Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win10 TR/Patched.Ren.Gen2 und W32/Virut.Gen Avira

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.12.2015, 09:25   #1
blackest
 
Win10 TR/Patched.Ren.Gen2 und W32/Virut.Gen Avira - Standard

Win10 TR/Patched.Ren.Gen2 und W32/Virut.Gen Avira



Hi. Mein Avira findet in den letzten Tagen dauernd das hier:

1.
TR/Patched.Ren.Gen2
Avira Bericht:
In der Datei 'C:\Windows\Temp\c7727a93-d455-4d32-92af-3d7dfb32a710\tmp00002fe2\tmp00006ec2'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Ren.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

2.
W32/Virut.Gen
Avira Bericht:
In der Datei 'C:\Windows\Temp\c7727a93-d455-4d32-92af-3d7dfb32a710\tmp00002fe2\tmp00007584'
wurde ein Virus oder unerwünschtes Programm 'W32/Virut.Gen' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Würde mich sehr über Hilfe freuen.

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:14-12-2015
durchgeführt von Mark (Administrator) auf MARKHOME (16-12-2015 12:08:00)
Gestartet von D:\Mark\Downloads
Geladene Profile: Mark (Verfügbare Profile: Mark & User1)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\ProgramData\MegaFon Modem\OnlineUpdate\ouc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Akamai Technologies, Inc.) C:\Users\Mark\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Akamai Technologies, Inc.) C:\Users\Mark\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Mozilla Corporation) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareTray.exe [9574112 2015-11-19] ()
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [BNM] => C:\Users\Mark\AppData\Local\Beeline Network Manager\notifier.exe
HKLM-x32\...\Run: [BNM Updater] => C:\Users\Mark\AppData\Local\Beeline Network Manager\updater\chp.exe cmd.exe /c ""C:\Users\Mark\AppData\Local\Beeline Network Manager\updater\bash-run.bat" "beeline-wizard-updater""
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782520 2015-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\Run: [EADM] => E:\Origin\Origin.exe [3551576 2013-11-24] (Electronic Arts)
HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Mark\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\Run: [Amazon Cloud Player] => C:\Users\Mark\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3639568 2014-07-10] (Disc Soft Ltd)
HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\Run: [RGSC] => D:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50755200 2015-12-08] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2013-11-30]
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-11-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Mark\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.4 192.168.100.3
Tcpip\..\Interfaces\{aae134dd-27ef-4585-ad65-26fb75c5339e}: [DhcpNameServer] 192.168.100.4 192.168.100.3
Tcpip\..\Interfaces\{cbd52e77-98ce-403e-949f-4aaf28d5a665}: [NameServer]  
Tcpip\..\Interfaces\{edb9be6a-3f40-439d-b23d-709efdf637e2}: [NameServer] 10.77.48.49 10.77.48.33

Internet Explorer:
==================
HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.de
HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-12-04] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-12-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-19] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-19] (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\gfkgkecj.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin64.dll [2014-07-24] (Skype)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll [2013-11-12] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2013-11-18] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-12-04] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-05-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-05-20] (NVIDIA Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll [2014-07-24] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-11-11] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4123913699-4114607522-2247547599-1001: LWA64Plugin15.8 -> C:\Users\Mark\AppData\Local\Microsoft\LWAPlugin\15.8.20018.735\npLWAPlugin15.8-x64.dll [2015-02-10] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4123913699-4114607522-2247547599-1001: LWAPlugin15.8 -> C:\Users\Mark\AppData\Local\Microsoft\LWAPlugin\15.8.20018.735\npLWAPlugin15.8.dll [2015-02-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Mark\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-02-24] (Cisco WebEx LLC)
FF Extension: Russian spellchecking dictionary - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\gfkgkecj.default\Extensions\ru@dictionaries.addons.mozilla.org [2013-11-24] [ist nicht signiert]
FF Extension: Английский и Русский словари-English-Russian dict - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\gfkgkecj.default\Extensions\ruendict@russia.ru [2013-11-24] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [ist nicht signiert]
StartMenuInternet: FIREFOX.EXE - E:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-01]
CHR Extension: (Google Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-01]
CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-02]
CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-01]
CHR Extension: (Google-Suche) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-01]
CHR Extension: (Google Tabellen) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-01]
CHR Extension: (Google Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-01]
CHR Extension: (Google Mail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [932912 2015-10-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-10-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-10-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1147720 2015-10-22] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2877112 2015-11-19] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-07-11] (Creative Labs) [Datei ist nicht signiert]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [Datei ist nicht signiert]
S3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [887056 2014-07-10] (Disc Soft Ltd)
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [218768 2015-06-24] (DTS)
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [361888 2012-07-25] (HP)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareService.exe [712432 2015-11-19] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S2 MegaFon Modem. RunOuc; C:\Program Files (x86)\MegaFon Modem\UpdateDog\ouc.exe [240640 2013-11-17] () [Datei ist nicht signiert]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137800 2015-10-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-07-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [74440 2015-10-22] (Avira Operations GmbH & Co. KG)
S3 dtscsibus; C:\Windows\system32\DRIVERS\dtscsibus.sys [29696 2014-07-12] (Disc Soft Ltd)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-16 12:07 - 2015-12-16 12:08 - 00000000 ____D C:\FRST
2015-12-16 11:52 - 2015-12-16 11:52 - 00016148 _____ C:\WINDOWS\system32\MARKHOME_Mark_HistoryPrediction.bin
2015-12-15 09:12 - 2015-12-15 09:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-15 09:11 - 2015-12-15 09:11 - 00000000 ___HD C:\OneDriveTemp
2015-12-14 17:47 - 2015-12-14 17:47 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Nitro
2015-12-14 17:47 - 2015-12-14 17:47 - 00000000 ____D C:\Users\Mark\AppData\Roaming\FileOpen
2015-12-14 17:47 - 2015-12-14 17:47 - 00000000 ____D C:\ProgramData\FileOpen
2015-12-14 17:18 - 2015-12-14 17:18 - 00002515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk
2015-12-14 17:18 - 2015-12-14 17:18 - 00002076 _____ C:\Users\Public\Desktop\Nitro Reader.lnk
2015-12-14 17:18 - 2015-12-14 17:18 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Downloaded Installations
2015-12-14 17:18 - 2015-12-14 17:18 - 00000000 ____D C:\ProgramData\Nitro
2015-12-14 17:18 - 2015-12-14 17:18 - 00000000 ____D C:\Program Files\Common Files\Nitro
2015-12-14 17:18 - 2015-12-14 17:18 - 00000000 ____D C:\Program Files (x86)\Nitro
2015-12-14 17:18 - 2013-07-26 06:48 - 00029712 _____ (Nitro PDF Software) C:\WINDOWS\system32\nitrolocalmon2.dll
2015-12-14 17:18 - 2013-07-26 06:48 - 00017936 _____ (Nitro PDF Software) C:\WINDOWS\system32\nitrolocalui2.dll
2015-12-09 18:48 - 2015-12-09 18:48 - 00002583 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2015-12-09 18:48 - 2015-12-09 18:48 - 00002579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2015-12-09 18:48 - 2015-12-09 18:48 - 00002558 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2015-12-09 18:48 - 2015-12-09 18:48 - 00002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2015-12-09 18:48 - 2015-12-09 18:48 - 00002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2015-12-09 18:48 - 2015-12-09 18:48 - 00002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2015-12-09 18:48 - 2015-12-09 18:48 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2015-12-09 18:48 - 2015-12-09 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2015-12-09 18:47 - 2015-12-09 18:48 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-09 14:47 - 2015-12-01 10:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-09 14:47 - 2015-12-01 09:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-09 14:47 - 2015-12-01 08:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-12-09 14:47 - 2015-12-01 08:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-09 14:47 - 2015-12-01 08:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-09 14:47 - 2015-12-01 08:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-09 14:47 - 2015-12-01 07:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-12-09 14:47 - 2015-11-25 08:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-09 14:47 - 2015-11-25 08:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-09 14:47 - 2015-11-25 08:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 14:47 - 2015-11-25 08:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-09 14:47 - 2015-11-25 08:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 14:47 - 2015-11-25 08:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-09 14:47 - 2015-11-25 08:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 14:47 - 2015-11-25 08:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-12-09 14:47 - 2015-11-25 08:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 14:47 - 2015-11-25 08:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 14:47 - 2015-11-25 08:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 14:47 - 2015-11-25 07:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2015-12-09 14:47 - 2015-11-25 07:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-09 14:47 - 2015-11-25 07:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-09 14:47 - 2015-11-25 07:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-09 14:47 - 2015-11-25 07:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-09 14:47 - 2015-11-25 07:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-09 14:47 - 2015-11-25 07:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-09 14:47 - 2015-11-25 07:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-09 14:47 - 2015-11-25 07:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 14:47 - 2015-11-25 07:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 14:47 - 2015-11-25 07:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-09 14:47 - 2015-11-25 07:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-09 14:47 - 2015-11-25 07:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-09 14:47 - 2015-11-25 07:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-09 14:47 - 2015-11-25 07:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 14:47 - 2015-11-25 07:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-09 14:47 - 2015-11-25 07:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-09 14:47 - 2015-11-25 07:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 14:47 - 2015-11-25 07:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-09 14:47 - 2015-11-25 07:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 14:47 - 2015-11-25 07:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-09 14:47 - 2015-11-25 07:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 14:47 - 2015-11-25 07:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 14:47 - 2015-11-25 07:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-09 14:47 - 2015-11-25 07:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-09 14:47 - 2015-11-25 07:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-09 14:47 - 2015-11-25 07:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-09 14:47 - 2015-11-25 07:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-09 14:47 - 2015-11-25 07:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 14:47 - 2015-11-25 07:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-09 14:47 - 2015-11-25 07:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-09 14:47 - 2015-11-25 07:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 14:47 - 2015-11-25 07:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-09 14:47 - 2015-11-25 07:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-09 14:47 - 2015-11-25 07:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-09 14:47 - 2015-11-25 07:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-09 14:47 - 2015-11-25 07:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-09 14:47 - 2015-11-25 07:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-09 14:47 - 2015-11-25 07:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-09 14:47 - 2015-11-25 07:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-09 14:47 - 2015-11-25 07:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-09 14:47 - 2015-11-25 07:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-09 14:47 - 2015-11-25 07:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-09 14:47 - 2015-11-25 07:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-12-09 14:47 - 2015-11-25 07:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 14:47 - 2015-11-25 07:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2015-12-09 14:47 - 2015-11-25 07:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-09 14:47 - 2015-11-25 07:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 14:47 - 2015-11-25 07:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 14:47 - 2015-11-25 07:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 14:47 - 2015-11-25 07:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-12-09 14:47 - 2015-11-25 07:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2015-12-09 14:47 - 2015-11-25 07:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 14:47 - 2015-11-25 07:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 14:47 - 2015-11-25 07:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-12-09 14:47 - 2015-11-25 07:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-09 14:47 - 2015-11-25 07:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-09 14:47 - 2015-11-25 07:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-09 14:47 - 2015-11-25 07:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-09 14:47 - 2015-11-25 07:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-09 14:47 - 2015-11-25 05:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-09 14:47 - 2015-11-25 05:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls
2015-12-09 14:02 - 2015-12-09 14:02 - 09498816 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-11-26 14:25 - 2015-11-26 14:25 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Lavasoft
2015-11-26 14:25 - 2013-08-22 16:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20151126-142511.backup
2015-11-26 14:24 - 2013-08-22 16:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20151126-142415.backup
2015-11-26 13:16 - 2015-11-26 13:16 - 00000000 ____D C:\Users\Mark\AppData\Local\CEF
2015-11-26 13:15 - 2015-11-30 09:34 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-26 13:15 - 2015-11-26 13:15 - 00002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-26 13:14 - 2015-11-26 13:14 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-26 13:10 - 2015-11-26 13:10 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-26 13:10 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-11-26 13:09 - 2015-11-26 14:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-26 13:09 - 2015-11-26 13:12 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-11-26 13:09 - 2015-11-26 13:09 - 00001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-11-26 13:09 - 2015-11-26 13:09 - 00001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-11-26 13:09 - 2015-11-26 13:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2015-11-26 13:09 - 2015-11-26 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-11-26 13:09 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-11-26 13:06 - 2015-12-11 03:34 - 00002402 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-11-26 13:06 - 2015-11-26 13:06 - 00000000 ____D C:\Users\Mark\AppData\Roaming\LavasoftStatistics
2015-11-26 13:06 - 2015-11-26 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-11-26 13:06 - 2015-11-26 13:06 - 00000000 ____D C:\Program Files\Lavasoft
2015-11-26 13:05 - 2015-11-26 13:05 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-11-26 13:04 - 2015-11-26 13:04 - 00000000 ____D C:\ProgramData\Lavasoft
2015-11-19 09:05 - 2015-11-19 09:05 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Sun
2015-11-19 09:05 - 2015-11-19 09:05 - 00000000 ____D C:\Users\Mark\.oracle_jre_usage
2015-11-19 09:04 - 2015-11-19 09:04 - 00000000 ____D C:\Users\Mark\AppData\LocalLow\Oracle

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-16 12:07 - 2015-07-10 12:05 - 00000000 ____D C:\Windows
2015-12-16 12:02 - 2013-12-15 13:16 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-16 12:02 - 2013-11-16 19:15 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{10F6E96D-6762-44AD-B3FC-DBE4B600EFC8}
2015-12-16 11:59 - 2015-07-08 16:32 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Skype
2015-12-16 11:29 - 2013-11-16 19:00 - 00000000 ____D C:\Users\Mark\AppData\Local\Packages
2015-12-16 09:36 - 2015-07-10 14:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-16 09:36 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-15 13:02 - 2014-09-01 12:16 - 00001132 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-15 09:13 - 2015-07-08 16:32 - 00000000 ____D C:\ProgramData\Skype
2015-12-15 09:12 - 2015-07-08 16:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-15 09:12 - 2015-07-08 16:32 - 00000000 ____D C:\Users\Mark\AppData\Local\Skype
2015-12-15 09:11 - 2013-11-16 23:56 - 00000000 __RDO C:\Users\Mark\SkyDrive
2015-12-14 09:56 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\rescache
2015-12-14 09:09 - 2015-09-04 09:29 - 00002384 _____ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-11 03:40 - 2015-09-02 22:32 - 00799788 _____ C:\WINDOWS\system32\perfh019.dat
2015-12-11 03:40 - 2015-09-02 22:32 - 00155700 _____ C:\WINDOWS\system32\perfc019.dat
2015-12-11 03:40 - 2015-09-02 21:10 - 02735546 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-11 03:40 - 2015-07-10 19:34 - 00760810 _____ C:\WINDOWS\system32\perfh007.dat
2015-12-11 03:40 - 2015-07-10 19:34 - 00153506 _____ C:\WINDOWS\system32\perfc007.dat
2015-12-11 03:40 - 2015-07-10 14:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-11 03:33 - 2015-09-02 20:51 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-11 03:33 - 2015-07-10 15:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-11 03:33 - 2015-07-10 15:20 - 00355944 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-11 03:32 - 2014-04-12 01:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-11 03:32 - 2014-04-12 01:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-11 03:31 - 2015-07-10 12:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-11 03:30 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-10 15:59 - 2015-09-02 22:40 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-10 15:54 - 2015-10-30 22:27 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-10 09:33 - 2014-08-06 10:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-09 18:49 - 2015-07-10 14:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-09 15:05 - 2015-07-10 13:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-09 15:05 - 2014-04-12 01:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 15:03 - 2013-11-22 18:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 14:57 - 2013-11-22 18:55 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-04 12:57 - 2014-09-01 12:16 - 00004194 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 12:57 - 2014-09-01 12:16 - 00003962 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-04 12:57 - 2014-09-01 12:16 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-04 06:42 - 2015-07-10 14:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-02 16:58 - 2014-08-07 09:02 - 00000000 ____D C:\Program Files (x86)\MSECache
2015-12-01 03:32 - 2015-07-10 14:06 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 03:32 - 2015-07-10 14:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-27 15:01 - 2015-06-10 12:11 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-11-27 14:53 - 2015-06-10 10:39 - 00000000 ____D C:\Users\Mark\AppData\Local\Battle.net
2015-11-27 13:35 - 2015-06-10 10:39 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-27 13:34 - 2015-10-28 20:25 - 00000000 ____D C:\Users\Mark\AppData\Roaming\avidemux
2015-11-26 18:07 - 2015-09-02 20:55 - 00000000 ____D C:\Users\Mark
2015-11-26 13:16 - 2013-11-16 21:57 - 00000000 ____D C:\Users\Mark\AppData\Local\Adobe
2015-11-26 13:15 - 2015-06-24 14:52 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-26 13:14 - 2014-08-18 13:46 - 00000000 ____D C:\ProgramData\Adobe
2015-11-26 10:27 - 2013-11-16 20:59 - 00000000 ____D C:\Users\Mark\AppData\Roaming\vlc
2015-11-20 11:58 - 2015-08-25 09:14 - 00000000 ____D C:\ProgramData\Oracle
2015-11-19 13:02 - 2015-07-27 17:11 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-11-19 13:02 - 2015-07-27 17:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-11-19 09:05 - 2014-02-21 21:40 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-11-19 09:05 - 2014-02-21 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-19 09:05 - 2014-02-21 21:40 - 00000000 ____D C:\Program Files (x86)\Java

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-10-28 20:22 - 2015-10-28 20:22 - 0003584 _____ () C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-02 20:51 - 2015-09-02 20:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-04-14 16:11 - 2012-08-31 08:49 - 0024772 _____ () C:\ProgramData\P1210DEF.css
2015-04-14 16:11 - 2015-10-15 15:48 - 0005311 _____ () C:\ProgramData\P1210OS.HTM
2015-04-14 16:11 - 2012-08-31 08:49 - 0002944 _____ () C:\ProgramData\P1210SIG.GIF

Einige Dateien in TEMP:
====================
C:\Users\Mark\AppData\Local\Temp\avgnt.exe
C:\Users\Mark\AppData\Local\Temp\i4jdel0.exe
C:\Users\Mark\AppData\Local\Temp\jre-8u66-windows-au.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-12-14 09:36

==================== Ende von FRST.txt ============================
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:14-12-2015
durchgeführt von Mark (2015-12-16 12:09:03)
Gestartet von D:\Mark\Downloads
Windows 10 Home (X64) (2015-09-04 06:01:12)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4123913699-4114607522-2247547599-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4123913699-4114607522-2247547599-503 - Limited - Disabled)
Gast (S-1-5-21-4123913699-4114607522-2247547599-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4123913699-4114607522-2247547599-1003 - Limited - Enabled)
Mark (S-1-5-21-4123913699-4114607522-2247547599-1001 - Administrator - Enabled) => C:\Users\Mark
markm_000 (S-1-5-21-4123913699-4114607522-2247547599-1007 - Administrator - Enabled)
User1 (S-1-5-21-4123913699-4114607522-2247547599-1008 - Administrator - Enabled) => C:\Users\User1

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Ad-Aware Antivirus (Disabled - Out of date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Ad-Aware Antivirus (Disabled - Out of date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Ad-Aware Antivirus (HKLM\...\{30B9595A-D4B5-4198-8F3C-2219C78590C9}_AdAwareUpdater) (Version: 11.9.662.8718 - Lavasoft)
AdAwareInstaller (Version: 11.9.662.8718 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.9.662.8718 - Lavasoft) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Cloud Player (HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\Amazon Amazon Cloud Player) (Version: 2.3.0.422 - Amazon Services LLC)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
ASUS RT-N10 Wireless Router Utilities (HKLM-x32\...\{B3618069-84A2-4767-9855-463C971C1959}) (Version: 4.0.5.0 - ASUS)
AVCutty 3.5 (HKLM-x32\...\AVCutty) (Version: 3.5 - )
Avidemux 2.6 - 32 bits (32-bit) (HKLM-x32\...\Avidemux 2.6 - 32 bits) (Version: 2.6.10.150607 - )
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.3.2.234 - Online Media Technologies Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Cisco WebEx Meetings (HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.4.0.0280 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dropbox (HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EVE Online (nur entfernen) (HKLM-x32\...\EVE) (Version:  - CCP Games Ltd.)
EVEMon (HKLM-x32\...\EVEMon) (Version: 1.8.4.4125 - battleclinic.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoPro Studio 2.0.0 (HKLM-x32\...\GoPro Studio) (Version: 2.0.0 - WoodmanLabs Inc. d.b.a. GoPro)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version:  - Gearbox Software)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version:  - Gearbox Software)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{E94AE378-725A-41FF-BA24-397469D27FC8}) (Version: 1.3.0 - HP)
HP LaserJet Professional M1210 MFP Series Toolbox (HKLM\...\{F958F851-8DBE-420C-9D37-5ECBB6C61148}) (Version: 1.0.17 - Hewlett-Packard)
HP LaserJet Toolbox (HKLM\...\{2E8A793D-E275-46A2-BAB3-35FB95ACED57}) (Version: 3.0.0 - Hewlett-Packard)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
MegaFon Modem (HKLM-x32\...\MegaFon Modem) (Version: 22.001.18.38.209 - Huawei Technologies Co.,Ltd)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM-x32\...\{51CF81C5-8540-44BB-8ABB-F8F4C0F2B971}) (Version: 15.8.20018.735 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.6001.1041 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 41.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 de)) (Version: 41.0 - Mozilla)
Mozilla Firefox 42.0 (x86 de) (HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0 - Mozilla)
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Аудиодрайвер HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Графический драйвер 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Драйвер 3D Vision 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Драйвер контроллера 3D Vision 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1041 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1041 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1041 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Russisch für Deutsche - Transliteration (HKLM\...\{0F89E06A-16E1-432E-8A3A-23CFFB4818D5}) (Version: 1.0.3.40 - Uni Leipzig)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{69F300CB-D6BF-41DD-B7CC-983BAFF4EE15}) (Version: 3.1.15602.22612 - Skype Technologies S.A.)
Skype™ 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.2 - TrueCrypt Foundation)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.1.0.0 - Azureus Software, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.66  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
WinRAR 5.10 beta 3 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.3 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Средства проверки правописания Microsoft Office 2013 — русский (HKLM-x32\...\{90150000-001F-0419-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mark\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001_Classes\CLSID\{1542FC7D-8D51-43D5-B757-67C763F27BF4}\localserver32 -> C:\Users\Mark\AppData\Local\Microsoft\LWAPlugin\15.8.20018.735\GatewayVersion-x64.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Mark\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 16:25 - 2015-11-26 14:25 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

Da befinden sich 15463 zusätzliche Einträge.


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {00BC8FC9-3606-4EE5-993B-6C3FBBE34F2C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {12AD4FC1-ADFC-4F77-8E83-10E23F16972E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-19] (Microsoft Corporation)
Task: {35AFE03E-9D74-48BA-AA64-3F7FF5A955B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {4296E550-A9C5-4379-9A99-D3172A6C656D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {463C0557-6475-433B-AB1F-F2DEAD67D31B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {47447838-047C-4E5B-9798-05482F0A6B52} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {57E5850E-7A4B-4506-9C30-9E5597BEB523} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {5D0E410C-F857-4935-9172-7D53E8D12798} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {6556C7D7-FF5B-4261-84B5-61A39B4A2DE8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {8180484D-D2BD-4777-8D33-6951B4F30D8B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {8AC1DD1B-F5DE-445E-BC61-AED08D275C93} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {8DB9892F-26C0-4331-8242-876110C3DCA1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {8ED8F1EF-9066-42CF-B9D1-5F15374C47A3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {93EA7B0C-3898-482F-BCE6-AAFE427B0EFA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {A9E683EC-7372-45CC-9DE1-BD29E1A8B310} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B24E1051-CB22-46D5-AD3C-F5B17E32819A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {BCD1E0AB-5BA5-44C8-9D99-28B05665D9A2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {C2BA2764-C1EA-4CF9-A41C-7FAE6BD126D1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C45C585B-59E2-4BC3-B76D-187B7848399B} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-4123913699-4114607522-2247547599-1001
Task: {E3BC4A71-BF11-4390-A6CA-9421AD9DDB41} - System32\Tasks\{884CFF3F-3688-4E98-B1A4-181D509EC6F0} => pcalua.exe -a "C:\Users\Mark\Downloads\Microsoft Office Professional Plus (x64)(x86) 2013 Incl  Activator  P2P\Microsoft Office Professional Plus (x64) 2013 Incl  Activator  P2P\setup.exe" -d "C:\Users\Mark\Downloads\Microsoft Office Professional Plus (x64)(x86) 2013 Incl  Activator  P2P\Microsoft Office Professional Plus (x64) 2013 Incl  Activator  P2P"
Task: {E987ECE1-0DBB-4A77-A831-50CECA76C93A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {EF5C3FC0-CF00-49D8-A688-1865C6BB200B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)
Task: {F31B614C-6096-41EC-A06B-6BFE27DF0C0A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {F3D6EAED-4BBD-467B-9186-E441BCDCECA5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-19] (Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-09-02 22:36 - 2015-09-02 22:36 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-04 11:08 - 2015-08-11 12:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-12-04 06:42 - 2015-11-19 04:26 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-11-19 11:55 - 2015-11-19 11:55 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareService.exe
2015-11-19 11:59 - 2015-11-19 11:59 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_system-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_date_time-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_filesystem-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 11670776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareServiceKernel.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\RCF.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_regex-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_thread-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_chrono-vc120-mt-1_57.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 00709360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareActivation.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 00474368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareApplicationUpdater.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareGamingMode.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareReset.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareTime.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 01011968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareDefinitionsUpdater.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareDefinitionsUpdaterScheduler.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareIgnoreList.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareQuarantine.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 01570048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareAntiMalwareEngine.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareAntiRootkitEngine.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareScannerHistory.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01373416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareScanner.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_timer-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01019128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareScannerScheduler.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareRealTimeProtection.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 02489592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareIncompatibles.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 01466600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareAntiSpam.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 01415408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareAntiPhishing.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareParentalControl.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 02995960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareWebProtection.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 01325816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareEmailProtection.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\boost_iostreams-vc120-mt-1_57.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01856768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareNetworkProtection.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01013992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwarePromo.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 00365288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareFeedback.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareThreatWorkAlliance.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01261800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwarePinCode.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01014504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareNotice.dll
2015-11-19 11:58 - 2015-11-19 11:58 - 01541360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareAvcEngine.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareRealTimeProtectionHistory.dll
2015-11-19 11:59 - 2015-11-19 11:59 - 00469744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareStatistics.dll
2011-03-14 18:27 - 2011-03-14 18:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-11-22 17:40 - 2013-11-17 14:34 - 00240640 _____ () C:\ProgramData\MegaFon Modem\OnlineUpdate\ouc.exe
2014-09-03 12:17 - 2012-09-29 12:25 - 00409088 _____ () C:\WINDOWS\System32\HPM1210LM.DLL
2014-09-03 12:17 - 2012-09-29 12:25 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HPM1210PP.dll
2014-09-03 12:17 - 2012-09-29 12:26 - 03120128 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpm1210su.dll
2014-09-03 12:17 - 2012-09-29 12:53 - 01038336 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\HPM1210GC.dll
2015-09-02 20:51 - 2015-07-23 04:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-01 09:38 - 2015-09-17 09:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 09:38 - 2015-09-17 09:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-01 09:37 - 2015-09-17 08:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 13:59 - 2015-07-10 13:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-10-01 09:37 - 2015-09-17 09:04 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-12-09 14:47 - 2015-11-25 07:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 14:47 - 2015-11-25 07:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 14:47 - 2015-11-25 07:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 09:38 - 2015-09-17 08:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-09-03 12:17 - 2012-09-29 12:25 - 00363008 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpm1210sd.dll
2015-12-10 09:23 - 2015-12-10 09:23 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-10 09:23 - 2015-12-10 09:23 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-20 08:14 - 2015-11-20 08:15 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-11-26 13:09 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-11-26 13:09 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-11-26 13:09 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-11-26 13:09 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-11-26 13:09 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-11-17 14:40 - 2013-11-17 14:34 - 00011362 _____ () C:\ProgramData\MegaFon Modem\OnlineUpdate\mingwm10.dll
2013-11-17 14:40 - 2013-11-17 14:34 - 00043008 _____ () C:\ProgramData\MegaFon Modem\OnlineUpdate\libgcc_s_dw2-1.dll
2013-11-17 14:40 - 2013-11-17 14:34 - 02415104 _____ () C:\ProgramData\MegaFon Modem\OnlineUpdate\QtCore4.dll
2013-11-17 14:40 - 2013-11-17 14:34 - 01148416 _____ () C:\ProgramData\MegaFon Modem\OnlineUpdate\QtNetwork4.dll
2013-11-17 14:40 - 2013-11-17 14:34 - 00384512 _____ () C:\ProgramData\MegaFon Modem\OnlineUpdate\QueryStrategy.dll
2013-11-17 14:40 - 2013-11-17 14:34 - 00398336 _____ () C:\ProgramData\MegaFon Modem\OnlineUpdate\QtXml4.dll
2015-12-04 06:43 - 2015-12-04 06:44 - 01064104 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2015-12-04 06:47 - 2015-12-04 06:49 - 00439976 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\msfad.dll
2015-11-25 20:18 - 2015-11-25 20:18 - 00147136 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2015-11-18 19:22 - 2015-11-18 19:22 - 21344952 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 00322208 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2015-09-30 23:47 - 2015-09-30 23:47 - 45080248 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
2015-12-04 06:43 - 2015-12-04 06:43 - 00149160 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:054203E4

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7866 mehr Seiten.

IE restricted site: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\123simsen.com -> www.123simsen.com

Da befinden sich 7866 mehr Seiten.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.100.4 - 192.168.100.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "CineForm Status.lnk"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "BNM Updater"
HKLM\...\StartupApproved\Run32: => "BNM"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\StartupApproved\Run: => "DAEMON Tools Ultra Agent"
HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\StartupApproved\Run: => "RGSC"
HKU\S-1-5-21-4123913699-4114607522-2247547599-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{9FB14F16-6281-49DD-8206-35FFF4A27939}C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F8E7597A-E40B-4580-A8EF-977AF47DB96F}C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{90DAF47C-2E67-4BCC-9DEC-027CE96489FF}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{38ED2164-4D57-4BC5-A41B-728912645DF9}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{97D7832F-2460-4EEF-A4F4-903F317F6AFE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{4BC26378-1DC9-4AB5-849F-6E8B15C61990}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2BCD5212-A942-4002-B4F0-3F9AB7A35F29}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{CA0DED9B-795C-4C64-B14C-3AB2DEBCE441}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [{6CA9D42C-9FA2-4F55-921F-1B862838DCBB}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{359BB8F1-7BC8-4FEC-A214-9EE1E6FD3A9C}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{26D168AD-EEB5-4F7A-9362-E78B88DC52AF}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{4B494927-A6E8-4B92-AD99-17CCBEC7B965}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [UDP Query User{554E70A9-BCE9-42E7-97F1-BE73D2296647}C:\users\mark\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mark\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{9DFEB08F-EF22-4DCD-92E6-2AAF1815BD93}C:\users\mark\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mark\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{F516B89B-9A47-47DF-A49B-FFB778DC949A}E:\program files (x86)\mozilla firefox\firefox.exe] => (Block) E:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{86B7F2A2-02CB-4FD0-A55A-382F524EC475}E:\program files (x86)\mozilla firefox\firefox.exe] => (Block) E:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{D87E3795-0A6E-4D97-BAFD-76E89A3CAFD0}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E2114848-9DEF-4EFE-80C0-4BA8C0AF8E72}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0EA82671-21CA-49DF-B06A-61B99B3AF9E9}] => (Allow) C:\Users\Mark\Downloads\HP\ProductInst64.exe
FirewallRules: [{2CC2BEFE-22BD-44A9-9305-D92AD94DDC6A}] => (Allow) C:\Users\Mark\Downloads\HP\ProductInst64.exe
FirewallRules: [{0389855D-54F7-4004-8135-F845C1A6F4AC}] => (Allow) LPort=427
FirewallRules: [{75B1FEAD-C4D7-435D-A06C-2E93CA5E8342}] => (Allow) LPort=161
FirewallRules: [{307D7219-A4C0-48FB-93F4-2FC42565AD79}] => (Allow) LPort=427
FirewallRules: [{96A626F2-DC26-4F80-81DF-BD83F8E393C2}] => (Allow) LPort=9100
FirewallRules: [{0B04A2F6-D08D-4308-BDAE-E5BDD3BFC58F}] => (Allow) \\Srvinet\hp_m1214\ProductInst64.exe
FirewallRules: [{30658F29-8533-414B-92C0-04A98D698C42}] => (Allow) \\Srvinet\hp_m1214\ProductInst64.exe
FirewallRules: [{92B7197D-0C81-401B-9971-7E9D2A9193C4}] => (Allow) C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\SkypeWebPlugin.exe
FirewallRules: [{B8B3CF16-DD6A-4EBA-B050-4E5403BC0005}] => (Allow) C:\Users\Mark\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [UDP Query User{A9632577-B1EB-4078-A4EA-9588C1A43328}D:\eve\bin\exefile.exe] => (Allow) D:\eve\bin\exefile.exe
FirewallRules: [TCP Query User{083818A6-C2FD-4DF0-9AA7-065E828995C1}D:\eve\bin\exefile.exe] => (Allow) D:\eve\bin\exefile.exe
FirewallRules: [UDP Query User{9F3DB4C2-077B-4018-A11E-629E9586FB4A}E:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [TCP Query User{91B97012-54C4-4639-9896-A33BA28FCAB6}E:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{2ECFB3DC-32ED-4A4E-B7F0-C4E11C9DD51F}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{EA7FA098-5948-443D-95AD-41985BD32C3B}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{E64BF801-097A-48CC-B820-8A4B72B469D2}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{AF63C7C3-22E9-4EEF-99EF-5396C504F1E8}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{1140028F-939F-40A4-8559-1EBA946B12CA}] => (Allow) D:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{326BAE49-302F-4088-99CF-40A4B9429EFB}] => (Allow) D:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{42024025-DA34-467C-9B99-CAA07A020F1F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{625BA8EA-8C0B-4A26-AC39-24F83C8CB8C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{02F4D481-D063-4D74-B203-4A421F19F20D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{EE2EFD8D-7CDA-4750-AC0C-E17FBA3E24E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B2CEC903-8DED-4A5D-B3FE-F40BF3ACF9D4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C32E9201-CBEC-48D4-B2EE-A5C2A8C84501}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{452D9BB3-0290-4460-BDD8-EBE8C0172C09}] => (Allow) D:\SteamLibrary\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{A45D6FF4-00AB-45BC-9E10-291C70151EC3}] => (Allow) D:\SteamLibrary\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{595BAD80-BD86-4E0F-885E-19DF373F6253}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E63601CB-88D9-4C4C-A9AC-E5C3BE2C9907}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E1D1DCFE-F715-4A67-8BE2-6E4F310B961A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1395333B-36AB-48A8-95F3-C0C566D04CCA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B6AC6597-49BE-4ECE-A60A-EC02D71083C4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{85FBB75A-18E5-4F1D-BDE0-A41595633DB9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [UDP Query User{D0E6872D-B4B1-4FCC-BB90-346D7449BE4B}E:\eve\bin\exefile.exe] => (Allow) E:\eve\bin\exefile.exe
FirewallRules: [TCP Query User{B116B1FF-DCB7-4407-936B-9BAB4ED2D00A}E:\eve\bin\exefile.exe] => (Allow) E:\eve\bin\exefile.exe
FirewallRules: [{CE95B64D-C412-4BB4-9631-1EBF9442F77D}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{D1455BDA-8740-4890-A5D7-7B46E862C9B5}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{E218F1EA-B19C-427E-B083-3FF02FDDE53B}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{46CB7E00-5DAC-4C43-8B8B-3B939795F10A}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{D361FB30-26E4-4480-B623-786147CF3AC2}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{A1D1C8F7-03B4-4CE6-B113-2621E929B1F4}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{C15679EB-32C6-42C7-A172-0955F800FBF7}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{08E283FE-59AF-4BFE-9E7B-14A7FDF86FEE}] => (Block) C:\users\mark\appdata\local\akamai\netsession_win.exe
FirewallRules: [{55B259E1-C5DC-4C46-A599-6EE2A3F43000}] => (Block) C:\users\mark\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A9A52278-E3F3-4150-8556-7B90775012E6}C:\users\mark\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\mark\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{BAD85DC1-78D8-4FE1-BC15-8283789D74A7}C:\users\mark\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\mark\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{3E8E02F7-C41E-481C-9EEA-2F33D9D9C1A4}E:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) E:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{77457A10-01C9-40C3-8477-51EDB7A97FBD}E:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) E:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{BF258450-8C74-4814-8B82-C6B5B34774C9}E:\program files (x86)\vuze\azureus.exe] => (Allow) E:\program files (x86)\vuze\azureus.exe
FirewallRules: [TCP Query User{9C2E886B-E857-42EA-ABCA-D43BA7BB7FA6}E:\program files (x86)\vuze\azureus.exe] => (Allow) E:\program files (x86)\vuze\azureus.exe
FirewallRules: [{F7E8D485-B56A-4C70-9D50-C3D6B6FC7B51}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{2C1D16D8-7D9B-408E-81A8-BBB881149FE2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A1DAAFB7-7B47-4497-8E48-D1C50F863F89}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6DC1F997-BD7E-4B0E-9E1E-B301C5B92FD6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{AAF1A1A3-B569-4C64-A0BF-8535BAAFA1EB}] => (Allow) E:\Program Files (x86)\vuze\Azureus.exe
FirewallRules: [{2BB998C2-9D3D-43DD-A16A-B0825D7589C2}] => (Allow) E:\Program Files (x86)\vuze\Azureus.exe
FirewallRules: [{31EEA1FC-133D-403B-B3A5-374C6FFDAB43}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{C97D1231-D8E3-479B-A890-7AE4C0611F98}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{BC59A830-EEBD-4F45-B79F-E37C7A833A88}C:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{2CBF626F-F609-499E-91FA-0BB7444D07E2}C:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
FirewallRules: [{05FA899F-EC50-4C8C-90A9-363520E65309}] => (Allow) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0CCD5573-CF64-4846-8402-EF9E7A968D61}] => (Allow) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B7A60479-6C50-452D-B3E5-846D9B3EBCB6}C:\program files (x86)\heroes of the storm\versions\base38236\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38236\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{07474A05-472D-46EF-B48E-D0FE447E486B}C:\program files (x86)\heroes of the storm\versions\base38236\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38236\heroesofthestorm_x64.exe
FirewallRules: [{09DB7D0E-9305-4F6B-B74E-97F808051585}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F2E9CCC1-1A72-4F39-AC68-EB794CE92DFE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1E90C6EC-D95C-4BB0-9ED4-775F4CEC4C4F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{56249DFA-B9EE-4D73-BCDC-7EEF22645095}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{843C9CD6-8C65-46E2-8375-419EE8DB000A}C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D456FCDA-0E0C-4532-B6A6-D85FF48215C0}C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe
FirewallRules: [{894846AB-81DB-43EB-ACCB-163704A82DB8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{78CB5D80-5F40-45FF-A8C8-B5ECFA05DE68}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/16/2015 07:04:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARKHOME)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/16/2015 07:04:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c5
Name des fehlerhaften Moduls: combase.dll, Version: 10.0.10240.16384, Zeitstempel: 0x559f3aac
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000068404
ID des fehlerhaften Prozesses: 0x25dc
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5

Error: (12/16/2015 12:55:54 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6252) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.

Error: (12/16/2015 12:55:54 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6252) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.

Error: (12/16/2015 12:55:44 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6252) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.

Error: (12/16/2015 12:55:44 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6252) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.

Error: (12/16/2015 12:55:34 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6252) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.

Error: (12/16/2015 12:55:34 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6252) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.

Error: (12/16/2015 12:55:23 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6252) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.

Error: (12/16/2015 12:55:23 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6252) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.


Systemfehler:
=============
Error: (12/15/2015 09:13:32 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (12/14/2015 06:31:45 PM) (Source: DCOM) (EventID: 10010) (User: MARKHOME)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca

Error: (12/14/2015 06:31:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/14/2015 06:31:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/14/2015 06:31:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/14/2015 06:31:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/14/2015 09:10:46 AM) (Source: DCOM) (EventID: 10016) (User: MARKHOME)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}MarkHomeMarkS-1-5-21-4123913699-4114607522-2247547599-1001LocalHost (unter Verwendung von LRPC)Microsoft.WindowsStore_2015.23.23.0_x64__8wekyb3d8bbweS-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157

Error: (12/14/2015 09:09:54 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (12/14/2015 09:09:20 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/14/2015 09:09:19 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


CodeIntegrity:
===================================
  Date: 2015-12-11 03:33:07.475
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\kbdRuBxC.dll that did not meet the Windows signing level requirements.

  Date: 2015-12-02 14:25:06.530
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\kbdRuBxC.dll that did not meet the Windows signing level requirements.

  Date: 2015-11-26 12:36:43.358
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\kbdRuBxC.dll that did not meet the Windows signing level requirements.

  Date: 2015-11-11 17:35:14.331
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\kbdRuBxC.dll that did not meet the Windows signing level requirements.

  Date: 2015-11-11 17:32:51.478
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\kbdRuBxC.dll that did not meet the Windows signing level requirements.

  Date: 2015-11-09 09:39:17.188
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\kbdRuBxC.dll that did not meet the Windows signing level requirements.

  Date: 2015-10-30 17:20:04.660
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\kbdRuBxC.dll that did not meet the Windows signing level requirements.

  Date: 2015-10-30 17:17:35.875
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\kbdRuBxC.dll that did not meet the Windows signing level requirements.

  Date: 2015-10-26 09:00:48.263
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\kbdRuBxC.dll that did not meet the Windows signing level requirements.

  Date: 2015-10-15 04:17:30.717
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\kbdRuBxC.dll that did not meet the Windows signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: AMD Phenom(tm) II X4 965 Processor
Prozentuale Nutzung des RAM: 88%
Installierter physikalischer RAM: 4094.18 MB
Verfügbarer physikalischer RAM: 482.07 MB
Summe virtueller Speicher: 5950.18 MB
Verfügbarer virtueller Speicher: 1183.7 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:97.12 GB) (Free:4.11 GB) NTFS
Drive d: (Volume) (Fixed) (Total:1863.01 GB) (Free:375.56 GB) NTFS
Drive e: () (Fixed) (Total:833.86 GB) (Free:736.49 GB) NTFS
Drive h: (Marks Passport) (Fixed) (Total:1863.01 GB) (Free:1120.8 GB) NTFS
Drive m: () (Fixed) (Total:2 GB) (Free:0.64 GB) FAT32
Drive n: () (Fixed) (Total:2 GB) (Free:0.21 GB) FAT32
Drive o: () (Fixed) (Total:1.95 GB) (Free:0.2 GB) FAT32
Drive s: (Volume) (Fixed) (Total:1397.14 GB) (Free:260.95 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5D4F31F9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 88626FCD)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1397.3 GB) (Disk ID: 9F30E6DD)

Partition: GPT.

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00025262)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

Alt 16.12.2015, 10:17   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win10 TR/Patched.Ren.Gen2 und W32/Virut.Gen Avira - Standard

Win10 TR/Patched.Ren.Gen2 und W32/Virut.Gen Avira



Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________

Alt 16.12.2015, 12:27   #3
blackest
 
Win10 TR/Patched.Ren.Gen2 und W32/Virut.Gen Avira - Standard

Win10 TR/Patched.Ren.Gen2 und W32/Virut.Gen Avira



Hab ich gemacht. Malware sagt, dass nichts gefunden wurde und kein Cleanup benötigt wird.
Ich sollte vllt. dazu sagen, dass ich heute Morgen auf "löschen" geklickt habe, als Avira mal wieder was gefunden hatte. Vielleicht hängt das Resultat von Malware ja damit zusammen.
__________________

Alt 16.12.2015, 21:35   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win10 TR/Patched.Ren.Gen2 und W32/Virut.Gen Avira - Standard

Win10 TR/Patched.Ren.Gen2 und W32/Virut.Gen Avira



Trotzdem das Log dazu posten.

Zudem Avira, Spybot und Ad-Aware deinstallieren. Das sind alles Programme, die wir nicht (mher) empfehlen und v.a. auch zusammen kontraproduktiv sind.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Win10 TR/Patched.Ren.Gen2 und W32/Virut.Gen Avira
ad-aware, akamai, antivir, antivirus, avira, desktop, dnsapi.dll, entfernen, firefox, flash player, helper.exe, mozilla, onedrive, programm, prozesse, realtek, registry, rundll, safer networking, scan, security, software, svchost.exe, system, trojan, virus, windows, windows xp, zugriff verweigert



Ähnliche Themen: Win10 TR/Patched.Ren.Gen2 und W32/Virut.Gen Avira


  1. WIn7: TR/Patched.Ren.Gen2
    Log-Analyse und Auswertung - 15.11.2015 (2)
  2. tr/patched.ren.gen2 wird nur ab und zu von Avira gefunden
    Log-Analyse und Auswertung - 03.11.2015 (12)
  3. TR/Patched.Ren.Gen2
    Log-Analyse und Auswertung - 26.10.2015 (7)
  4. Windows10 tr/patched.ren.gen2
    Plagegeister aller Art und deren Bekämpfung - 09.09.2015 (14)
  5. TR/Patched.Ren.Gen2 immer von Avira gefunden - wie entferne ich diesen?
    Log-Analyse und Auswertung - 13.08.2015 (18)
  6. Avira Antivir meldet Malware: PUA/DownlaodGuide.Gen und TR/Patched.Ren.Gen2
    Log-Analyse und Auswertung - 19.03.2015 (15)
  7. Win7 - TR/Patched.Ren.Gen2 von AVIRA entdeckt
    Log-Analyse und Auswertung - 08.11.2014 (15)
  8. Problem: Win8..TR/Patched.Ren.Gen..und..TR/Patched.Ren.Gen2
    Plagegeister aller Art und deren Bekämpfung - 07.11.2014 (5)
  9. TR/Patched.Ren.Gen2 und 'TR/Crypt.XPACK.Gen2'
    Log-Analyse und Auswertung - 16.10.2013 (9)
  10. TR/ATRAPS.Gen2 und W32/Patched.UC gefunden
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (10)
  11. Avira meldet W32/Patched.UC, TR/ATRAPS.Gen2, TR/Gendal.15360, JAVA/Joegek.KY, BDS/ZAccess.AY, EXP/CVE-2012-1723
    Log-Analyse und Auswertung - 27.05.2013 (9)
  12. TR/ATRAPS.Gen2 und W32/Patched.UC gefunden
    Plagegeister aller Art und deren Bekämpfung - 13.05.2013 (19)
  13. Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (23)
  14. Avira meldet TR/ATRAPS.Gen, ...Gen2, W32/Patched.UA und TR/Jorik.Totem.vz
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (1)
  15. W32/Patched.UA, TR/ATRAPS.GEN und GEN2
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (1)
  16. Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI
    Log-Analyse und Auswertung - 27.06.2012 (29)
  17. Atraps.gen2 und W32/patched.ub durch Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (1)

Zum Thema Win10 TR/Patched.Ren.Gen2 und W32/Virut.Gen Avira - Hi. Mein Avira findet in den letzten Tagen dauernd das hier: 1. TR/Patched.Ren.Gen2 Avira Bericht: In der Datei 'C:\Windows\Temp\c7727a93-d455-4d32-92af-3d7dfb32a710\tmp00002fe2\tmp00006ec2' wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Ren.Gen2' [trojan] gefunden. Ausgeführte Aktion: - Win10 TR/Patched.Ren.Gen2 und W32/Virut.Gen Avira...
Archiv
Du betrachtest: Win10 TR/Patched.Ren.Gen2 und W32/Virut.Gen Avira auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.