,001,138 | ---- | M] () -- C:\WINDOWS\SysWow64\InstallUtil.InstallLog
[2015.12.13 14:03:36 | 000,000,535 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2015.12.13 14:03:36 | 000,000,288 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2015.12.13 14:01:59 | 000,143,300 | ---- | M] () -- C:\WINDOWS\vssetup.ttf
[2015.12.13 14:01:59 | 000,001,409 | ---- | M] () -- C:\WINDOWS\vssetup.for
[2015.12.13 13:23:05 | 001,785,582 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015.12.13 13:23:05 | 000,769,092 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat
[2015.12.13 13:23:05 | 000,725,380 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015.12.13 13:23:05 | 000,160,376 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat
[2015.12.13 13:23:05 | 000,136,436 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015.12.10 21:11:50 | 000,495,520 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2015.12.08 21:03:41 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015.12.07 20:49:29 | 000,001,481 | ---- | M] () -- C:\Users\MaG\Desktop\TeamViewer.exe - Verknüpfung.lnk
[2015.12.07 20:39:24 | 000,001,580 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2015.12.02 21:09:54 | 000,146,696 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys
[2015.12.02 21:09:54 | 000,135,880 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys
[2015.12.02 21:09:54 | 000,073,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys
[2015.12.02 21:09:54 | 000,035,488 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys
[2015.12.01 18:19:27 | 000,826,872 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2015.12.01 18:19:27 | 000,176,632 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2015.11.24 06:29:51 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015.11.23 21:31:48 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2015.11.22 07:59:22 | 001,735,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2015.11.22 07:59:22 | 001,659,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2015.11.22 07:59:22 | 001,519,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2015.11.22 07:59:22 | 001,487,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2015.11.22 07:59:22 | 001,355,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2015.11.22 07:59:17 | 007,455,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2015.11.21 19:32:33 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntvdm64.dll
[2015.11.21 18:50:31 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ntvdm64.dll
[2015.11.21 17:59:56 | 001,706,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comsvcs.dll
[2015.11.21 17:49:44 | 001,344,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll
[2015.11.21 17:47:09 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\catsrvut.dll
[2015.11.21 17:40:31 | 000,414,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll
[2015.11.21 07:45:33 | 000,001,542 | ---- | M] () -- C:\WINDOWS\SysNative\.crusader
[2015.11.20 23:47:40 | 000,136,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2015.11.20 19:18:57 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups2.dll
[2015.11.20 17:47:36 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe
[2015.11.20 17:46:51 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll
[2015.11.20 17:44:35 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2015.11.20 17:44:05 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2015.11.20 17:43:05 | 000,897,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2015.11.20 17:42:20 | 002,243,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2015.11.20 17:30:10 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe
[2015.11.20 17:29:43 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll
[2015.11.20 17:28:06 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2015.11.20 17:27:42 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2015.11.15 17:41:05 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\freac - free audio converter.lnk
[2015.11.15 17:03:39 | 000,001,375 | ---- | M] () -- C:\Users\Public\Desktop\Audio Converter 2.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015.12.13 14:03:36 | 000,000,535 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2015.12.13 14:03:36 | 000,000,288 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2015.12.13 14:01:59 | 000,143,300 | ---- | C] () -- C:\WINDOWS\vssetup.ttf
[2015.12.13 14:01:59 | 000,001,409 | ---- | C] () -- C:\WINDOWS\vssetup.for
[2015.12.07 20:49:29 | 000,001,481 | ---- | C] () -- C:\Users\MaG\Desktop\TeamViewer.exe - Verknüpfung.lnk
[2015.12.05 17:55:41 | 000,001,148 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015.12.05 17:55:40 | 000,001,144 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015.11.29 19:54:29 | 000,001,138 | ---- | C] () -- C:\WINDOWS\SysWow64\InstallUtil.InstallLog
[2015.11.23 21:31:48 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2015.11.15 17:41:05 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\freac - free audio converter.lnk
[2015.11.15 17:03:39 | 000,001,375 | ---- | C] () -- C:\Users\Public\Desktop\Audio Converter 2.lnk
[2015.11.03 09:36:37 | 000,001,580 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2015.11.02 15:23:00 | 000,004,096 | -H-- | C] () -- C:\Users\MaG\AppData\Local\keyfile3.drm
[2015.09.26 12:17:33 | 000,000,740 | ---- | C] () -- C:\Users\MaG\AppData\Local\recently-used.xbel
[2015.09.22 19:49:10 | 000,000,362 | ---- | C] () -- C:\Users\MaG\AppData\Local\hpiDp.vbs
[2015.09.19 19:49:10 | 000,000,362 | ---- | C] () -- C:\Users\MaG\AppData\Local\t4t5KB.vbs
[2015.08.23 09:46:40 | 000,000,362 | ---- | C] () -- C:\Users\MaG\AppData\Local\boukZ.vbs
[2015.08.23 07:48:56 | 000,000,516 | ---- | C] () -- C:\Users\MaG\AppData\Local\7o5cj3r.vbs
[2015.08.16 21:11:26 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015.08.08 19:35:05 | 000,000,516 | ---- | C] () -- C:\Users\MaG\AppData\Local\6U3x63w.vbs
[2015.08.08 19:24:22 | 003,531,374 | ---- | C] () -- C:\Users\MaG\AppData\Local\curl.zip
[2015.07.19 21:19:43 | 000,000,396 | ---- | C] () -- C:\Users\MaG\AppData\Local\G0rg5H.vbs
[2015.07.18 20:48:03 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2015.07.18 19:07:27 | 001,774,862 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2015.03.19 20:01:54 | 000,187,904 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2015.03.19 20:01:48 | 017,289,048 | ---- | C] () -- C:\WINDOWS\SysWow64\igd11dxva32.dll
[2014.11.21 05:05:31 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2014.11.21 05:03:37 | 000,107,008 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014.11.21 04:42:28 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014.07.21 21:04:58 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2014.07.21 21:04:58 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2014.07.21 21:04:46 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2014.07.21 21:04:04 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2014.07.21 21:04:04 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2014.07.21 21:03:42 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2014.02.11 22:40:42 | 000,000,217 | ---- | C] () -- C:\Users\MaG\.swfinfo
 
========== ZeroAccess Check ==========
 
[2015.11.15 17:07:24 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015.08.27 03:43:09 | 022,372,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015.08.27 03:42:51 | 019,795,904 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014.11.21 05:03:53 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014.11.21 05:05:05 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014.11.21 05:03:52 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\MaG\OneDrive:ms-properties
@Alternate Data Stream - 220 bytes -> C:\Users\MaG\OneDrive.old:ms-properties

< End of report >
         
ich muss aber gestehen, dass ich mit OTL noch nicht gearbeitet habe - da brauche ich Hilfe
malwarebyte hat folgendes erbracht
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 13.12.2015
Suchlaufzeit: 20:09
Protokolldatei: 
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2015.12.13.04
Rootkit-Datenbank: v2015.12.07.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: MaG

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 413893
Abgelaufene Zeit: 24 Min., 52 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 6
PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\APPID\DPBHO.DLL, , [18802a7a94f7b086ef59f70c5fa58a76], 
PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\DPBHO.DLL, , [2c6c782c3952072f0d3b679cc63e47b9], 
PUP.Optional.Fxplorer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Urla1, , [c2d6dfc5b8d3bb7b9c0c52b0887cfc04], 
PUP.Optional.Fxplorer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Urla2, , [bfd920845d2ed66075339d6546be18e8], 
PUP.Optional.Fxplorer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Urla3, , [1f796e3622694fe7891f14eed034d52b], 
PUP.Optional.DownloadProtect, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\DPBHO.DLL, , [99ff4a5ab2d9a6900a3e33d08084db25], 

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 4
PUP.Optional.DownloadProtect, C:\Program Files (x86)\{89F7B217-4B45-4E13-A7C6-197DB94C2A4E}, , [52462d7743484bebab33c6e54cb837c9], 
PUP.Optional.DownloadProtect, C:\Program Files (x86)\{BBC32A4C-2E5E-4FC6-8C4F-DFFC9141B6B9}, , [bade6b39c7c423136e700ba037cd9e62], 
PUP.Optional.DownloadProtect, C:\Program Files\{162B2171-A3DE-46CF-BB3A-8120224EDFC9}, , [fc9c782c256683b37e6072398a7a1ce4], 
PUP.Optional.DownloadProtect, C:\Program Files\{6122987E-0DC3-4CF4-A864-B6228ED61460}, , [fa9e485c17749e98815d614a897b0af6], 

Dateien: 11
PUP.Optional.Fxplorer, C:\Windows\System32\Tasks\Urla1, , [4a4ea400098295a13d690af819eb6a96], 
PUP.Optional.Fxplorer, C:\Windows\System32\Tasks\Urla2, , [a9ef881cacdffb3bc2e49a6824e0dd23], 
PUP.Optional.Fxplorer, C:\Windows\System32\Tasks\Urla3, , [28700c989af1b482763010f2fd07b848], 
PUP.Optional.DownloadProtect, C:\Program Files (x86)\{89F7B217-4B45-4E13-A7C6-197DB94C2A4E}\config.json, , [52462d7743484bebab33c6e54cb837c9], 
PUP.Optional.DownloadProtect, C:\Program Files (x86)\{89F7B217-4B45-4E13-A7C6-197DB94C2A4E}\def.bin, , [52462d7743484bebab33c6e54cb837c9], 
PUP.Optional.DownloadProtect, C:\Program Files (x86)\{BBC32A4C-2E5E-4FC6-8C4F-DFFC9141B6B9}\config.json, , [bade6b39c7c423136e700ba037cd9e62], 
PUP.Optional.DownloadProtect, C:\Program Files (x86)\{BBC32A4C-2E5E-4FC6-8C4F-DFFC9141B6B9}\def.bin, , [bade6b39c7c423136e700ba037cd9e62], 
PUP.Optional.DownloadProtect, C:\Program Files\{162B2171-A3DE-46CF-BB3A-8120224EDFC9}\config.json, , [fc9c782c256683b37e6072398a7a1ce4], 
PUP.Optional.DownloadProtect, C:\Program Files\{162B2171-A3DE-46CF-BB3A-8120224EDFC9}\def.bin, , [fc9c782c256683b37e6072398a7a1ce4], 
PUP.Optional.DownloadProtect, C:\Program Files\{6122987E-0DC3-4CF4-A864-B6228ED61460}\config.json, , [fa9e485c17749e98815d614a897b0af6], 
PUP.Optional.DownloadProtect, C:\Program Files\{6122987E-0DC3-4CF4-A864-B6228ED61460}\def.bin, , [fa9e485c17749e98815d614a897b0af6], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
kann mir jemand helfen und sagen, was ich machen kann?

Danke für jeden Tipp
__________________

Alt 13.12.2015, 20:55   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Webseiten werden geöffnet - Standard

Webseiten werden geöffnet



Hi

bitte kein OTL mehr verwenden!

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)





Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.12.2015, 21:04   #5
blubbblabb
 
Webseiten werden geöffnet - Standard

Webseiten werden geöffnet



Danke cosinus, dass du dich meiner Problematik annimmst.

Die Files ergeben:

FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
durchgeführt von MaG (Administrator) auf KANOCKELHOPPEL (13-12-2015 21:00:08)
Gestartet von C:\Users\MaG\Downloads
Geladene Profile: MaG &  (Verfügbare Profile: MaG & Administrator)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\SMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\StartMenu_Hook.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\InstallServices.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Secomba GmbH) C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe
(Flux Software LLC) C:\Users\MaG\AppData\Local\FluxSoftware\Flux\flux.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicatorCom.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Propellerhead Software AB) C:\Program Files\Propellerhead\Reason 8\Reason.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [393480 2015-03-19] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016944 2013-05-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-11-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [803200 2015-12-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2015-10-05] (Malwarebytes)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ACHTUNG
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [BoxcryptorClassic.exe] => C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe [2249984 2014-07-31] (Secomba GmbH)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [HP Deskjet 3070 B611 series (NET)] => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [f.lux] => C:\Users\MaG\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-10-22] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BoxcryptorClassic.exe] => C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe [2249984 2014-07-31] (Secomba GmbH)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Deskjet 3070 B611 series (NET)] => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [f.lux] => C:\Users\MaG\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-10-22] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
SSODL: EldosMountNotificator-cbfs4 - {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - C:\WINDOWS\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {AAC3F40E-D943-4222-94D0-24ADA88404B9} => C:\WINDOWS\system32\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {AAC3F40E-D943-4222-94D0-24ADA88404B9} => C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
Startup: C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-07-21]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk [2015-12-13]
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ACHTUNG (Beschränkung - ProxySettings)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{DC547890-78E3-4C07-AE37-F747FD513F4C}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll [2015-09-17] (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-09-17] (pdfforge GmbH)

FireFox:
========
FF ProfilePath: C:\Users\MaG\AppData\Roaming\Mozilla\Firefox\Profiles\GWy82fZH.default
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2011-01-28] ( Sanford L.P.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-08] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-09-17] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-3000335157-3192853593-1025591007-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Extension: Avira Browser Safety - C:\Users\MaG\AppData\Roaming\Mozilla\Firefox\Profiles\GWy82fZH.default\Extensions\abs@avira.com [2015-11-29] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF Extension: PDF Architect 3 Creator - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-09-26] [ist nicht signiert]

Chrome: 
=======
CHR Profile: C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Web Store) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-11-29]
CHR Extension: (Web Store) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Web Store) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-10-22]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>
CHR HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MaG\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-10-22]
CHR HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MaG\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-10-22]
CHR HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-07-21] (Adobe Systems) [Datei ist nicht signiert]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2015-12-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2015-12-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2015-12-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1418560 2015-12-02] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [250648 2015-11-18] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-18] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-18] (Dropbox, Inc.)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24376 2015-06-30] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-06] (IObit)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-18] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244832 2015-09-17] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [964832 2015-09-17] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [767712 2015-09-17] (pdfforge GmbH)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SMService; C:\program files (x86)\iobit\Classic Start\SMService.exe [1056544 2015-11-06] (IObit)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-02] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R1 cbfs4; C:\WINDOWS\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-08] (Intel Corporation)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [40704 2015-08-04] (SoftEther Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC)
S3 SEE; C:\Windows\System32\drivers\see.sys [49024 2015-08-20] (SoftEther Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-05-20] (Synaptics Incorporated)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42088 2015-06-04] (Anchorfree Inc.)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)
S1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-13 21:00 - 2015-12-13 21:00 - 00035870 _____ C:\Users\MaG\Downloads\FRST.txt
2015-12-13 21:00 - 2015-12-13 21:00 - 00000000 ____D C:\FRST
2015-12-13 20:57 - 2015-12-13 20:59 - 02369536 _____ (Farbar) C:\Users\MaG\Downloads\FRST64.exe
2015-12-13 20:27 - 2015-12-13 20:27 - 00085016 _____ C:\Users\MaG\Downloads\Extras.Txt
2015-12-13 20:26 - 2015-12-13 20:26 - 00154888 _____ C:\Users\MaG\Downloads\OTL.Txt
2015-12-13 20:13 - 2015-12-13 20:13 - 00602112 _____ (OldTimer Tools) C:\Users\MaG\Downloads\OTL.exe
2015-12-13 14:03 - 2015-12-13 14:03 - 00001273 _____ C:\WINDOWS\VB.INI
2015-12-13 14:03 - 2015-12-13 14:03 - 00000535 _____ C:\WINDOWS\ODBCINST.INI
2015-12-13 14:03 - 2015-12-13 14:03 - 00000288 _____ C:\WINDOWS\ODBC.INI
2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\WINDOWS\msapps
2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Web Publishing
2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 6.0
2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\Program Files (x86)\Web Publish
2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 _____ C:\WINDOWS\wplog.txt
2015-12-13 14:03 - 1998-05-15 15:57 - 00093456 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\FPWPP.DLL
2015-12-13 14:03 - 1998-05-14 17:30 - 00099008 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSTWPP.DLL
2015-12-13 14:03 - 1998-04-29 17:52 - 00145360 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\WEBPOST.DLL
2015-12-13 14:03 - 1998-04-29 17:52 - 00121984 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\CRSWPP.DLL
2015-12-13 14:03 - 1998-04-29 17:52 - 00112064 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\WPWIZDLL.DLL
2015-12-13 14:03 - 1998-04-29 17:52 - 00098960 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\FTPWPP.DLL
2015-12-13 14:03 - 1998-04-29 17:52 - 00050816 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\PIPARSE.DLL
2015-12-13 14:02 - 2015-12-13 14:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2015-12-13 14:01 - 2015-12-13 14:01 - 00143300 _____ C:\WINDOWS\vssetup.ttf
2015-12-13 14:01 - 2015-12-13 14:01 - 00001409 _____ C:\WINDOWS\vssetup.for
2015-12-13 13:20 - 2015-12-13 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-11 21:48 - 2015-12-13 19:57 - 00003510 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2015-12-11 21:48 - 2015-12-13 19:55 - 00000000 ____D C:\WINDOWS\AutoKMS
2015-12-11 21:47 - 2015-12-11 21:47 - 00000000 ____D C:\Users\MaG\Downloads\Microsoft Toolkit
2015-12-11 21:43 - 2015-12-11 21:43 - 27362856 _____ C:\Users\MaG\Downloads\Microsoft Toolkit.zip
2015-12-09 20:51 - 2015-12-09 20:51 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-12-09 20:51 - 2015-12-09 20:51 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-12-08 21:59 - 2015-12-08 21:59 - 00000386 _____ C:\Users\MaG\Downloads\delete-office2007-activation-64bit.reg
2015-12-08 21:14 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-08 21:12 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-08 21:12 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-08 21:12 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-08 21:12 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-08 21:12 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-08 21:12 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-08 21:12 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-08 21:12 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-12-08 21:12 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-08 21:12 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-08 21:12 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-12-08 21:12 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-08 21:12 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-08 21:12 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-08 21:12 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-08 21:12 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-12-08 21:12 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-08 21:12 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-08 21:12 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-08 21:12 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-08 21:12 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-12-08 21:11 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-08 21:11 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-08 21:11 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-12-08 21:11 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-12-08 21:11 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-12-08 21:11 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-12-08 21:11 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-08 21:11 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-12-08 21:11 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-12-08 21:11 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-08 21:11 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-08 21:11 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-08 21:11 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-08 21:11 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-08 21:11 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-08 21:11 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-08 21:11 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-12-08 21:11 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-12-08 21:11 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-12-08 21:11 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-12-08 21:11 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-12-08 21:11 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-12-08 21:11 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-12-08 21:11 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-12-08 21:11 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-12-08 21:11 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-12-08 21:11 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-12-08 21:11 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-12-08 21:11 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-12-08 21:11 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-12-08 21:11 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-08 21:11 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-12-08 21:11 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-08 21:11 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-08 21:11 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-08 21:11 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-12-08 21:11 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-08 21:11 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-08 21:11 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-08 21:11 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-12-08 21:11 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-12-08 21:11 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-12-08 21:11 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-12-08 21:11 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-08 21:11 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-08 21:11 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-08 21:11 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-12-08 21:11 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-08 21:11 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-12-08 21:11 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-12-08 21:11 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-08 21:11 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-08 21:11 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-08 21:11 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-08 21:11 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-08 21:11 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-12-08 21:11 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-08 21:11 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-12-08 21:11 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-08 21:11 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-12-08 21:11 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-12-08 21:11 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-12-08 21:11 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-12-08 21:10 - 2015-10-11 07:34 - 00468824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-08 21:10 - 2015-10-11 07:34 - 00462168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-12-08 21:10 - 2015-10-11 07:34 - 00443224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-12-08 21:10 - 2015-10-11 07:34 - 00092504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-12-08 21:10 - 2015-10-11 07:34 - 00027992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-12-08 21:10 - 2015-10-10 19:41 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-12-08 21:10 - 2015-10-10 19:41 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-12-08 21:10 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-12-08 21:10 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-12-08 21:10 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-12-08 21:10 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-12-07 21:03 - 2015-12-07 21:03 - 00443744 _____ C:\Users\MaG\Downloads\keyfinder_2.0.10.10.zip
2015-12-07 20:49 - 2015-12-07 20:49 - 00001481 _____ C:\Users\MaG\Desktop\TeamViewer.exe - Verknüpfung.lnk
2015-12-07 20:46 - 2015-12-07 20:46 - 00000000 ____D C:\Users\MaG\Downloads\TeamViewerPortable
2015-12-07 20:45 - 2015-12-07 21:23 - 00000000 ____D C:\Users\MaG\AppData\Roaming\TeamViewer
2015-12-07 20:45 - 2015-12-07 20:46 - 27578035 _____ C:\Users\MaG\Downloads\TeamViewerPortable.zip
2015-12-07 20:44 - 2015-12-07 20:44 - 06944152 _____ (TeamViewer) C:\Users\MaG\Downloads\TeamViewerQS_de-jfa.exe
2015-12-05 17:55 - 2015-12-13 21:00 - 00001148 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-05 17:55 - 2015-12-13 19:54 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-05 17:55 - 2015-12-05 17:55 - 00004120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-05 17:55 - 2015-12-05 17:55 - 00003884 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-29 19:54 - 2015-12-13 18:01 - 00001138 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2015-11-29 19:54 - 2015-11-29 19:54 - 00000000 ____D C:\Users\MaG\AppData\Roaming\Mozilla
2015-11-29 19:54 - 2015-11-29 19:54 - 00000000 ____D C:\Users\MaG\AppData\Roaming\Avira
2015-11-29 19:52 - 2015-12-02 21:09 - 00146696 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-11-29 19:52 - 2015-12-02 21:09 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-11-29 19:52 - 2015-12-02 21:09 - 00073032 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-11-29 19:52 - 2015-12-02 21:09 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-11-29 19:50 - 2015-12-13 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-11-29 19:49 - 2015-11-29 19:54 - 00000000 ____D C:\ProgramData\Avira
2015-11-29 19:49 - 2015-11-29 19:54 - 00000000 ____D C:\Program Files (x86)\Avira
2015-11-29 19:49 - 2015-11-29 19:49 - 04584344 _____ (Avira Operations GmbH & Co. KG) C:\Users\MaG\Downloads\avira_de_av_565b4865d4552__ws.exe
2015-11-29 19:23 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-11-29 19:23 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-11-25 21:10 - 2015-11-25 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2015-11-25 21:03 - 2015-11-25 21:03 - 09552328 _____ (IObit ) C:\Users\MaG\Downloads\sm8-setup (1).exe
2015-11-23 21:31 - 2015-12-13 20:07 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-23 21:31 - 2015-11-23 21:31 - 00001122 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-11-23 21:31 - 2015-11-23 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-11-23 21:31 - 2015-11-23 21:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-23 21:31 - 2015-11-23 21:31 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-11-23 21:31 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-23 21:31 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-23 21:31 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-23 21:30 - 2015-11-23 21:31 - 22908888 _____ (Malwarebytes ) C:\Users\MaG\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-23 21:25 - 2015-11-23 21:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\MaG\Downloads\HijackThis_2.0.5 (1).exe
2015-11-22 20:14 - 2015-11-22 20:14 - 00049502 _____ C:\Users\MaG\Downloads\fsekrit.zip
2015-11-22 20:14 - 2015-11-22 20:14 - 00000000 ____D C:\Users\MaG\Downloads\fsekrit
2015-11-21 08:24 - 2015-11-21 08:24 - 00000571 _____ C:\Users\MaG\Downloads\bbr (1).vcf
2015-11-21 08:17 - 2015-11-21 08:17 - 00000558 _____ C:\Users\MaG\Downloads\MalermeisterKlocksin.vcf
2015-11-21 08:16 - 2015-11-21 08:16 - 00000571 _____ C:\Users\MaG\Downloads\bbr.vcf
2015-11-21 08:15 - 2015-11-21 08:15 - 00000571 _____ C:\Users\MaG\Downloads\vcf
2015-11-15 17:41 - 2015-11-15 17:44 - 00000000 ____D C:\Users\MaG\AppData\Roaming\freac
2015-11-15 17:41 - 2015-11-15 17:41 - 00000983 _____ C:\Users\Public\Desktop\freac - free audio converter.lnk
2015-11-15 17:41 - 2015-11-15 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter
2015-11-15 17:41 - 2015-11-15 17:41 - 00000000 ____D C:\Program Files (x86)\freac
2015-11-15 17:40 - 2015-11-15 17:40 - 07534391 _____ C:\Users\MaG\Downloads\freac-1.0.26.exe
2015-11-15 17:03 - 2015-11-15 17:03 - 23385120 _____ (SuperEasy Software GmbH & Co. KG ) C:\Users\MaG\Downloads\supereasy_audio_converter_2_2.1.3063_8217.exe
2015-11-15 17:03 - 2015-11-15 17:03 - 00001375 _____ C:\Users\Public\Desktop\Audio Converter 2.lnk
2015-11-15 17:03 - 2015-11-15 17:03 - 00000000 ____D C:\Users\MaG\AppData\Roaming\SuperEasy Software
2015-11-15 17:03 - 2015-11-15 17:03 - 00000000 ____D C:\ProgramData\SuperEasy Software
2015-11-15 17:03 - 2015-11-15 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software
2015-11-15 17:03 - 2015-11-15 17:03 - 00000000 ____D C:\Program Files (x86)\SuperEasy Software
2015-11-15 17:03 - 2013-04-02 10:20 - 00506312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2015-11-15 17:03 - 2013-04-02 10:20 - 00354760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2015-11-15 17:00 - 2015-12-10 21:39 - 00000000 ____D C:\Users\MaG\AppData\Local\CrashDumps
2015-11-15 16:59 - 2015-11-15 17:00 - 01391294 _____ C:\Users\MaG\Downloads\setup_1.9.4.exe
2015-11-14 20:59 - 2015-11-14 20:59 - 00001069 _____ C:\Users\Administrator\Desktop\Notepad++.lnk

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-10-21 14:36 - 2013-10-24 23:44 - 00000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC.dat
2021-10-04 08:34 - 2013-10-24 23:44 - 00000712 _____ C:\WINDOWS\system32\Drivers\RTMICEQ0.dat
2015-12-13 21:00 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-12-13 20:46 - 2014-01-05 09:52 - 00000000 ____D C:\Users\MaG\Documents\Outlook-Dateien
2015-12-13 20:04 - 2015-10-03 19:28 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3000335157-3192853593-1025591007-1001
2015-12-13 19:57 - 2015-10-24 21:06 - 00003946 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B1CCAF13-B0DA-4533-8F98-76EA3C1430D0}
2015-12-13 19:55 - 2015-07-18 17:15 - 00000000 ____D C:\Users\MaG\AppData\Local\Dropbox
2015-12-13 19:55 - 2015-03-14 20:03 - 00000000 ___RD C:\Users\MaG\Google Drive
2015-12-13 19:55 - 2013-12-18 21:24 - 00000000 ___RD C:\Users\MaG\Dropbox
2015-12-13 19:54 - 2015-08-16 21:03 - 00000000 ___RD C:\Users\MaG\OneDrive
2015-12-13 19:53 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-13 18:05 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-13 18:00 - 2015-07-18 19:05 - 00000000 ____D C:\ProgramData\ProductData
2015-12-13 14:03 - 2013-08-22 16:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2015-12-13 14:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Help
2015-12-13 14:03 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-13 13:49 - 2015-07-18 17:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-13 13:23 - 2014-11-21 04:35 - 01785582 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-13 13:23 - 2014-11-21 03:45 - 00769092 _____ C:\WINDOWS\system32\perfh007.dat
2015-12-13 13:23 - 2014-11-21 03:45 - 00160376 _____ C:\WINDOWS\system32\perfc007.dat
2015-12-13 13:20 - 2015-07-18 17:15 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-11 21:20 - 2015-08-16 19:38 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-10 21:11 - 2015-10-25 06:23 - 00495520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-09 21:01 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-09 20:59 - 2015-07-30 20:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 20:54 - 2015-07-30 20:53 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 21:03 - 2015-07-18 17:15 - 00002159 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-08 21:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-07 20:39 - 2015-11-03 09:36 - 00001580 _____ C:\WINDOWS\Sandboxie.ini
2015-12-02 21:09 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-01 18:19 - 2014-11-21 12:01 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 18:19 - 2014-11-21 12:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-30 21:08 - 2015-08-19 21:00 - 00000000 ____D C:\Users\MaG\AppData\Roaming\vlc
2015-11-29 21:11 - 2015-09-26 12:32 - 00000000 ____D C:\Users\MaG\AppData\Local\PDFCreator
2015-11-29 20:22 - 2013-10-09 13:40 - 00000000 ____D C:\ProgramData\WildTangent
2015-11-29 20:22 - 2013-10-09 13:40 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2015-11-29 20:21 - 2013-10-25 00:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-29 20:21 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-29 19:45 - 2014-02-15 20:57 - 00000000 ____D C:\AdwCleaner
2015-11-25 21:10 - 2015-07-18 19:04 - 00000000 ____D C:\Program Files (x86)\IObit
2015-11-24 06:34 - 2015-08-09 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-24 06:29 - 2015-08-16 21:11 - 00000306 __RSH C:\ProgramData\ntuser.pol
2015-11-23 22:00 - 2015-08-16 14:48 - 00000000 ____D C:\Program Files\{C8CB9DA7-B575-4B96-82FC-A2CA5C901B07}
2015-11-23 22:00 - 2015-08-16 14:48 - 00000000 ____D C:\Program Files (x86)\{EE16DB03-3219-471E-9F46-B6D5D7D2545A}
2015-11-23 22:00 - 2015-08-13 06:27 - 00000000 ____D C:\Program Files\{5665CFBB-D258-48CB-AB68-3F94D8D32D50}
2015-11-23 22:00 - 2015-08-13 06:27 - 00000000 ____D C:\Program Files (x86)\{8BA17998-868A-4AE1-AC30-9AEC1FF5C583}
2015-11-21 07:45 - 2015-10-22 22:30 - 00001542 _____ C:\WINDOWS\system32\.crusader
2015-11-15 19:51 - 2015-08-16 19:45 - 00000000 ____D C:\Users\MaG
2015-11-14 20:59 - 2015-07-21 07:34 - 00000000 ____D C:\Users\MaG\AppData\Roaming\Notepad++

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-08-29 10:36 - 2015-08-29 10:37 - 0035078 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2015-09-19 19:49 - 2015-09-22 19:49 - 0000106 _____ () C:\Users\MaG\AppData\Roaming\sn.txt
2015-08-08 19:35 - 2015-08-08 19:35 - 0000516 _____ () C:\Users\MaG\AppData\Local\6U3x63w.vbs
2015-08-23 07:48 - 2015-08-23 07:49 - 0000516 _____ () C:\Users\MaG\AppData\Local\7o5cj3r.vbs
2015-08-23 09:46 - 2015-08-23 09:46 - 0000362 _____ () C:\Users\MaG\AppData\Local\boukZ.vbs
2015-08-08 19:24 - 2015-08-08 19:24 - 3531374 _____ () C:\Users\MaG\AppData\Local\curl.zip
2015-07-19 21:19 - 2015-07-19 21:19 - 0000396 _____ () C:\Users\MaG\AppData\Local\G0rg5H.vbs
2015-09-22 19:49 - 2015-09-22 19:49 - 0000362 _____ () C:\Users\MaG\AppData\Local\hpiDp.vbs
2015-11-02 15:23 - 2015-11-02 15:23 - 0004096 ____H () C:\Users\MaG\AppData\Local\keyfile3.drm
2015-09-26 12:17 - 2015-09-26 12:17 - 0000740 _____ () C:\Users\MaG\AppData\Local\recently-used.xbel
2015-09-19 19:49 - 2015-09-19 19:49 - 0000362 _____ () C:\Users\MaG\AppData\Local\t4t5KB.vbs
2015-07-18 20:48 - 2015-07-18 20:48 - 0000057 _____ () C:\ProgramData\Ament.ini

Einige Dateien in TEMP:
====================
C:\Users\MaG\AppData\Local\Temp\avgnt.exe
C:\Users\MaG\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo0kk4y.dll
C:\Users\MaG\AppData\Local\Temp\vs60wiz.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-12-13 20:04

==================== Ende von FRST.txt ============================
         
--- --- ---


Alt 13.12.2015, 21:05   #6
blubbblabb
 
Webseiten werden geöffnet - Standard

Webseiten werden geöffnet



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
durchgeführt von MaG (2015-12-13 21:01:04)
Gestartet von C:\Users\MaG\Downloads
Windows 8.1 (X64) (2015-08-16 19:54:48)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3000335157-3192853593-1025591007-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-3000335157-3192853593-1025591007-501 - Limited - Disabled)
MaG (S-1-5-21-3000335157-3192853593-1025591007-1001 - Administrator - Enabled) => C:\Users\MaG

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4K Video Downloader 3.6 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.6.3.1785 - Open Media LLC)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{E3CA751C-E133-0BF1-3151-7A6D3FB88015}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Authorizer 2.9.0d5 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.9.0d5 - Propellerhead Software AB)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{5b07d59f-99e0-4c52-ad25-965f7e38d6ac}) (Version: 1.1.51.19070 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.51.19070 - Avira Operations GmbH & Co. KG) Hidden
Boxcryptor Classic 1.7 (HKLM-x32\...\{DF47AB90-FB92-42F4-926E-1C4FF16029E7}) (Version: 1.7.409.131 - Secomba GmbH)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.3 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.0.2.1 - Broadcom Corporation)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Click2Music (HKLM-x32\...\Click2Music) (Version:  - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.3.0.1242 - Sanford, L.P.)
f.lux (HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Flux) (Version:  - )
f.lux (HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Flux) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (HKLM\...\{48DF59F8-2ACD-4F1F-87F3-D820FE7A6178}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3070 B611 series Hilfe (HKLM-x32\...\{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{78545512-1F84-4357-8A9A-D94D9C3CE4FA}) (Version: 12.0.26.54 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version:  - )
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Nero WaveEditor (HKLM-x32\...\{EE430B59-A026-4C96-8906-E4C05B7FCC37}) (Version: 12.5.01500 - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
OEM Application Profile (HKLM-x32\...\{ECA361B3-855E-EEAB-C4E9-FFA6F25A4DF4}) (Version: 1.00.0000 - Ihr Firmenname)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)
Paperless Converter version 9.07 (HKLM-x32\...\Paperless Converter_is1) (Version: 9.07 - Rarefind Engineering Innovations Pvt. Ltd.)
Paperless Printer version 6.0.0.1 (HKLM-x32\...\Paperless Printer_is1) (Version: 6.0.0.1 - Pragnaan Software Private Limited)
PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 Create Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.313.1 - Tracker Software Products Ltd)
Prerequisite installer (x32 Version: 12.0.0005 - Nero AG) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Reason 8 8.3.2d7 (HKLM\...\Reason8.0Stable_64_is1) (Version: 8.3.2d7 - Propellerhead Software AB)
Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 2.4.0.1 - IObit)
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SuperEasy Audio Converter 2 v.2.1.3063 (HKLM-x32\...\{039BC111-3B00-B8C5-E02C-0CA1440A9469}_is1) (Version: 2.1.3063 - SuperEasy Software GmbH & Co. KG)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.37 - Synaptics Incorporated)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU) (Version:  - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

25-11-2015 21:17:38 Uniblue PC Mechanic installation
29-11-2015 19:20:51 Windows Update
29-11-2015 19:54:48 Avira System Speedup 2.0.4
01-12-2015 21:26:11 Windows Modules Installer
09-12-2015 20:48:29 Windows Update
13-12-2015 18:02:08 Removed ProjectLibre

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2015-10-25 06:17 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

Da befinden sich 15464 zusätzliche Einträge.


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {056F8D16-DB30-43D6-B844-A69F83C0F1B3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {12A9DDFE-D969-4D3A-8E95-C8E9F5015F2D} - \keepup -> Keine Datei <==== ACHTUNG
Task: {140A4242-6565-4DED-A620-FCD33E1ACB7B} - \DriverMgr -> Keine Datei <==== ACHTUNG
Task: {2F92AB55-ED59-44C8-9CB9-32A071ACA7ED} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {3188352C-4465-4817-9661-56246372F4DF} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-12-11] ()
Task: {3D2DC3F9-CD09-4DFD-B0D3-6770489C3348} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-18] (Google Inc.)
Task: {52DD1A58-FA65-4F78-A296-7AE686322590} - \WinKit -> Keine Datei <==== ACHTUNG
Task: {555DB673-B627-4011-9EAC-9C66B3D9A07B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {5F9A392D-0F93-4D49-B04F-4DF5E1E59674} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {656557D2-E953-4133-A4DA-B6DA2A45183A} - \SpyHunter4Startup -> Keine Datei <==== ACHTUNG
Task: {8413920D-CE6F-46F6-9574-9188FAF2496B} - \Urla1 -> Keine Datei <==== ACHTUNG
Task: {B134DC93-6F45-42D3-A489-2C24C7DDF40B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {B3BCCB8F-F563-4DA2-B325-27F95EA8B431} - \Urla2 -> Keine Datei <==== ACHTUNG
Task: {D3ADBE5B-7D24-478B-9F7A-0746B1F3DBC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-18] (Google Inc.)
Task: {F32D7DA5-8C47-4F4D-AEE0-A7398C655912} - \Urla3 -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-07-24 19:53 - 2012-03-28 20:28 - 00019456 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\QWritex64.dll
2013-10-25 00:04 - 2013-02-20 21:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-04-15 21:13 - 2015-04-15 21:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-09-07 00:48 - 2013-09-07 00:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 00:45 - 2013-09-07 00:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 00:52 - 2013-09-07 00:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-10-19 21:00 - 2015-10-19 21:00 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-07-18 18:46 - 2015-10-30 14:14 - 00658944 _____ () C:\Program Files\Propellerhead\Reason 8\DeviceCache\P8541119\P8541119.dll
2015-07-19 14:13 - 2015-02-03 14:32 - 08200704 _____ () C:\Users\MaG\AppData\Roaming\Propellerhead Software\RackExtensions\se.audiorealism.Dominator.1.1.0\Dominator64.dll
2015-07-18 18:46 - 2015-10-30 14:14 - 00661504 _____ () C:\Program Files\Propellerhead\Reason 8\DeviceCache\P8374819\P8374819.dll
2015-07-19 14:14 - 2013-11-06 12:43 - 03514880 _____ () C:\Users\MaG\AppData\Roaming\Propellerhead Software\RackExtensions\com.robpapen.SubBoomBassRE.1.0.4\SubBoomBassRE64.dll
2015-07-18 19:05 - 2015-11-06 12:05 - 00618784 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-10-24 22:34 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-10-24 22:34 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-10-24 22:34 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-10-24 22:34 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-10-24 22:34 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-11-25 21:10 - 2015-11-06 12:05 - 00348960 _____ () C:\program files (x86)\iobit\Classic Start\madExcept_.bpl
2015-11-25 21:10 - 2015-11-06 12:04 - 00183584 _____ () C:\program files (x86)\iobit\Classic Start\madBasic_.bpl
2015-11-25 21:10 - 2015-11-06 12:04 - 00050976 _____ () C:\program files (x86)\iobit\Classic Start\madDisAsm_.bpl
2015-11-25 21:10 - 2015-11-06 12:05 - 00268920 _____ () C:\program files (x86)\iobit\Classic Start\sqlite3.dll
2015-11-25 21:10 - 2015-11-06 12:05 - 00053024 _____ () C:\program files (x86)\iobit\Classic Start\parseAuto.dll
2015-11-25 21:10 - 2015-11-06 12:05 - 00618784 _____ () C:\program files (x86)\iobit\Classic Start\ProductStatistics.dll
2015-11-25 21:10 - 2015-11-06 12:05 - 00041248 _____ () C:\program files (x86)\iobit\Classic Start\winkey.dll
2011-01-28 20:14 - 2011-01-28 20:14 - 00094208 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll
2015-12-13 13:19 - 2015-10-31 01:59 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd
2015-12-13 13:19 - 2015-10-31 01:59 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-13 13:19 - 2015-10-31 01:59 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-13 13:19 - 2015-10-31 01:59 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2015-12-13 13:19 - 2015-10-31 01:59 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-13 13:19 - 2015-12-08 22:36 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-13 13:19 - 2015-10-31 01:59 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 01737032 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2015-12-13 13:19 - 2015-10-31 02:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-13 13:19 - 2015-10-31 01:59 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2015-12-13 13:19 - 2015-10-31 01:59 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2015-12-13 13:19 - 2015-12-08 22:36 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00486704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-10-17 09:00 - 2015-10-31 02:01 - 00019920 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-10-17 09:00 - 2015-10-31 02:00 - 00786904 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-10-17 09:00 - 2015-10-31 02:00 - 00063448 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-10-17 09:00 - 2015-10-31 02:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2015-12-13 19:54 - 2015-12-13 19:54 - 00098816 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32api.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00110080 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\pywintypes27.dll
2015-12-13 19:54 - 2015-12-13 19:54 - 00364544 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\pythoncom27.dll
2015-12-13 19:54 - 2015-12-13 19:54 - 00046080 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\_socket.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 01208320 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\_ssl.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00320512 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32com.shell.shell.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00776704 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\_hashlib.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 01176576 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._core_.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00806400 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._gdi_.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00816128 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._windows_.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 01067008 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._controls_.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00733184 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._misc_.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00682496 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\pysqlite2._sqlite.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00088064 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\_ctypes.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00119808 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32file.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00108544 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32security.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00007168 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\hashobjs_ext.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00017920 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\thumbnails_ext.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00079360 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\usb_ext.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00167936 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32gui.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00018432 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32event.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00128512 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\_elementtree.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00127488 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\pyexpat.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00013824 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\common.time34.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00036864 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\_psutil_windows.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00038912 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32inet.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00525640 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\windows._lib_cacheinvalidation.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00011264 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32crypt.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00077312 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._html2.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00027136 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\_multiprocessing.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00020480 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\_yappi.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00035840 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32process.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00686080 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\unicodedata.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00123392 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._wizard.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00024064 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32pipe.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00010240 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\select.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00025600 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32pdh.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00017408 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32profile.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00022528 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\win32ts.pyd
2015-12-13 19:54 - 2015-12-13 19:54 - 00078848 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46882\wx._animate.pyd
2013-10-24 23:35 - 2013-05-08 21:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-07-19 21:26 - 2015-11-23 21:05 - 00012288 _____ () C:\Program Files (x86)\Google\Chrome\Application\WTSAPI32.dll
2013-10-25 00:04 - 2013-02-20 21:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-12-08 21:03 - 2015-12-04 22:32 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
2015-12-08 21:03 - 2015-12-04 22:32 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll
2015-12-08 21:03 - 2015-12-04 22:32 - 16573256 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-08-29 11:23 - 2015-08-29 11:23 - 00065536 _____ () C:\Users\MaG\AppData\Local\assembly\dl3\CCMEXOQW.OPX\VKQ6T7YN.H8G\93d162e2\00d49700_20bfcb01\Outlook07DymoAddIn.DLL
2015-08-29 11:23 - 2015-08-29 11:23 - 00094208 _____ () C:\Users\MaG\AppData\Local\assembly\dl3\CCMEXOQW.OPX\VKQ6T7YN.H8G\cab056c2\004bcda4_1fbfcb01\DYMO.Common.DLL
2015-08-29 11:23 - 2015-08-29 11:23 - 00007168 _____ () C:\Users\MaG\AppData\Local\assembly\dl3\CCMEXOQW.OPX\VKQ6T7YN.H8G\236d28c5\00d49700_20bfcb01\Outlook07DymoAddIn.resources.DLL
2015-11-11 02:42 - 2015-11-11 02:42 - 01045672 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7867 mehr Seiten.

IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123simsen.com -> www.123simsen.com

Da befinden sich 7867 mehr Seiten.

IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com

Da befinden sich 7867 mehr Seiten.

IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\123simsen.com -> www.123simsen.com

Da befinden sich 7867 mehr Seiten.

IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com

Da befinden sich 7867 mehr Seiten.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3000335157-3192853593-1025591007-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_0034C5CFB848FFC3DA2A3C20C2C3A86D"
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_0034C5CFB848FFC3DA2A3C20C2C3A86D"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D27C2C67-608D-4E0E-9378-992FA77258D0}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{8039EE20-5698-4C20-9C5C-F5F1F62DE282}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{B34D8AE4-D8C7-4056-8112-932D213FD866}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\DeviceSetup.exe
FirewallRules: [{A51982E3-8677-4D7A-8315-4590C92BCC5E}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{C7C5B632-E33E-4356-8511-09866EEE7955}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{DAADAA74-9DFC-4A95-A18E-0A1221F46BF6}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{407EB8EA-8ACC-471D-9572-D4DB5537D539}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{E4E88AC9-5F1B-4746-9F9A-F361F11ED675}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{D14CD3F3-1679-4D9C-9C19-3E6EEC5326D6}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{1714CB00-E0EC-4C0E-A5B2-A4CC580349B8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{D309308A-4A28-4E1D-97C8-18234DAB58AD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{F6D4B300-3739-4C79-A6B0-22404E964637}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{3DDBC3D8-35F4-44F8-82F8-28DC5E291AE6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{ACDFD2BA-B2CF-46FC-B66A-DC6D98D93D16}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{12C44774-64DF-4B86-ADE9-0D0B8E628997}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{59E21C6C-E358-4462-8F28-AE5AD57FFAFC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{85CC36FE-D8D5-41E7-A4BF-882D59D29CB3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{89ECDC59-5605-4B33-BACE-DFAC4B41D44A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{0439C5C4-6C55-46D7-BD51-DE35DA1B1F72}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{BB8DF291-466C-48C9-8D7E-C03F42159DE8}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [TCP Query User{20ECE248-417E-4173-A1FB-9D0FC6189327}C:\users\mag\downloads\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\downloads\teamviewerportable\teamviewer.exe
FirewallRules: [UDP Query User{3D966FCE-0FF8-44EF-A741-2B3FA6CBB0E6}C:\users\mag\downloads\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\downloads\teamviewerportable\teamviewer.exe
FirewallRules: [{ED42765D-0E9B-4792-9BAB-5DA5FE42DA4D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{992A5461-377B-4790-812C-8D55A75DD054}C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe
FirewallRules: [UDP Query User{A2D4ACED-1F9E-44C0-9A97-89837E7C4D02}C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe
FirewallRules: [TCP Query User{0ED62260-935A-4DF0-A148-8A7554A45B8D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{F96081B8-83EE-4C80-ADEF-E9182926A7D3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{C1397DD8-2F9D-4D6E-AB4D-AC351C47A3D8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/13/2015 07:56:49 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. 

Kontext: Windows Anwendung

Details:
	Das Datenträgeränderungsjournal wird gelöscht.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/13/2015 02:13:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (12/13/2015 02:10:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm acmsetup.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 13e8

Startzeit: 01d135a6739aa026

Endzeit: 0

Anwendungspfad: Z:\~MSSETUP.T\tmp.t\acmsetup.exe

Berichts-ID: e7ac2a12-a19a-11e5-bf17-201a0671fff5

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/13/2015 01:19:21 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. 

Kontext: Windows Anwendung

Details:
	Das Datenträgeränderungsjournal wird gelöscht.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/11/2015 09:49:30 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database

Error: (12/11/2015 09:20:48 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. 

Kontext: Windows Anwendung

Details:
	Das Datenträgeränderungsjournal wird gelöscht.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/10/2015 09:39:10 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (12/10/2015 09:16:31 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. 

Kontext: Windows Anwendung

Details:
	Das Datenträgeränderungsjournal wird gelöscht.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/09/2015 09:28:57 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (12/09/2015 08:47:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: delegate_execute.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661e826
Name des fehlerhaften Moduls: delegate_execute.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661e826
Ausnahmecode: 0x80000003
Fehleroffset: 0x00007f81
ID des fehlerhaften Prozesses: 0xdd8
Startzeit der fehlerhaften Anwendung: 0xdelegate_execute.exe0
Pfad der fehlerhaften Anwendung: delegate_execute.exe1
Pfad des fehlerhaften Moduls: delegate_execute.exe2
Berichtskennung: delegate_execute.exe3
Vollständiger Name des fehlerhaften Pakets: delegate_execute.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: delegate_execute.exe5


Systemfehler:
=============
Error: (12/13/2015 05:23:57 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/13/2015 05:23:57 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/13/2015 05:23:57 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/13/2015 05:23:57 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/13/2015 05:23:56 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/13/2015 05:23:56 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/13/2015 05:23:56 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/13/2015 05:23:56 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/13/2015 01:15:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/13/2015 01:15:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.


CodeIntegrity:
===================================
  Date: 2015-11-29 19:20:29.410
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-25 21:09:49.665
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-23 21:21:20.703
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-22 19:10:56.911
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-21 08:39:12.900
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-11 21:05:08.622
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-09 21:36:25.750
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-07 21:26:46.886
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-04 07:20:00.911
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-01 16:10:00.396
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 60%
Installierter physikalischer RAM: 8072.27 MB
Verfügbarer physikalischer RAM: 3194.2 MB
Summe virtueller Speicher: 9352.27 MB
Verfügbarer virtueller Speicher: 4473.32 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:681.75 GB) (Free:521.96 GB) NTFS
Drive z: (Boxcryptor Classic) (Fixed) (Total:681.75 GB) (Free:521.96 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 2A9D57C6)

Partition: GPT.

==================== Ende von Addition.txt ============================
         

Alt 13.12.2015, 21:20   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Webseiten werden geöffnet - Standard

Webseiten werden geöffnet



Avira bitte deinstallieren. Ab Windows 8 ist MSE fest eingebaut und nennt sich Windows Defender.

Zitat:
System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-12-11] ()
Außerdem hast du mindestens ein gecracktes MS Office drauf. Das muss runter. Und alle anderen gecrackten etwaig vorhanden Programme.

Lesestoff:
Illegale Software: Cracks, Keygens und Co

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.12.2015, 21:35   #8
blubbblabb
 
Webseiten werden geöffnet - Standard

Webseiten werden geöffnet



Merci - mach ich - avira ist deinstalliert.
Office hatte ich mal installiert - muss noch ein Rest Zustand sein.
Das lösche ich auch...

So - Neustart ist erfolgt. Avira und der Rest ist beseitigt.
Da aber das Problem erst seit kurzen ist, wird es damit definitiv nicht zusammenhängen.

Kann man noch was anderes herausfinden?

Alt 13.12.2015, 21:43   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Webseiten werden geöffnet - Standard

Webseiten werden geöffnet



Ja, schon klar, das hören wir immer - "nein, niemals macht ja die gecrackte Software ein Problem"

Selbst wenn das stimmt, wir dulden keine Cracks und Keygens und stellen den Support ein und es geht erst weiter wenn der ganze Dreck weg ist.


Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.12.2015, 21:55   #10
blubbblabb
 
Webseiten werden geöffnet - Standard

Webseiten werden geöffnet



hier ist addition.txt
FRST Additions Logfile:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
durchgeführt von MaG (2015-12-13 21:47:37)
Gestartet von C:\Users\MaG\Downloads
Windows 8.1 (X64) (2015-08-16 19:54:48)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3000335157-3192853593-1025591007-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-3000335157-3192853593-1025591007-501 - Limited - Disabled)
MaG (S-1-5-21-3000335157-3192853593-1025591007-1001 - Administrator - Enabled) => C:\Users\MaG

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4K Video Downloader 3.6 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.6.3.1785 - Open Media LLC)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{E3CA751C-E133-0BF1-3151-7A6D3FB88015}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Authorizer 2.9.0d5 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.9.0d5 - Propellerhead Software AB)
Boxcryptor Classic 1.7 (HKLM-x32\...\{DF47AB90-FB92-42F4-926E-1C4FF16029E7}) (Version: 1.7.409.131 - Secomba GmbH)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.3 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.0.2.1 - Broadcom Corporation)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Click2Music (HKLM-x32\...\Click2Music) (Version:  - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.3.0.1242 - Sanford, L.P.)
f.lux (HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Flux) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (HKLM\...\{48DF59F8-2ACD-4F1F-87F3-D820FE7A6178}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3070 B611 series Hilfe (HKLM-x32\...\{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{78545512-1F84-4357-8A9A-D94D9C3CE4FA}) (Version: 12.0.26.54 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version:  - )
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Nero WaveEditor (HKLM-x32\...\{EE430B59-A026-4C96-8906-E4C05B7FCC37}) (Version: 12.5.01500 - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
OEM Application Profile (HKLM-x32\...\{ECA361B3-855E-EEAB-C4E9-FFA6F25A4DF4}) (Version: 1.00.0000 - Ihr Firmenname)
Paperless Converter version 9.07 (HKLM-x32\...\Paperless Converter_is1) (Version: 9.07 - Rarefind Engineering Innovations Pvt. Ltd.)
Paperless Printer version 6.0.0.1 (HKLM-x32\...\Paperless Printer_is1) (Version: 6.0.0.1 - Pragnaan Software Private Limited)
PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 Create Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.313.1 - Tracker Software Products Ltd)
Prerequisite installer (x32 Version: 12.0.0005 - Nero AG) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Reason 8 8.3.2d7 (HKLM\...\Reason8.0Stable_64_is1) (Version: 8.3.2d7 - Propellerhead Software AB)
Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 2.4.0.1 - IObit)
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SuperEasy Audio Converter 2 v.2.1.3063 (HKLM-x32\...\{039BC111-3B00-B8C5-E02C-0CA1440A9469}_is1) (Version: 2.1.3063 - SuperEasy Software GmbH & Co. KG)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.37 - Synaptics Incorporated)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU) (Version:  - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

25-11-2015 21:17:38 Uniblue PC Mechanic installation
29-11-2015 19:20:51 Windows Update
29-11-2015 19:54:48 Avira System Speedup 2.0.4
01-12-2015 21:26:11 Windows Modules Installer
09-12-2015 20:48:29 Windows Update
13-12-2015 18:02:08 Removed ProjectLibre

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2015-10-25 06:17 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

Da befinden sich 15464 zusätzliche Einträge.


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {056F8D16-DB30-43D6-B844-A69F83C0F1B3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {12A9DDFE-D969-4D3A-8E95-C8E9F5015F2D} - \keepup -> Keine Datei <==== ACHTUNG
Task: {140A4242-6565-4DED-A620-FCD33E1ACB7B} - \DriverMgr -> Keine Datei <==== ACHTUNG
Task: {2F92AB55-ED59-44C8-9CB9-32A071ACA7ED} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {3D2DC3F9-CD09-4DFD-B0D3-6770489C3348} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-18] (Google Inc.)
Task: {555DB673-B627-4011-9EAC-9C66B3D9A07B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {5F9A392D-0F93-4D49-B04F-4DF5E1E59674} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {656557D2-E953-4133-A4DA-B6DA2A45183A} - \SpyHunter4Startup -> Keine Datei <==== ACHTUNG
Task: {8413920D-CE6F-46F6-9574-9188FAF2496B} - \Urla1 -> Keine Datei <==== ACHTUNG
Task: {B134DC93-6F45-42D3-A489-2C24C7DDF40B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {B3BCCB8F-F563-4DA2-B325-27F95EA8B431} - \Urla2 -> Keine Datei <==== ACHTUNG
Task: {D3ADBE5B-7D24-478B-9F7A-0746B1F3DBC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-18] (Google Inc.)
Task: {F32D7DA5-8C47-4F4D-AEE0-A7398C655912} - \Urla3 -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-07-24 19:53 - 2012-03-28 20:28 - 00019456 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\QWritex64.dll
2013-10-25 00:04 - 2013-02-20 21:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-09-07 00:48 - 2013-09-07 00:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 00:45 - 2013-09-07 00:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 00:52 - 2013-09-07 00:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-10-19 21:00 - 2015-10-19 21:00 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-08-19 20:07 - 2015-08-19 20:08 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-07-18 19:05 - 2015-11-06 12:05 - 00618784 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-10-24 22:34 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-10-24 22:34 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-10-24 22:34 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-10-24 22:34 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-10-24 22:34 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-11-25 21:10 - 2015-11-06 12:05 - 00348960 _____ () C:\program files (x86)\iobit\Classic Start\madExcept_.bpl
2015-11-25 21:10 - 2015-11-06 12:04 - 00183584 _____ () C:\program files (x86)\iobit\Classic Start\madBasic_.bpl
2015-11-25 21:10 - 2015-11-06 12:04 - 00050976 _____ () C:\program files (x86)\iobit\Classic Start\madDisAsm_.bpl
2015-11-25 21:10 - 2015-11-06 12:05 - 00268920 _____ () C:\program files (x86)\iobit\Classic Start\sqlite3.dll
2015-11-25 21:10 - 2015-11-06 12:05 - 00053024 _____ () C:\program files (x86)\iobit\Classic Start\parseAuto.dll
2015-11-25 21:10 - 2015-11-06 12:05 - 00618784 _____ () C:\program files (x86)\iobit\Classic Start\ProductStatistics.dll
2015-11-25 21:10 - 2015-11-06 12:05 - 00041248 _____ () C:\program files (x86)\iobit\Classic Start\winkey.dll
2011-01-28 20:14 - 2011-01-28 20:14 - 00094208 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll
2015-12-13 13:19 - 2015-10-31 01:59 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd
2015-12-13 13:19 - 2015-10-31 01:59 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-13 13:19 - 2015-10-31 01:59 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-13 13:19 - 2015-10-31 01:59 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2015-12-13 13:19 - 2015-10-31 01:59 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-13 13:19 - 2015-12-08 22:36 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-13 13:19 - 2015-10-31 01:59 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 01737032 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2015-12-13 13:19 - 2015-10-31 02:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-13 13:19 - 2015-10-31 01:59 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2015-12-13 13:19 - 2015-10-31 01:59 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2015-12-13 13:19 - 2015-12-08 22:36 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-13 13:19 - 2015-10-31 02:00 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00486704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2015-12-13 13:19 - 2015-12-08 22:36 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-10-17 09:00 - 2015-10-31 02:01 - 00019920 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-10-17 09:00 - 2015-10-31 02:00 - 00786904 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-10-17 09:00 - 2015-10-31 02:00 - 00063448 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-10-17 09:00 - 2015-10-31 02:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2015-12-13 21:29 - 2015-12-13 21:29 - 00098816 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32api.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00110080 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\pywintypes27.dll
2015-12-13 21:29 - 2015-12-13 21:29 - 00364544 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\pythoncom27.dll
2015-12-13 21:29 - 2015-12-13 21:29 - 00046080 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\_socket.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 01208320 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\_ssl.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00320512 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32com.shell.shell.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00776704 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\_hashlib.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 01176576 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\wx._core_.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00806400 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\wx._gdi_.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00816128 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\wx._windows_.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 01067008 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\wx._controls_.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00733184 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\wx._misc_.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00682496 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\pysqlite2._sqlite.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00088064 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\_ctypes.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00119808 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32file.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00108544 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32security.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00007168 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\hashobjs_ext.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00017920 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\thumbnails_ext.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00079360 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\usb_ext.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00167936 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32gui.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00018432 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32event.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00128512 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\_elementtree.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00127488 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\pyexpat.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00013824 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\common.time34.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00036864 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\_psutil_windows.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00038912 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32inet.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00525640 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\windows._lib_cacheinvalidation.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00011264 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32crypt.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00077312 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\wx._html2.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00027136 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\_multiprocessing.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00020480 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\_yappi.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00035840 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32process.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00686080 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\unicodedata.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00123392 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\wx._wizard.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00024064 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32pipe.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00010240 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\select.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00025600 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32pdh.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00017408 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32profile.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00022528 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\win32ts.pyd
2015-12-13 21:29 - 2015-12-13 21:29 - 00078848 _____ () C:\Users\MaG\AppData\Local\Temp\_MEI46282\wx._animate.pyd
2015-07-19 21:26 - 2015-11-23 21:05 - 00012288 _____ () C:\Program Files (x86)\Google\Chrome\Application\WTSAPI32.dll
2013-10-25 00:04 - 2013-02-20 21:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-12-08 21:03 - 2015-12-04 22:32 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
2015-12-08 21:03 - 2015-12-04 22:32 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll
2013-10-24 23:35 - 2013-05-08 21:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-08-29 11:23 - 2015-08-29 11:23 - 00065536 _____ () C:\Users\MaG\AppData\Local\assembly\dl3\CCMEXOQW.OPX\VKQ6T7YN.H8G\93d162e2\00d49700_20bfcb01\Outlook07DymoAddIn.DLL
2015-08-29 11:23 - 2015-08-29 11:23 - 00094208 _____ () C:\Users\MaG\AppData\Local\assembly\dl3\CCMEXOQW.OPX\VKQ6T7YN.H8G\cab056c2\004bcda4_1fbfcb01\DYMO.Common.DLL
2015-08-29 11:23 - 2015-08-29 11:23 - 00007168 _____ () C:\Users\MaG\AppData\Local\assembly\dl3\CCMEXOQW.OPX\VKQ6T7YN.H8G\236d28c5\00d49700_20bfcb01\Outlook07DymoAddIn.resources.DLL

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7867 mehr Seiten.

IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123simsen.com -> www.123simsen.com

Da befinden sich 7867 mehr Seiten.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_0034C5CFB848FFC3DA2A3C20C2C3A86D"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D27C2C67-608D-4E0E-9378-992FA77258D0}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{8039EE20-5698-4C20-9C5C-F5F1F62DE282}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{B34D8AE4-D8C7-4056-8112-932D213FD866}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\DeviceSetup.exe
FirewallRules: [{A51982E3-8677-4D7A-8315-4590C92BCC5E}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{C7C5B632-E33E-4356-8511-09866EEE7955}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{DAADAA74-9DFC-4A95-A18E-0A1221F46BF6}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{407EB8EA-8ACC-471D-9572-D4DB5537D539}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{E4E88AC9-5F1B-4746-9F9A-F361F11ED675}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{D14CD3F3-1679-4D9C-9C19-3E6EEC5326D6}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{1714CB00-E0EC-4C0E-A5B2-A4CC580349B8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{D309308A-4A28-4E1D-97C8-18234DAB58AD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{F6D4B300-3739-4C79-A6B0-22404E964637}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{3DDBC3D8-35F4-44F8-82F8-28DC5E291AE6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{ACDFD2BA-B2CF-46FC-B66A-DC6D98D93D16}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{12C44774-64DF-4B86-ADE9-0D0B8E628997}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{59E21C6C-E358-4462-8F28-AE5AD57FFAFC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{85CC36FE-D8D5-41E7-A4BF-882D59D29CB3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{89ECDC59-5605-4B33-BACE-DFAC4B41D44A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{0439C5C4-6C55-46D7-BD51-DE35DA1B1F72}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{BB8DF291-466C-48C9-8D7E-C03F42159DE8}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [TCP Query User{20ECE248-417E-4173-A1FB-9D0FC6189327}C:\users\mag\downloads\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\downloads\teamviewerportable\teamviewer.exe
FirewallRules: [UDP Query User{3D966FCE-0FF8-44EF-A741-2B3FA6CBB0E6}C:\users\mag\downloads\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\downloads\teamviewerportable\teamviewer.exe
FirewallRules: [{ED42765D-0E9B-4792-9BAB-5DA5FE42DA4D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{992A5461-377B-4790-812C-8D55A75DD054}C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe
FirewallRules: [UDP Query User{A2D4ACED-1F9E-44C0-9A97-89837E7C4D02}C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe
FirewallRules: [TCP Query User{0ED62260-935A-4DF0-A148-8A7554A45B8D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{F96081B8-83EE-4C80-ADEF-E9182926A7D3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{C1397DD8-2F9D-4D6E-AB4D-AC351C47A3D8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/13/2015 07:56:49 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. 

Kontext: Windows Anwendung

Details:
	Das Datenträgeränderungsjournal wird gelöscht.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/13/2015 02:13:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (12/13/2015 02:10:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm acmsetup.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 13e8

Startzeit: 01d135a6739aa026

Endzeit: 0

Anwendungspfad: Z:\~MSSETUP.T\tmp.t\acmsetup.exe

Berichts-ID: e7ac2a12-a19a-11e5-bf17-201a0671fff5

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/13/2015 01:19:21 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. 

Kontext: Windows Anwendung

Details:
	Das Datenträgeränderungsjournal wird gelöscht.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/11/2015 09:49:30 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database

Error: (12/11/2015 09:20:48 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. 

Kontext: Windows Anwendung

Details:
	Das Datenträgeränderungsjournal wird gelöscht.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/10/2015 09:39:10 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (12/10/2015 09:16:31 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. 

Kontext: Windows Anwendung

Details:
	Das Datenträgeränderungsjournal wird gelöscht.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/09/2015 09:28:57 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (12/09/2015 08:47:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: delegate_execute.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661e826
Name des fehlerhaften Moduls: delegate_execute.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661e826
Ausnahmecode: 0x80000003
Fehleroffset: 0x00007f81
ID des fehlerhaften Prozesses: 0xdd8
Startzeit der fehlerhaften Anwendung: 0xdelegate_execute.exe0
Pfad der fehlerhaften Anwendung: delegate_execute.exe1
Pfad des fehlerhaften Moduls: delegate_execute.exe2
Berichtskennung: delegate_execute.exe3
Vollständiger Name des fehlerhaften Pakets: delegate_execute.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: delegate_execute.exe5


Systemfehler:
=============
Error: (12/13/2015 09:41:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (12/13/2015 09:40:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (12/13/2015 09:39:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender-Netzwerkinspektionsdienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (12/13/2015 09:39:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (12/13/2015 05:23:57 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/13/2015 05:23:57 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/13/2015 05:23:57 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/13/2015 05:23:57 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/13/2015 05:23:56 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/13/2015 05:23:56 PM) (Source: DCOM) (EventID: 10016) (User: KANOCKELHOPPEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}KanockelHoppelMaGS-1-5-21-3000335157-3192853593-1025591007-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


CodeIntegrity:
===================================
  Date: 2015-12-13 21:41:10.205
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-12-13 21:40:41.253
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-12-13 21:39:59.249
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-13 21:39:46.482
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-29 19:20:29.410
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-25 21:09:49.665
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-23 21:21:20.703
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-22 19:10:56.911
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-21 08:39:12.900
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-11 21:05:08.622
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 8072.27 MB
Verfügbarer physikalischer RAM: 5933.22 MB
Summe virtueller Speicher: 9352.27 MB
Verfügbarer virtueller Speicher: 7003.68 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:681.75 GB) (Free:523.34 GB) NTFS
Drive z: (Boxcryptor Classic) (Fixed) (Total:681.75 GB) (Free:523.34 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 2A9D57C6)

Partition: GPT.

==================== Ende von Addition.txt ============================
         
--- --- ---


und hier die andere

FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
durchgeführt von MaG (Administrator) auf KANOCKELHOPPEL (13-12-2015 21:46:57)
Gestartet von C:\Users\MaG\Downloads
Geladene Profile: MaG (Verfügbare Profile: MaG & Administrator)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\SMService.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\StartMenu_Hook.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\InstallServices.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Secomba GmbH) C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Flux Software LLC) C:\Users\MaG\AppData\Local\FluxSoftware\Flux\flux.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [393480 2015-03-19] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016944 2013-05-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ACHTUNG
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [BoxcryptorClassic.exe] => C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe [2249984 2014-07-31] (Secomba GmbH)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [HP Deskjet 3070 B611 series (NET)] => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [f.lux] => C:\Users\MaG\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-10-22] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [HideSCAVolume] 0
SSODL: EldosMountNotificator-cbfs4 - {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - C:\WINDOWS\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {AAC3F40E-D943-4222-94D0-24ADA88404B9} => C:\WINDOWS\system32\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {AAC3F40E-D943-4222-94D0-24ADA88404B9} => C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
Startup: C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-07-21]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk [2015-12-13]
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ACHTUNG (Beschränkung - ProxySettings)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{DC547890-78E3-4C07-AE37-F747FD513F4C}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO-x32: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll [2015-09-17] (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-09-17] (pdfforge GmbH)

FireFox:
========
FF ProfilePath: C:\Users\MaG\AppData\Roaming\Mozilla\Firefox\Profiles\GWy82fZH.default
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2011-01-28] ( Sanford L.P.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-08] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-09-17] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-3000335157-3192853593-1025591007-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Extension: Avira Browser Safety - C:\Users\MaG\AppData\Roaming\Mozilla\Firefox\Profiles\GWy82fZH.default\Extensions\abs@avira.com [2015-11-29] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF Extension: PDF Architect 3 Creator - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-09-26] [ist nicht signiert]

Chrome: 
=======
CHR Profile: C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Web Store) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-11-29]
CHR Extension: (Web Store) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Web Store) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-10-22]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>
CHR HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MaG\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-10-22]
CHR HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-07-21] (Adobe Systems) [Datei ist nicht signiert]
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-18] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-18] (Dropbox, Inc.)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24376 2015-06-30] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-06] (IObit)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-18] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244832 2015-09-17] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [964832 2015-09-17] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [767712 2015-09-17] (pdfforge GmbH)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SMService; C:\program files (x86)\iobit\Classic Start\SMService.exe [1056544 2015-11-06] (IObit)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R1 cbfs4; C:\WINDOWS\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-08] (Intel Corporation)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [40704 2015-08-04] (SoftEther Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC)
S3 SEE; C:\Windows\System32\drivers\see.sys [49024 2015-08-20] (SoftEther Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-05-20] (Synaptics Incorporated)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42088 2015-06-04] (Anchorfree Inc.)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)
S1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-13 21:43 - 2015-12-13 21:43 - 00713112 _____ C:\Users\MaG\Downloads\NoDefender.zip
2015-12-13 21:01 - 2015-12-13 21:04 - 00064885 _____ C:\Users\MaG\Downloads\Addition.txt
2015-12-13 21:00 - 2015-12-13 21:46 - 00028443 _____ C:\Users\MaG\Downloads\FRST.txt
2015-12-13 21:00 - 2015-12-13 21:46 - 00000000 ____D C:\FRST
2015-12-13 20:57 - 2015-12-13 20:59 - 02369536 _____ (Farbar) C:\Users\MaG\Downloads\FRST64.exe
2015-12-13 20:27 - 2015-12-13 20:27 - 00085016 _____ C:\Users\MaG\Downloads\Extras.Txt
2015-12-13 20:26 - 2015-12-13 20:26 - 00154888 _____ C:\Users\MaG\Downloads\OTL.Txt
2015-12-13 20:13 - 2015-12-13 20:13 - 00602112 _____ (OldTimer Tools) C:\Users\MaG\Downloads\OTL.exe
2015-12-13 14:03 - 2015-12-13 14:03 - 00001273 _____ C:\WINDOWS\VB.INI
2015-12-13 14:03 - 2015-12-13 14:03 - 00000535 _____ C:\WINDOWS\ODBCINST.INI
2015-12-13 14:03 - 2015-12-13 14:03 - 00000288 _____ C:\WINDOWS\ODBC.INI
2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\WINDOWS\msapps
2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Web Publishing
2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 6.0
2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\Program Files (x86)\Web Publish
2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 _____ C:\WINDOWS\wplog.txt
2015-12-13 14:03 - 1998-05-15 15:57 - 00093456 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\FPWPP.DLL
2015-12-13 14:03 - 1998-05-14 17:30 - 00099008 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSTWPP.DLL
2015-12-13 14:03 - 1998-04-29 17:52 - 00145360 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\WEBPOST.DLL
2015-12-13 14:03 - 1998-04-29 17:52 - 00121984 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\CRSWPP.DLL
2015-12-13 14:03 - 1998-04-29 17:52 - 00112064 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\WPWIZDLL.DLL
2015-12-13 14:03 - 1998-04-29 17:52 - 00098960 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\FTPWPP.DLL
2015-12-13 14:03 - 1998-04-29 17:52 - 00050816 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\PIPARSE.DLL
2015-12-13 14:02 - 2015-12-13 14:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2015-12-13 14:01 - 2015-12-13 14:01 - 00143300 _____ C:\WINDOWS\vssetup.ttf
2015-12-13 14:01 - 2015-12-13 14:01 - 00001409 _____ C:\WINDOWS\vssetup.for
2015-12-13 13:20 - 2015-12-13 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-11 21:48 - 2015-12-13 21:32 - 00003510 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2015-12-11 21:47 - 2015-12-11 21:47 - 00000000 ____D C:\Users\MaG\Downloads\Microsoft Toolkit
2015-12-11 21:43 - 2015-12-11 21:43 - 27362856 _____ C:\Users\MaG\Downloads\Microsoft Toolkit.zip
2015-12-09 20:51 - 2015-12-09 20:51 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-12-09 20:51 - 2015-12-09 20:51 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-12-08 21:59 - 2015-12-08 21:59 - 00000386 _____ C:\Users\MaG\Downloads\delete-office2007-activation-64bit.reg
2015-12-08 21:14 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-08 21:12 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-08 21:12 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-08 21:12 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-08 21:12 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-08 21:12 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-08 21:12 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-08 21:12 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-08 21:12 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-12-08 21:12 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-08 21:12 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-08 21:12 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-12-08 21:12 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-08 21:12 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-08 21:12 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-08 21:12 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-08 21:12 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-12-08 21:12 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-08 21:12 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-08 21:12 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-08 21:12 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-08 21:12 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-12-08 21:11 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-08 21:11 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-08 21:11 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-12-08 21:11 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-12-08 21:11 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-12-08 21:11 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-12-08 21:11 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-08 21:11 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-12-08 21:11 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-12-08 21:11 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-08 21:11 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-08 21:11 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-08 21:11 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-08 21:11 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-08 21:11 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-08 21:11 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-08 21:11 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-12-08 21:11 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-12-08 21:11 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-12-08 21:11 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-12-08 21:11 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-12-08 21:11 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-12-08 21:11 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-12-08 21:11 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-12-08 21:11 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-12-08 21:11 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-12-08 21:11 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-12-08 21:11 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-12-08 21:11 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-12-08 21:11 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-12-08 21:11 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-08 21:11 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-12-08 21:11 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-08 21:11 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-08 21:11 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-08 21:11 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-12-08 21:11 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-08 21:11 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-08 21:11 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-08 21:11 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-12-08 21:11 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-12-08 21:11 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-12-08 21:11 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-12-08 21:11 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-08 21:11 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-08 21:11 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-08 21:11 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-12-08 21:11 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-08 21:11 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-12-08 21:11 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-12-08 21:11 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-08 21:11 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-08 21:11 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-08 21:11 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-08 21:11 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-08 21:11 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-12-08 21:11 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-08 21:11 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-12-08 21:11 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-08 21:11 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-12-08 21:11 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-12-08 21:11 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-12-08 21:11 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-12-08 21:10 - 2015-10-11 07:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-08 21:10 - 2015-10-11 07:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-12-08 21:10 - 2015-10-11 07:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-12-08 21:10 - 2015-10-11 07:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-12-08 21:10 - 2015-10-11 07:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-12-08 21:10 - 2015-10-10 19:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-12-08 21:10 - 2015-10-10 19:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-12-08 21:10 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-12-08 21:10 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-12-08 21:10 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-12-08 21:10 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-12-07 21:03 - 2015-12-07 21:03 - 00443744 _____ C:\Users\MaG\Downloads\keyfinder_2.0.10.10.zip
2015-12-07 20:49 - 2015-12-07 20:49 - 00001481 _____ C:\Users\MaG\Desktop\TeamViewer.exe - Verknüpfung.lnk
2015-12-07 20:46 - 2015-12-07 20:46 - 00000000 ____D C:\Users\MaG\Downloads\TeamViewerPortable
2015-12-07 20:45 - 2015-12-07 21:23 - 00000000 ____D C:\Users\MaG\AppData\Roaming\TeamViewer
2015-12-07 20:45 - 2015-12-07 20:46 - 27578035 _____ C:\Users\MaG\Downloads\TeamViewerPortable.zip
2015-12-07 20:44 - 2015-12-07 20:44 - 06944152 _____ (TeamViewer) C:\Users\MaG\Downloads\TeamViewerQS_de-jfa.exe
2015-12-05 17:55 - 2015-12-13 21:29 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-05 17:55 - 2015-12-13 21:00 - 00001148 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-05 17:55 - 2015-12-05 17:55 - 00004120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-05 17:55 - 2015-12-05 17:55 - 00003884 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-29 19:54 - 2015-12-13 18:01 - 00001138 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2015-11-29 19:54 - 2015-11-29 19:54 - 00000000 ____D C:\Users\MaG\AppData\Roaming\Mozilla
2015-11-29 19:49 - 2015-12-13 21:28 - 00000000 ____D C:\Program Files (x86)\Avira
2015-11-29 19:49 - 2015-12-13 21:24 - 00000000 ____D C:\ProgramData\Avira
2015-11-29 19:49 - 2015-11-29 19:49 - 04584344 _____ (Avira Operations GmbH & Co. KG) C:\Users\MaG\Downloads\avira_de_av_565b4865d4552__ws.exe
2015-11-29 19:23 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-11-29 19:23 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-11-25 21:10 - 2015-11-25 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2015-11-25 21:03 - 2015-11-25 21:03 - 09552328 _____ (IObit ) C:\Users\MaG\Downloads\sm8-setup (1).exe
2015-11-23 21:31 - 2015-12-13 20:07 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-23 21:31 - 2015-11-23 21:31 - 00001122 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-11-23 21:31 - 2015-11-23 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-11-23 21:31 - 2015-11-23 21:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-23 21:31 - 2015-11-23 21:31 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-11-23 21:31 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-23 21:31 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-23 21:31 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-23 21:30 - 2015-11-23 21:31 - 22908888 _____ (Malwarebytes ) C:\Users\MaG\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-23 21:25 - 2015-11-23 21:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\MaG\Downloads\HijackThis_2.0.5 (1).exe
2015-11-22 20:14 - 2015-11-22 20:14 - 00049502 _____ C:\Users\MaG\Downloads\fsekrit.zip
2015-11-22 20:14 - 2015-11-22 20:14 - 00000000 ____D C:\Users\MaG\Downloads\fsekrit
2015-11-21 08:24 - 2015-11-21 08:24 - 00000571 _____ C:\Users\MaG\Downloads\bbr (1).vcf
2015-11-21 08:17 - 2015-11-21 08:17 - 00000558 _____ C:\Users\MaG\Downloads\MalermeisterKlocksin.vcf
2015-11-21 08:16 - 2015-11-21 08:16 - 00000571 _____ C:\Users\MaG\Downloads\bbr.vcf
2015-11-21 08:15 - 2015-11-21 08:15 - 00000571 _____ C:\Users\MaG\Downloads\vcf
2015-11-15 17:41 - 2015-11-15 17:44 - 00000000 ____D C:\Users\MaG\AppData\Roaming\freac
2015-11-15 17:41 - 2015-11-15 17:41 - 00000983 _____ C:\Users\Public\Desktop\freac - free audio converter.lnk
2015-11-15 17:41 - 2015-11-15 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter
2015-11-15 17:41 - 2015-11-15 17:41 - 00000000 ____D C:\Program Files (x86)\freac
2015-11-15 17:40 - 2015-11-15 17:40 - 07534391 _____ C:\Users\MaG\Downloads\freac-1.0.26.exe
2015-11-15 17:03 - 2015-11-15 17:03 - 23385120 _____ (SuperEasy Software GmbH & Co. KG ) C:\Users\MaG\Downloads\supereasy_audio_converter_2_2.1.3063_8217.exe
2015-11-15 17:03 - 2015-11-15 17:03 - 00001375 _____ C:\Users\Public\Desktop\Audio Converter 2.lnk
2015-11-15 17:03 - 2015-11-15 17:03 - 00000000 ____D C:\Users\MaG\AppData\Roaming\SuperEasy Software
2015-11-15 17:03 - 2015-11-15 17:03 - 00000000 ____D C:\ProgramData\SuperEasy Software
2015-11-15 17:03 - 2015-11-15 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software
2015-11-15 17:03 - 2015-11-15 17:03 - 00000000 ____D C:\Program Files (x86)\SuperEasy Software
2015-11-15 17:03 - 2013-04-02 10:20 - 00506312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2015-11-15 17:03 - 2013-04-02 10:20 - 00354760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2015-11-15 17:00 - 2015-12-10 21:39 - 00000000 ____D C:\Users\MaG\AppData\Local\CrashDumps
2015-11-15 16:59 - 2015-11-15 17:00 - 01391294 _____ C:\Users\MaG\Downloads\setup_1.9.4.exe
2015-11-14 20:59 - 2015-11-14 20:59 - 00001069 _____ C:\Users\Administrator\Desktop\Notepad++.lnk

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-10-21 14:36 - 2013-10-24 23:44 - 00000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC.dat
2021-10-04 08:34 - 2013-10-24 23:44 - 00000712 _____ C:\WINDOWS\system32\Drivers\RTMICEQ0.dat
2015-12-13 21:44 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-12-13 21:34 - 2015-10-03 19:28 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3000335157-3192853593-1025591007-1001
2015-12-13 21:32 - 2014-01-05 09:52 - 00000000 ____D C:\Users\MaG\Documents\Outlook-Dateien
2015-12-13 21:31 - 2013-12-18 21:24 - 00000000 ___RD C:\Users\MaG\Dropbox
2015-12-13 21:30 - 2015-07-18 17:15 - 00000000 ____D C:\Users\MaG\AppData\Local\Dropbox
2015-12-13 21:30 - 2015-03-14 20:03 - 00000000 ___RD C:\Users\MaG\Google Drive
2015-12-13 21:29 - 2015-08-16 21:03 - 00000000 ___RD C:\Users\MaG\OneDrive
2015-12-13 21:28 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-13 21:24 - 2015-08-16 19:38 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-13 19:57 - 2015-10-24 21:06 - 00003946 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B1CCAF13-B0DA-4533-8F98-76EA3C1430D0}
2015-12-13 18:05 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-13 18:00 - 2015-07-18 19:05 - 00000000 ____D C:\ProgramData\ProductData
2015-12-13 14:03 - 2013-08-22 16:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2015-12-13 14:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Help
2015-12-13 14:03 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-13 13:49 - 2015-07-18 17:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-13 13:23 - 2014-11-21 04:35 - 01785582 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-13 13:23 - 2014-11-21 03:45 - 00769092 _____ C:\WINDOWS\system32\perfh007.dat
2015-12-13 13:23 - 2014-11-21 03:45 - 00160376 _____ C:\WINDOWS\system32\perfc007.dat
2015-12-13 13:20 - 2015-07-18 17:15 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-10 21:11 - 2015-10-25 06:23 - 00495520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-09 21:01 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-09 20:59 - 2015-07-30 20:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 20:54 - 2015-07-30 20:53 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 21:03 - 2015-07-18 17:15 - 00002159 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-08 21:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-07 20:39 - 2015-11-03 09:36 - 00001580 _____ C:\WINDOWS\Sandboxie.ini
2015-12-02 21:09 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-01 18:19 - 2014-11-21 12:01 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 18:19 - 2014-11-21 12:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-30 21:08 - 2015-08-19 21:00 - 00000000 ____D C:\Users\MaG\AppData\Roaming\vlc
2015-11-29 21:11 - 2015-09-26 12:32 - 00000000 ____D C:\Users\MaG\AppData\Local\PDFCreator
2015-11-29 20:22 - 2013-10-09 13:40 - 00000000 ____D C:\ProgramData\WildTangent
2015-11-29 20:22 - 2013-10-09 13:40 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2015-11-29 20:21 - 2013-10-25 00:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-29 20:21 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-29 19:45 - 2014-02-15 20:57 - 00000000 ____D C:\AdwCleaner
2015-11-25 21:10 - 2015-07-18 19:04 - 00000000 ____D C:\Program Files (x86)\IObit
2015-11-24 06:34 - 2015-08-09 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-24 06:29 - 2015-08-16 21:11 - 00000306 __RSH C:\ProgramData\ntuser.pol
2015-11-23 22:00 - 2015-08-16 14:48 - 00000000 ____D C:\Program Files\{C8CB9DA7-B575-4B96-82FC-A2CA5C901B07}
2015-11-23 22:00 - 2015-08-16 14:48 - 00000000 ____D C:\Program Files (x86)\{EE16DB03-3219-471E-9F46-B6D5D7D2545A}
2015-11-23 22:00 - 2015-08-13 06:27 - 00000000 ____D C:\Program Files\{5665CFBB-D258-48CB-AB68-3F94D8D32D50}
2015-11-23 22:00 - 2015-08-13 06:27 - 00000000 ____D C:\Program Files (x86)\{8BA17998-868A-4AE1-AC30-9AEC1FF5C583}
2015-11-21 07:45 - 2015-10-22 22:30 - 00001542 _____ C:\WINDOWS\system32\.crusader
2015-11-15 19:51 - 2015-08-16 19:45 - 00000000 ____D C:\Users\MaG
2015-11-14 20:59 - 2015-07-21 07:34 - 00000000 ____D C:\Users\MaG\AppData\Roaming\Notepad++

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-08-29 10:36 - 2015-08-29 10:37 - 0035078 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2015-09-19 19:49 - 2015-09-22 19:49 - 0000106 _____ () C:\Users\MaG\AppData\Roaming\sn.txt
2015-08-08 19:35 - 2015-08-08 19:35 - 0000516 _____ () C:\Users\MaG\AppData\Local\6U3x63w.vbs
2015-08-23 07:48 - 2015-08-23 07:49 - 0000516 _____ () C:\Users\MaG\AppData\Local\7o5cj3r.vbs
2015-08-23 09:46 - 2015-08-23 09:46 - 0000362 _____ () C:\Users\MaG\AppData\Local\boukZ.vbs
2015-08-08 19:24 - 2015-08-08 19:24 - 3531374 _____ () C:\Users\MaG\AppData\Local\curl.zip
2015-07-19 21:19 - 2015-07-19 21:19 - 0000396 _____ () C:\Users\MaG\AppData\Local\G0rg5H.vbs
2015-09-22 19:49 - 2015-09-22 19:49 - 0000362 _____ () C:\Users\MaG\AppData\Local\hpiDp.vbs
2015-11-02 15:23 - 2015-11-02 15:23 - 0004096 ____H () C:\Users\MaG\AppData\Local\keyfile3.drm
2015-09-26 12:17 - 2015-09-26 12:17 - 0000740 _____ () C:\Users\MaG\AppData\Local\recently-used.xbel
2015-09-19 19:49 - 2015-09-19 19:49 - 0000362 _____ () C:\Users\MaG\AppData\Local\t4t5KB.vbs
2015-07-18 20:48 - 2015-07-18 20:48 - 0000057 _____ () C:\ProgramData\Ament.ini

Einige Dateien in TEMP:
====================
C:\Users\MaG\AppData\Local\Temp\avgnt.exe
C:\Users\MaG\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo0kk4y.dll
C:\Users\MaG\AppData\Local\Temp\vs60wiz.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-12-13 20:04

==================== Ende von FRST.txt ============================
         
--- --- ---


leider kann ich den Defender nach der Deinstallation von avira nicht starten. Bringt mir nen Fehler - ist das normal?

Alt 13.12.2015, 21:57   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Webseiten werden geöffnet - Standard

Webseiten werden geöffnet



Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.12.2015, 22:26   #12
blubbblabb
 
Webseiten werden geöffnet - Standard

Webseiten werden geöffnet



Scan ist nun durch - er hat keine Malware gefunden. Ich konnte also kein cleanup drücken.
Was könnte ich noch machen?

Alt 13.12.2015, 22:34   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Webseiten werden geöffnet - Standard

Webseiten werden geöffnet



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.12.2015, 22:55   #14
blubbblabb
 
Webseiten werden geöffnet - Standard

Webseiten werden geöffnet



hier das Ergebnis von jrt
JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 x64 
Ran by MaG (Administrator) on 13.12.2015 at 22:42:07,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2 

Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\Users\MaG\AppData\Roaming\productdata (Folder) 



Registry: 3 

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E08260-0695-4EC1-A74B-1310D8899D93} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{2DFF3579-5AA7-45B9-9328-1D38EA230861} (Registry Value) 




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.12.2015 at 22:45:01,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---



FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
durchgeführt von MaG (Administrator) auf KANOCKELHOPPEL (13-12-2015 22:48:56)
Gestartet von C:\Users\MaG\Downloads
Geladene Profile: MaG (Verfügbare Profile: MaG & Administrator)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\SMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\InstallServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [393480 2015-03-19] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016944 2013-05-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ACHTUNG
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [BoxcryptorClassic.exe] => C:\Program Files (x86)\Boxcryptor Classic\BoxcryptorClassic.exe [2249984 2014-07-31] (Secomba GmbH)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [HP Deskjet 3070 B611 series (NET)] => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [f.lux] => C:\Users\MaG\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-10-22] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Policies\Explorer: [HideSCAVolume] 0
SSODL: EldosMountNotificator-cbfs4 - {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - C:\WINDOWS\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {0F69E671-7419-4ABB-ACDB-1DC49268D4D2} - C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {AAC3F40E-D943-4222-94D0-24ADA88404B9} => C:\WINDOWS\system32\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {AAC3F40E-D943-4222-94D0-24ADA88404B9} => C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
Startup: C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-07-21]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk [2015-12-13]
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{DC547890-78E3-4C07-AE37-F747FD513F4C}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\MaG\AppData\Roaming\Mozilla\Firefox\Profiles\GWy82fZH.default
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2011-01-28] ( Sanford L.P.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-08] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-09-17] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-3000335157-3192853593-1025591007-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-06-08] (Tracker Software Products (Canada) Ltd.)
FF Extension: Avira Browser Safety - C:\Users\MaG\AppData\Roaming\Mozilla\Firefox\Profiles\GWy82fZH.default\Extensions\abs@avira.com [2015-11-29] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF Extension: PDF Architect 3 Creator - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-09-26] [ist nicht signiert]

Chrome: 
=======
CHR Profile: C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Web Store) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-11-29]
CHR Extension: (Web Store) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Web Store) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-10-22]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\MaG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>
CHR HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MaG\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-10-22]
CHR HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-07-21] (Adobe Systems) [Datei ist nicht signiert]
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-18] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-18] (Dropbox, Inc.)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24376 2015-06-30] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-06] (IObit)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-18] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244832 2015-09-17] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [964832 2015-09-17] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [767712 2015-09-17] (pdfforge GmbH)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SMService; C:\program files (x86)\iobit\Classic Start\SMService.exe [1056544 2015-11-06] (IObit)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R1 cbfs4; C:\WINDOWS\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-08] (Intel Corporation)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [40704 2015-08-04] (SoftEther Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC)
S3 SEE; C:\Windows\System32\drivers\see.sys [49024 2015-08-20] (SoftEther Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-05-20] (Synaptics Incorporated)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42088 2015-06-04] (Anchorfree Inc.)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)
S1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-13 22:47 - 2015-12-13 22:48 - 00039024 _____ C:\Users\MaG\Downloads\Addition.txt
2015-12-13 22:45 - 2015-12-13 22:45 - 00001094 _____ C:\Users\MaG\Desktop\JRT.txt
2015-12-13 22:45 - 2015-12-13 22:45 - 00000000 ____D C:\Users\MaG\AppData\Roaming\ProductData
2015-12-13 22:36 - 2015-12-13 22:36 - 01599336 _____ (Malwarebytes) C:\Users\MaG\Downloads\JRT.exe
2015-12-13 22:35 - 2015-12-13 22:36 - 01740288 _____ C:\Users\MaG\Downloads\AdwCleaner_5.025.exe
2015-12-13 22:00 - 2015-12-13 22:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-13 21:59 - 2015-12-13 22:27 - 00000000 ____D C:\Users\MaG\Desktop\mbar
2015-12-13 21:59 - 2015-12-13 21:59 - 16563352 _____ (Malwarebytes Corp.) C:\Users\MaG\Downloads\mbar-1.09.3.1001.exe
2015-12-13 21:43 - 2015-12-13 21:43 - 00713112 _____ C:\Users\MaG\Downloads\NoDefender.zip
2015-12-13 21:00 - 2015-12-13 22:49 - 00025613 _____ C:\Users\MaG\Downloads\FRST.txt
2015-12-13 21:00 - 2015-12-13 22:48 - 00000000 ____D C:\FRST
2015-12-13 20:57 - 2015-12-13 20:59 - 02369536 _____ (Farbar) C:\Users\MaG\Downloads\FRST64.exe
2015-12-13 20:27 - 2015-12-13 20:27 - 00085016 _____ C:\Users\MaG\Downloads\Extras.Txt
2015-12-13 20:26 - 2015-12-13 20:26 - 00154888 _____ C:\Users\MaG\Downloads\OTL.Txt
2015-12-13 20:13 - 2015-12-13 20:13 - 00602112 _____ (OldTimer Tools) C:\Users\MaG\Downloads\OTL.exe
2015-12-13 14:03 - 2015-12-13 14:03 - 00001273 _____ C:\WINDOWS\VB.INI
2015-12-13 14:03 - 2015-12-13 14:03 - 00000535 _____ C:\WINDOWS\ODBCINST.INI
2015-12-13 14:03 - 2015-12-13 14:03 - 00000288 _____ C:\WINDOWS\ODBC.INI
2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\WINDOWS\msapps
2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\Users\MaG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Web Publishing
2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 6.0
2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 ____D C:\Program Files (x86)\Web Publish
2015-12-13 14:03 - 2015-12-13 14:03 - 00000000 _____ C:\WINDOWS\wplog.txt
2015-12-13 14:03 - 1998-05-15 15:57 - 00093456 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\FPWPP.DLL
2015-12-13 14:03 - 1998-05-14 17:30 - 00099008 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSTWPP.DLL
2015-12-13 14:03 - 1998-04-29 17:52 - 00145360 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\WEBPOST.DLL
2015-12-13 14:03 - 1998-04-29 17:52 - 00121984 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\CRSWPP.DLL
2015-12-13 14:03 - 1998-04-29 17:52 - 00112064 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\WPWIZDLL.DLL
2015-12-13 14:03 - 1998-04-29 17:52 - 00098960 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\FTPWPP.DLL
2015-12-13 14:03 - 1998-04-29 17:52 - 00050816 ____R (Microsoft Corporation) C:\WINDOWS\SysWOW64\PIPARSE.DLL
2015-12-13 14:02 - 2015-12-13 14:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2015-12-13 14:01 - 2015-12-13 14:01 - 00143300 _____ C:\WINDOWS\vssetup.ttf
2015-12-13 14:01 - 2015-12-13 14:01 - 00001409 _____ C:\WINDOWS\vssetup.for
2015-12-13 13:20 - 2015-12-13 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-11 21:48 - 2015-12-13 21:32 - 00003510 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2015-12-11 21:47 - 2015-12-11 21:47 - 00000000 ____D C:\Users\MaG\Downloads\Microsoft Toolkit
2015-12-11 21:43 - 2015-12-11 21:43 - 27362856 _____ C:\Users\MaG\Downloads\Microsoft Toolkit.zip
2015-12-09 20:51 - 2015-12-09 20:51 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-12-09 20:51 - 2015-12-09 20:51 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-12-08 21:14 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-08 21:12 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-08 21:12 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-08 21:12 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-08 21:12 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-08 21:12 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-08 21:12 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-08 21:12 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-08 21:12 - 2015-11-10 00:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-12-08 21:12 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-08 21:12 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-08 21:12 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-12-08 21:12 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-08 21:12 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-08 21:12 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-08 21:12 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-08 21:12 - 2015-11-08 22:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-12-08 21:12 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-08 21:12 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-08 21:12 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-08 21:12 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-08 21:12 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-12-08 21:11 - 2015-11-22 07:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-08 21:11 - 2015-11-22 07:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-08 21:11 - 2015-11-22 07:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-12-08 21:11 - 2015-11-22 07:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-12-08 21:11 - 2015-11-22 07:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-12-08 21:11 - 2015-11-22 07:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-12-08 21:11 - 2015-11-22 07:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-08 21:11 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-12-08 21:11 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-12-08 21:11 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-08 21:11 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-08 21:11 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-08 21:11 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-08 21:11 - 2015-11-20 23:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-08 21:11 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-08 21:11 - 2015-11-20 17:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-08 21:11 - 2015-11-20 17:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-12-08 21:11 - 2015-11-20 17:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-12-08 21:11 - 2015-11-20 17:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-12-08 21:11 - 2015-11-20 17:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-12-08 21:11 - 2015-11-20 17:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-12-08 21:11 - 2015-11-20 17:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-12-08 21:11 - 2015-11-20 17:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-12-08 21:11 - 2015-11-20 17:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-12-08 21:11 - 2015-11-20 17:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-12-08 21:11 - 2015-11-20 17:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-12-08 21:11 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-12-08 21:11 - 2015-11-11 16:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-12-08 21:11 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-12-08 21:11 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-12-08 21:11 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-08 21:11 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-12-08 21:11 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-08 21:11 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-08 21:11 - 2015-11-10 00:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-08 21:11 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-12-08 21:11 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-08 21:11 - 2015-11-08 23:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-08 21:11 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-08 21:11 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-12-08 21:11 - 2015-11-08 22:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-12-08 21:11 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-12-08 21:11 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-12-08 21:11 - 2015-11-08 22:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-08 21:11 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-08 21:11 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-08 21:11 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-12-08 21:11 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-08 21:11 - 2015-11-08 21:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-12-08 21:11 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-12-08 21:11 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-08 21:11 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-08 21:11 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-08 21:11 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-08 21:11 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-08 21:11 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-08 21:11 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-08 21:11 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-12-08 21:11 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-08 21:11 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-12-08 21:11 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-08 21:11 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-12-08 21:11 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-12-08 21:11 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-12-08 21:11 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-12-08 21:10 - 2015-10-11 07:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-08 21:10 - 2015-10-11 07:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-12-08 21:10 - 2015-10-11 07:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-12-08 21:10 - 2015-10-11 07:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-12-08 21:10 - 2015-10-11 07:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-12-08 21:10 - 2015-10-10 19:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-12-08 21:10 - 2015-10-10 19:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-12-08 21:10 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-12-08 21:10 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-12-08 21:10 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-12-08 21:10 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-12-07 21:03 - 2015-12-07 21:03 - 00443744 _____ C:\Users\MaG\Downloads\keyfinder_2.0.10.10.zip
2015-12-07 20:49 - 2015-12-07 20:49 - 00001481 _____ C:\Users\MaG\Desktop\TeamViewer.exe - Verknüpfung.lnk
2015-12-07 20:46 - 2015-12-07 20:46 - 00000000 ____D C:\Users\MaG\Downloads\TeamViewerPortable
2015-12-07 20:45 - 2015-12-07 21:23 - 00000000 ____D C:\Users\MaG\AppData\Roaming\TeamViewer
2015-12-07 20:45 - 2015-12-07 20:46 - 27578035 _____ C:\Users\MaG\Downloads\TeamViewerPortable.zip
2015-12-07 20:44 - 2015-12-07 20:44 - 06944152 _____ (TeamViewer) C:\Users\MaG\Downloads\TeamViewerQS_de-jfa.exe
2015-12-05 17:55 - 2015-12-13 22:40 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-05 17:55 - 2015-12-13 22:00 - 00001148 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-05 17:55 - 2015-12-05 17:55 - 00004120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-05 17:55 - 2015-12-05 17:55 - 00003884 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-29 19:54 - 2015-12-13 18:01 - 00001138 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2015-11-29 19:54 - 2015-11-29 19:54 - 00000000 ____D C:\Users\MaG\AppData\Roaming\Mozilla
2015-11-29 19:49 - 2015-12-13 21:28 - 00000000 ____D C:\Program Files (x86)\Avira
2015-11-29 19:49 - 2015-12-13 21:24 - 00000000 ____D C:\ProgramData\Avira
2015-11-29 19:49 - 2015-11-29 19:49 - 04584344 _____ (Avira Operations GmbH & Co. KG) C:\Users\MaG\Downloads\avira_de_av_565b4865d4552__ws.exe
2015-11-29 19:23 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-11-29 19:23 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-11-25 21:10 - 2015-11-25 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2015-11-25 21:03 - 2015-11-25 21:03 - 09552328 _____ (IObit ) C:\Users\MaG\Downloads\sm8-setup (1).exe
2015-11-23 21:31 - 2015-12-13 22:00 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-23 21:31 - 2015-12-13 21:59 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-23 21:31 - 2015-11-23 21:31 - 00001122 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-11-23 21:31 - 2015-11-23 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-11-23 21:31 - 2015-11-23 21:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-23 21:31 - 2015-11-23 21:31 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-11-23 21:31 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-23 21:31 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-23 21:30 - 2015-11-23 21:31 - 22908888 _____ (Malwarebytes ) C:\Users\MaG\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-23 21:25 - 2015-11-23 21:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\MaG\Downloads\HijackThis_2.0.5 (1).exe
2015-11-22 20:14 - 2015-11-22 20:14 - 00049502 _____ C:\Users\MaG\Downloads\fsekrit.zip
2015-11-22 20:14 - 2015-11-22 20:14 - 00000000 ____D C:\Users\MaG\Downloads\fsekrit
2015-11-21 08:24 - 2015-11-21 08:24 - 00000571 _____ C:\Users\MaG\Downloads\bbr (1).vcf
2015-11-21 08:17 - 2015-11-21 08:17 - 00000558 _____ C:\Users\MaG\Downloads\MalermeisterKlocksin.vcf
2015-11-21 08:16 - 2015-11-21 08:16 - 00000571 _____ C:\Users\MaG\Downloads\bbr.vcf
2015-11-21 08:15 - 2015-11-21 08:15 - 00000571 _____ C:\Users\MaG\Downloads\vcf
2015-11-15 17:41 - 2015-11-15 17:44 - 00000000 ____D C:\Users\MaG\AppData\Roaming\freac
2015-11-15 17:41 - 2015-11-15 17:41 - 00000983 _____ C:\Users\Public\Desktop\freac - free audio converter.lnk
2015-11-15 17:41 - 2015-11-15 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter
2015-11-15 17:41 - 2015-11-15 17:41 - 00000000 ____D C:\Program Files (x86)\freac
2015-11-15 17:40 - 2015-11-15 17:40 - 07534391 _____ C:\Users\MaG\Downloads\freac-1.0.26.exe
2015-11-15 17:03 - 2015-11-15 17:03 - 23385120 _____ (SuperEasy Software GmbH & Co. KG ) C:\Users\MaG\Downloads\supereasy_audio_converter_2_2.1.3063_8217.exe
2015-11-15 17:03 - 2015-11-15 17:03 - 00001375 _____ C:\Users\Public\Desktop\Audio Converter 2.lnk
2015-11-15 17:03 - 2013-04-02 10:20 - 00506312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2015-11-15 17:03 - 2013-04-02 10:20 - 00354760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2015-11-15 17:00 - 2015-12-10 21:39 - 00000000 ____D C:\Users\MaG\AppData\Local\CrashDumps
2015-11-15 16:59 - 2015-11-15 17:00 - 01391294 _____ C:\Users\MaG\Downloads\setup_1.9.4.exe
2015-11-14 20:59 - 2015-11-14 20:59 - 00001069 _____ C:\Users\Administrator\Desktop\Notepad++.lnk

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-10-21 14:36 - 2013-10-24 23:44 - 00000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC.dat
2021-10-04 08:34 - 2013-10-24 23:44 - 00000712 _____ C:\WINDOWS\system32\Drivers\RTMICEQ0.dat
2015-12-13 22:47 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-12-13 22:46 - 2015-08-16 21:03 - 00000000 ___RD C:\Users\MaG\OneDrive
2015-12-13 22:45 - 2015-10-03 19:28 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3000335157-3192853593-1025591007-1001
2015-12-13 22:41 - 2015-07-18 17:15 - 00000000 ____D C:\Users\MaG\AppData\Local\Dropbox
2015-12-13 22:41 - 2015-03-14 20:03 - 00000000 ___RD C:\Users\MaG\Google Drive
2015-12-13 22:41 - 2013-12-18 21:24 - 00000000 ___RD C:\Users\MaG\Dropbox
2015-12-13 22:39 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-13 22:38 - 2015-08-16 21:11 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-12-13 22:38 - 2014-02-15 20:57 - 00000000 ____D C:\AdwCleaner
2015-12-13 22:38 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-12-13 22:38 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-13 22:27 - 2014-01-05 09:52 - 00000000 ____D C:\Users\MaG\Documents\Outlook-Dateien
2015-12-13 21:24 - 2015-08-16 19:38 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-13 19:57 - 2015-10-24 21:06 - 00003946 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B1CCAF13-B0DA-4533-8F98-76EA3C1430D0}
2015-12-13 14:03 - 2013-08-22 16:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2015-12-13 14:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Help
2015-12-13 14:03 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-13 13:49 - 2015-07-18 17:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-13 13:23 - 2014-11-21 04:35 - 01785582 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-13 13:23 - 2014-11-21 03:45 - 00769092 _____ C:\WINDOWS\system32\perfh007.dat
2015-12-13 13:23 - 2014-11-21 03:45 - 00160376 _____ C:\WINDOWS\system32\perfc007.dat
2015-12-13 13:20 - 2015-07-18 17:15 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-10 21:11 - 2015-10-25 06:23 - 00495520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-09 21:01 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-09 20:59 - 2015-07-30 20:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 20:54 - 2015-07-30 20:53 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 21:03 - 2015-07-18 17:15 - 00002159 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-08 21:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-07 20:39 - 2015-11-03 09:36 - 00001580 _____ C:\WINDOWS\Sandboxie.ini
2015-12-02 21:09 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-01 18:19 - 2014-11-21 12:01 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 18:19 - 2014-11-21 12:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-30 21:08 - 2015-08-19 21:00 - 00000000 ____D C:\Users\MaG\AppData\Roaming\vlc
2015-11-29 21:11 - 2015-09-26 12:32 - 00000000 ____D C:\Users\MaG\AppData\Local\PDFCreator
2015-11-29 20:22 - 2013-10-09 13:40 - 00000000 ____D C:\ProgramData\WildTangent
2015-11-29 20:22 - 2013-10-09 13:40 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2015-11-29 20:21 - 2013-10-25 00:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-29 20:21 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-25 21:10 - 2015-07-18 19:04 - 00000000 ____D C:\Program Files (x86)\IObit
2015-11-24 06:34 - 2015-08-09 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-21 07:45 - 2015-10-22 22:30 - 00001542 _____ C:\WINDOWS\system32\.crusader
2015-11-15 19:51 - 2015-08-16 19:45 - 00000000 ____D C:\Users\MaG
2015-11-14 20:59 - 2015-07-21 07:34 - 00000000 ____D C:\Users\MaG\AppData\Roaming\Notepad++

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-08-29 10:36 - 2015-08-29 10:37 - 0035078 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2015-09-19 19:49 - 2015-09-22 19:49 - 0000106 _____ () C:\Users\MaG\AppData\Roaming\sn.txt
2015-08-08 19:35 - 2015-08-08 19:35 - 0000516 _____ () C:\Users\MaG\AppData\Local\6U3x63w.vbs
2015-08-23 07:48 - 2015-08-23 07:49 - 0000516 _____ () C:\Users\MaG\AppData\Local\7o5cj3r.vbs
2015-08-23 09:46 - 2015-08-23 09:46 - 0000362 _____ () C:\Users\MaG\AppData\Local\boukZ.vbs
2015-08-08 19:24 - 2015-08-08 19:24 - 3531374 _____ () C:\Users\MaG\AppData\Local\curl.zip
2015-07-19 21:19 - 2015-07-19 21:19 - 0000396 _____ () C:\Users\MaG\AppData\Local\G0rg5H.vbs
2015-09-22 19:49 - 2015-09-22 19:49 - 0000362 _____ () C:\Users\MaG\AppData\Local\hpiDp.vbs
2015-11-02 15:23 - 2015-11-02 15:23 - 0004096 ____H () C:\Users\MaG\AppData\Local\keyfile3.drm
2015-09-26 12:17 - 2015-09-26 12:17 - 0000740 _____ () C:\Users\MaG\AppData\Local\recently-used.xbel
2015-09-19 19:49 - 2015-09-19 19:49 - 0000362 _____ () C:\Users\MaG\AppData\Local\t4t5KB.vbs
2015-07-18 20:48 - 2015-07-18 20:48 - 0000057 _____ () C:\ProgramData\Ament.ini

Einige Dateien in TEMP:
====================
C:\Users\MaG\AppData\Local\Temp\avgnt.exe
C:\Users\MaG\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo0kk4y.dll
C:\Users\MaG\AppData\Local\Temp\sqlite3.dll
C:\Users\MaG\AppData\Local\Temp\vs60wiz.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-12-13 20:04

==================== Ende von FRST.txt ============================
         
--- --- ---

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
durchgeführt von MaG (2015-12-13 22:49:13)
Gestartet von C:\Users\MaG\Downloads
Windows 8.1 (X64) (2015-08-16 19:54:48)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3000335157-3192853593-1025591007-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-3000335157-3192853593-1025591007-501 - Limited - Disabled)
MaG (S-1-5-21-3000335157-3192853593-1025591007-1001 - Administrator - Enabled) => C:\Users\MaG

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4K Video Downloader 3.6 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.6.3.1785 - Open Media LLC)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{E3CA751C-E133-0BF1-3151-7A6D3FB88015}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Authorizer 2.9.0d5 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.9.0d5 - Propellerhead Software AB)
Boxcryptor Classic 1.7 (HKLM-x32\...\{DF47AB90-FB92-42F4-926E-1C4FF16029E7}) (Version: 1.7.409.131 - Secomba GmbH)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.3 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.0.2.1 - Broadcom Corporation)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Click2Music (HKLM-x32\...\Click2Music) (Version:  - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.3.0.1242 - Sanford, L.P.)
f.lux (HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\Flux) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (HKLM\...\{48DF59F8-2ACD-4F1F-87F3-D820FE7A6178}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3070 B611 series Hilfe (HKLM-x32\...\{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{78545512-1F84-4357-8A9A-D94D9C3CE4FA}) (Version: 12.0.26.54 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version:  - )
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Nero WaveEditor (HKLM-x32\...\{EE430B59-A026-4C96-8906-E4C05B7FCC37}) (Version: 12.5.01500 - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
OEM Application Profile (HKLM-x32\...\{ECA361B3-855E-EEAB-C4E9-FFA6F25A4DF4}) (Version: 1.00.0000 - Ihr Firmenname)
Paperless Converter version 9.07 (HKLM-x32\...\Paperless Converter_is1) (Version: 9.07 - Rarefind Engineering Innovations Pvt. Ltd.)
Paperless Printer version 6.0.0.1 (HKLM-x32\...\Paperless Printer_is1) (Version: 6.0.0.1 - Pragnaan Software Private Limited)
PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 Create Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.313.1 - Tracker Software Products Ltd)
Prerequisite installer (x32 Version: 12.0.0005 - Nero AG) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Reason 8 8.3.2d7 (HKLM\...\Reason8.0Stable_64_is1) (Version: 8.3.2d7 - Propellerhead Software AB)
Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 2.4.0.1 - IObit)
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SuperEasy Audio Converter 2 v.2.1.3063 (HKLM-x32\...\{039BC111-3B00-B8C5-E02C-0CA1440A9469}_is1) (Version: 2.1.3063 - SuperEasy Software GmbH & Co. KG)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.37 - Synaptics Incorporated)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU) (Version:  - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

25-11-2015 21:17:38 Uniblue PC Mechanic installation
29-11-2015 19:20:51 Windows Update
29-11-2015 19:54:48 Avira System Speedup 2.0.4
01-12-2015 21:26:11 Windows Modules Installer
09-12-2015 20:48:29 Windows Update
13-12-2015 18:02:08 Removed ProjectLibre
13-12-2015 22:42:21 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2015-10-25 06:17 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

Da befinden sich 15464 zusätzliche Einträge.


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {056F8D16-DB30-43D6-B844-A69F83C0F1B3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {12A9DDFE-D969-4D3A-8E95-C8E9F5015F2D} - \keepup -> Keine Datei <==== ACHTUNG
Task: {140A4242-6565-4DED-A620-FCD33E1ACB7B} - \DriverMgr -> Keine Datei <==== ACHTUNG
Task: {2F92AB55-ED59-44C8-9CB9-32A071ACA7ED} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {3188352C-4465-4817-9661-56246372F4DF} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {3D2DC3F9-CD09-4DFD-B0D3-6770489C3348} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-18] (Google Inc.)
Task: {52DD1A58-FA65-4F78-A296-7AE686322590} - \WinKit -> Keine Datei <==== ACHTUNG
Task: {555DB673-B627-4011-9EAC-9C66B3D9A07B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {5F9A392D-0F93-4D49-B04F-4DF5E1E59674} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {656557D2-E953-4133-A4DA-B6DA2A45183A} - \SpyHunter4Startup -> Keine Datei <==== ACHTUNG
Task: {8413920D-CE6F-46F6-9574-9188FAF2496B} - \Urla1 -> Keine Datei <==== ACHTUNG
Task: {B134DC93-6F45-42D3-A489-2C24C7DDF40B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {B3BCCB8F-F563-4DA2-B325-27F95EA8B431} - \Urla2 -> Keine Datei <==== ACHTUNG
Task: {D3ADBE5B-7D24-478B-9F7A-0746B1F3DBC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-18] (Google Inc.)
Task: {F32D7DA5-8C47-4F4D-AEE0-A7398C655912} - \Urla3 -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-07-24 19:53 - 2012-03-28 20:28 - 00019456 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\QWritex64.dll
2013-10-25 00:04 - 2013-02-20 21:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2015-10-19 21:00 - 2015-10-19 21:00 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-07-18 19:05 - 2015-11-06 12:05 - 00618784 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-10-24 22:34 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-10-24 22:34 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-10-24 22:34 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-10-24 22:34 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-10-24 22:34 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-10-24 23:35 - 2013-05-08 21:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-07-19 21:26 - 2015-11-23 21:05 - 00012288 _____ () C:\Program Files (x86)\Google\Chrome\Application\WTSAPI32.dll
2013-10-25 00:04 - 2013-02-20 21:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-12-08 21:03 - 2015-12-04 22:32 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
2015-12-08 21:03 - 2015-12-04 22:32 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7867 mehr Seiten.

IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\123simsen.com -> www.123simsen.com

Da befinden sich 7867 mehr Seiten.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-3000335157-3192853593-1025591007-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_0034C5CFB848FFC3DA2A3C20C2C3A86D"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D27C2C67-608D-4E0E-9378-992FA77258D0}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{8039EE20-5698-4C20-9C5C-F5F1F62DE282}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{B34D8AE4-D8C7-4056-8112-932D213FD866}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\DeviceSetup.exe
FirewallRules: [{A51982E3-8677-4D7A-8315-4590C92BCC5E}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{C7C5B632-E33E-4356-8511-09866EEE7955}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{DAADAA74-9DFC-4A95-A18E-0A1221F46BF6}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{407EB8EA-8ACC-471D-9572-D4DB5537D539}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{E4E88AC9-5F1B-4746-9F9A-F361F11ED675}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{D14CD3F3-1679-4D9C-9C19-3E6EEC5326D6}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{1714CB00-E0EC-4C0E-A5B2-A4CC580349B8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{D309308A-4A28-4E1D-97C8-18234DAB58AD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{F6D4B300-3739-4C79-A6B0-22404E964637}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{3DDBC3D8-35F4-44F8-82F8-28DC5E291AE6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{ACDFD2BA-B2CF-46FC-B66A-DC6D98D93D16}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{12C44774-64DF-4B86-ADE9-0D0B8E628997}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{59E21C6C-E358-4462-8F28-AE5AD57FFAFC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{85CC36FE-D8D5-41E7-A4BF-882D59D29CB3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{89ECDC59-5605-4B33-BACE-DFAC4B41D44A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{0439C5C4-6C55-46D7-BD51-DE35DA1B1F72}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{BB8DF291-466C-48C9-8D7E-C03F42159DE8}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [TCP Query User{20ECE248-417E-4173-A1FB-9D0FC6189327}C:\users\mag\downloads\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\downloads\teamviewerportable\teamviewer.exe
FirewallRules: [UDP Query User{3D966FCE-0FF8-44EF-A741-2B3FA6CBB0E6}C:\users\mag\downloads\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\downloads\teamviewerportable\teamviewer.exe
FirewallRules: [{ED42765D-0E9B-4792-9BAB-5DA5FE42DA4D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{992A5461-377B-4790-812C-8D55A75DD054}C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe
FirewallRules: [UDP Query User{A2D4ACED-1F9E-44C0-9A97-89837E7C4D02}C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe] => (Allow) C:\users\mag\dropbox\hasi\teamviewerportable\teamviewer.exe
FirewallRules: [TCP Query User{0ED62260-935A-4DF0-A148-8A7554A45B8D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{F96081B8-83EE-4C80-ADEF-E9182926A7D3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{C1397DD8-2F9D-4D6E-AB4D-AC351C47A3D8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/13/2015 07:56:49 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. 

Kontext: Windows Anwendung

Details:
	Das Datenträgeränderungsjournal wird gelöscht.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/13/2015 02:13:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (12/13/2015 02:10:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm acmsetup.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 13e8

Startzeit: 01d135a6739aa026

Endzeit: 0

Anwendungspfad: Z:\~MSSETUP.T\tmp.t\acmsetup.exe

Berichts-ID: e7ac2a12-a19a-11e5-bf17-201a0671fff5

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/13/2015 01:19:21 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. 

Kontext: Windows Anwendung

Details:
	Das Datenträgeränderungsjournal wird gelöscht.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/11/2015 09:49:30 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database

Error: (12/11/2015 09:20:48 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. 

Kontext: Windows Anwendung

Details:
	Das Datenträgeränderungsjournal wird gelöscht.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/10/2015 09:39:10 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (12/10/2015 09:16:31 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. 

Kontext: Windows Anwendung

Details:
	Das Datenträgeränderungsjournal wird gelöscht.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/09/2015 09:28:57 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (12/09/2015 08:47:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: delegate_execute.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661e826
Name des fehlerhaften Moduls: delegate_execute.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661e826
Ausnahmecode: 0x80000003
Fehleroffset: 0x00007f81
ID des fehlerhaften Prozesses: 0xdd8
Startzeit der fehlerhaften Anwendung: 0xdelegate_execute.exe0
Pfad der fehlerhaften Anwendung: delegate_execute.exe1
Pfad des fehlerhaften Moduls: delegate_execute.exe2
Berichtskennung: delegate_execute.exe3
Vollständiger Name des fehlerhaften Pakets: delegate_execute.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: delegate_execute.exe5


Systemfehler:
=============
Error: (12/13/2015 10:38:45 PM) (Source: DCOM) (EventID: 10010) (User: KANOCKELHOPPEL)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (12/13/2015 10:38:45 PM) (Source: DCOM) (EventID: 10010) (User: KANOCKELHOPPEL)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (12/13/2015 10:38:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/13/2015 10:38:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/13/2015 10:38:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Support Solutions Framework Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/13/2015 10:38:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Office Software Protection Platform" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/13/2015 10:38:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/13/2015 10:38:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/13/2015 10:38:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/13/2015 10:38:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2015-12-13 21:57:41.043
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-12-13 21:41:10.205
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-12-13 21:40:41.253
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-12-13 21:39:59.249
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-13 21:39:46.482
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 19%
Installierter physikalischer RAM: 8072.27 MB
Verfügbarer physikalischer RAM: 6491.79 MB
Summe virtueller Speicher: 9352.27 MB
Verfügbarer virtueller Speicher: 7594.98 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:681.75 GB) (Free:523.14 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 2A9D57C6)

Partition: GPT.

==================== Ende von Addition.txt ============================
         

Alt 13.12.2015, 23:00   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Webseiten werden geöffnet - Standard

Webseiten werden geöffnet



adwcleaner fehlt
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Webseiten werden geöffnet
browser, dauernd, einiger, folge, folgendes, hallo zusammen, install.exe, laptop, launch, leerlauf, nichts, onedrive, phänomen, plagegeist, rechner, reiter, starte, startet, versuch, versucht, veränderung, webseite, webseiten, wirklich, zufällig, zusammen, ändern, öffnet



Ähnliche Themen: Webseiten werden geöffnet


  1. Windows 7 Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 07.09.2015 (10)
  2. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 30.07.2015 (8)
  3. Webseiten werden ständig geöffnet Win 8
    Log-Analyse und Auswertung - 26.05.2015 (23)
  4. Windows 8.1: Plus-HD-V1.6, Webseiten werden automatisch geöffnet
    Log-Analyse und Auswertung - 24.02.2015 (9)
  5. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 11.02.2015 (19)
  6. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Plagegeister aller Art und deren Bekämpfung - 25.11.2014 (9)
  7. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 11.09.2014 (13)
  8. Windows 8: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 01.08.2014 (5)
  9. Webseiten werden auf Werbung umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 08.06.2014 (49)
  10. Windows 7: Webseiten werden auf Werbung umgeleite und neue werden autom. erstellt
    Log-Analyse und Auswertung - 27.05.2014 (12)
  11. Windows7: Webseiten werden mit Werbung eingeblendet
    Log-Analyse und Auswertung - 03.05.2014 (1)
  12. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Plagegeister aller Art und deren Bekämpfung - 26.04.2014 (4)
  13. Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 13.04.2014 (5)
  14. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (3)
  15. "Dubioser" Trojaner....? Webseiten werden nicht geöffnet
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (7)
  16. Webseiten werden nicht angezeigt
    Log-Analyse und Auswertung - 06.08.2009 (2)
  17. AntiMalware kan nicht geöffnet werden, System stürzt ab und nfach geöffnet
    Log-Analyse und Auswertung - 10.01.2009 (29)

Zum Thema Webseiten werden geöffnet - Hallo zusammen, seit einiger Zeit habe ich folgendes Phänomen: Wenn ich meinen Laptop im Leerlauf lasse, öffnet sich nach einer Zeit mein Browser und startet 3 Webseiten. Diese sind aber - Webseiten werden geöffnet...
Archiv
Du betrachtest: Webseiten werden geöffnet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.