Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.03.2016, 22:16   #1
shag48
 
Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht - Standard

Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht



Hallo,
heute fiel mir auf, dass AntiVir nicht mehr in der Taskleiste war.
Manuell war es auch nicht zu starten.
Ich habe mir dann die aktuellste Version herunter geladen, konnte diese aber nicht installieren. Statt einer Fehlermeldung passierte einfach gar nichts. Auch ein Rechtsklick und starten per "Administrator" brachte keinen Erfolg.
Habe das vorhandene AntiVir dann deinstalliert und nach einem Neustart versucht zu installieren. Gleiches Spiel.
Danach habe ich es mit AVG versucht. Auch hier keine Installation möglich. Fehlermeldung: Setup Extractor: Zugriff verweigert.
Malwarebytes Anti-Malware konnte ich zwar installieren, aber erst nachdem ich während der Installation den Ordner c:\ProgrammData\Malwarebytes manuell per Klick "freigeben" musste. Vorher war der Zugriff verweigert.

Da ich ähnliche Fälle im Netz gefunden habe, vermute ich einen Befall und hoffe auf Hilfe von euch.

Hier schon mal die Log-Files von FRST:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von shag (Administrator) auf SHAG-PC (11-03-2016 21:55:34)
Gestartet von C:\Users\shag\Desktop
Geladene Profile: shag (Verfügbare Profile: shag & Coco)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) D:\Program Files (x86)\iRacing\iRacingService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Thrustmaster®) D:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(IvoSoft) C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.exe
() C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7512680 2011-10-25] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-09] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\clientmon.exe" [X]
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {6734fc30-9002-11e2-851a-8c89a5c2e538} - K:\setup.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {ccf4559d-4ca0-11e4-b1b1-8c89a5c2e538} - K:\setup.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {ddc22528-591b-11e3-8b61-8c89a5c2e538} - L:\ting.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-30] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
IFEO\AvastSvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\AvastUI.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avcenter.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avconfig.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgidsagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgrsx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.ServiceHost.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.Systray.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.SystrayStartTrigger.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avp.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\bdagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\blindman.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ccuac.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ComboFix.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\egui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\gsam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\hijackthis.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\instup.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\keyscrambler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbampt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamservice.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mcapexe.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mcuicnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MSASCui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MsMpEng.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\msseces.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\rstrui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDFiles.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDMain.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDWinSec.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\spybotsd.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\update.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\wireshark.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\zlclient.exe: [Debugger] C:\Windows\System32\svchost.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-05-31]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\shag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-03-11]

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{64956C90-8573-4570-AE9E-9C6059173262}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH)

FireFox:
========
FF ProfilePath: C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Session Restore: -> ist aktiviert.
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\shag\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @talk.google.com/O1DPlugin -> C:\Users\shag\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @tools.google.com/Google Update;version=3 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @tools.google.com/Google Update;version=9 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF user.js: detected! => C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\user.js [2009-08-30]
FF Plugin ProgramFiles/Appdata: C:\Users\shag\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\shag\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\searchplugins\icqplugin.xml [2016-03-09]
FF Extension: Avira Browser Safety - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\abs@avira.com [2016-02-19]
FF Extension: leethax.net extension - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\leethax@leethax.net.xpi [2014-02-08] [ist nicht signiert]
FF Extension: Move Media Player - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\moveplayer@movenetworks.com [2013-03-18] [ist nicht signiert]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-03-18] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-15] [ist nicht signiert]
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-27]
CHR Extension: (Google Docs) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-27]
CHR Extension: (Google Drive) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-27]
CHR Extension: (Google-Suche) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Tabellen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-27]
CHR Extension: (Avira Browserschutz) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-07]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-27]
CHR Extension: (Google Mail) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-27]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]
S3 GalaxyClientService; D:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-11-13] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7220792 2016-02-11] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-09] (NVIDIA Corporation)
R2 iRacingService; D:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-12] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-09] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-09] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-28] (Electronic Arts)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145736 2013-08-15] (Nuance Communications, Inc.)
R2 tmInstall; d:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [45296 2014-07-22] (Thrustmaster®)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]
S2 MBAMService; "C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2013-12-19] (Advanced Micro Devices) [Datei ist nicht signiert]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2016-02-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 cancel; C:\Program Files (x86)\MSI\Super-Charger\cancel_64.sys [16184 2010-05-21] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-05] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [37248 2012-05-22] (Abelssoft GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [34528 2013-05-16] (Windows (R) Win 7 DDK provider)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-10-05] (Duplex Secure Ltd.)
S3 tmhidusb; C:\Windows\System32\DRIVERS\tmhidusb.sys [166640 2014-07-22] (Thrustmaster)
R2 zntport64; C:\EuCaSoft\zntport64.sys [13880 2007-12-22] (Zeal SoftStudio)
U3 ausi091m; C:\Windows\System32\Drivers\ausi091m.sys [0 ] (Advanced Micro Devices) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 cpuz130; \??\C:\Users\shag\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 NTIOLib_1_0_4; \??\d:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\J:\NTIOLib_X64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-11 21:55 - 2016-03-11 21:55 - 00024206 _____ C:\Users\shag\Desktop\FRST.txt
2016-03-11 21:55 - 2016-03-11 21:42 - 02374144 _____ (Farbar) C:\Users\shag\Desktop\FRST64.exe
2016-03-11 21:53 - 2016-03-11 21:55 - 00000000 ____D C:\FRST
2016-03-11 21:32 - 2016-03-11 21:32 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-03-11 21:32 - 2016-03-11 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-03-11 21:31 - 2016-03-11 21:32 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-03-11 21:31 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-11 21:31 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-11 21:31 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-11 21:20 - 2016-03-11 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-05 12:03 - 2016-03-05 12:03 - 00000000 ____D C:\Users\shag\AppData\Roaming\cerasus.media
2016-03-01 21:22 - 2016-03-01 16:25 - 03793920 _____ (IvoSoft) C:\Windows\SysWOW64\clientmon.exe
2016-03-01 21:12 - 2016-03-11 21:36 - 00003362 _____ C:\Windows\System32\Tasks\Search Filter Host
2016-03-01 21:12 - 2016-03-01 21:12 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Lazy Bear Games
2016-03-01 21:11 - 2016-03-11 21:47 - 00000000 ____D C:\Users\shag\AppData\Local\IIIQF
2016-03-01 21:11 - 2016-03-11 21:47 - 00000000 ____D C:\ProgramData\~0
2016-03-01 21:11 - 2016-03-01 21:11 - 00000006 ____S C:\ProgramData\cfc4764f3bbfae7c2c155456e0ae08a61242b9ff
2016-03-01 21:11 - 2016-03-01 21:11 - 00000000 _RSHD C:\ProgramData\274435
2016-03-01 21:11 - 2016-03-01 21:11 - 00000000 _RSHD C:\ProgramData\274335
2016-03-01 21:11 - 2016-03-01 21:11 - 00000000 ____D C:\Users\shag\AppData\Roaming\Windows
2016-03-01 21:11 - 2016-03-01 21:11 - 00000000 ____D C:\ProgramData\mia2477.tmp
2016-03-01 19:55 - 2016-03-01 19:55 - 00000000 ____D C:\ProgramData\dbdata
2016-02-29 20:27 - 2016-02-29 22:37 - 00000000 ____D C:\Users\shag\AppData\Roaming\Factorio
2016-02-29 20:26 - 2016-02-29 20:26 - 00000936 _____ C:\Users\shag\Desktop\Factorio v0.9.8.lnk
2016-02-25 08:09 - 2016-02-25 08:09 - 00000801 _____ C:\Users\Public\Desktop\Passbild-Generator.lnk
2016-02-25 08:09 - 2016-02-25 08:09 - 00000000 ____D C:\Users\shag\AppData\Local\_3_
2016-02-25 08:09 - 2016-02-25 08:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passbild-Generator
2016-02-23 21:02 - 2016-02-23 21:02 - 00000000 _____ C:\Windows\SysWOW64\RENF24A.tmp
2016-02-23 21:01 - 2016-02-23 20:59 - 00110176 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2016-02-23 20:59 - 2016-02-23 21:01 - 00000000 ____D C:\Users\shag\.oracle_jre_usage
2016-02-23 20:59 - 2016-02-23 20:59 - 00000000 ____D C:\Users\shag\AppData\Roaming\Sun
2016-02-23 20:58 - 2016-02-23 20:58 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Oracle
2016-02-23 20:17 - 2016-02-23 21:09 - 00000000 ____D C:\Users\shag\.litwrl
2016-02-21 11:59 - 2016-02-21 11:59 - 00000000 ____D C:\Users\shag\Documents\DyingLight
2016-02-19 18:50 - 2016-02-19 18:50 - 00000000 ____D C:\Users\shag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-12 16:22 - 2016-02-12 16:22 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Google

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-11 21:50 - 2013-08-25 19:14 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
2016-03-11 21:49 - 2014-11-23 19:32 - 00000000 ____D C:\Users\shag\AppData\Local\My Games
2016-03-11 21:49 - 2013-03-30 23:41 - 00000000 ____D C:\Users\shag\Documents\My Games
2016-03-11 21:49 - 2013-03-18 19:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-11 21:48 - 2015-12-30 20:54 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-11 21:47 - 2015-09-30 22:11 - 00000000 ____D C:\Users\shag\AppData\Roaming\Atari
2016-03-11 21:46 - 2015-03-13 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-03-11 21:46 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-11 21:43 - 2009-07-14 05:45 - 00022848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-11 21:43 - 2009-07-14 05:45 - 00022848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-11 21:42 - 2009-07-14 18:58 - 00699416 _____ C:\Windows\system32\perfh007.dat
2016-03-11 21:42 - 2009-07-14 18:58 - 00149556 _____ C:\Windows\system32\perfc007.dat
2016-03-11 21:42 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-11 21:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-11 21:41 - 2013-05-14 20:49 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-11 21:36 - 2013-05-14 20:49 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-11 21:35 - 2013-03-18 19:28 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-11 21:35 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-11 21:30 - 2014-07-25 20:28 - 00242786 _____ C:\Windows\ntbtlog.txt
2016-03-11 21:18 - 2016-01-03 15:42 - 00000000 ____D C:\Users\shag\AppData\Local\CrashDumps
2016-03-11 21:17 - 2013-03-18 19:16 - 00000000 ____D C:\Users\shag
2016-03-11 21:10 - 2015-10-03 09:12 - 00000000 ____D C:\Users\Coco
2016-03-11 21:10 - 2015-06-10 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-03-11 21:10 - 2015-05-15 10:42 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-11 21:10 - 2014-10-05 15:49 - 00000000 ____D C:\Users\shag\AppData\Roaming\FreeArc
2016-03-11 21:10 - 2014-08-07 21:41 - 00000000 ____D C:\Users\Besuch
2016-03-11 21:10 - 2014-07-27 20:34 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-11 21:10 - 2014-02-10 20:00 - 00000000 ____D C:\Users\shag\AppData\Roaming\Battle.net
2016-03-11 21:10 - 2013-03-21 22:46 - 00000000 ____D C:\Users\shag\AppData\Roaming\vlc
2016-03-11 21:10 - 2013-03-18 20:25 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\ProgramData\Avira
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\Program Files (x86)\Avira
2016-03-11 21:10 - 2009-07-14 19:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-11 21:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-03-11 20:27 - 2013-03-19 20:07 - 00000000 ____D C:\Users\shag\AppData\Roaming\UseNeXT
2016-03-11 20:21 - 2014-02-10 20:00 - 00000000 ____D C:\Users\shag\AppData\Local\Battle.net
2016-03-11 13:20 - 2015-11-15 18:24 - 00033792 _____ C:\Users\shag\Desktop\Finanzen.xls
2016-03-08 16:41 - 2015-11-20 18:45 - 00000000 ____D C:\Users\shag\.gimp-2.8
2016-03-02 18:57 - 2013-04-18 20:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-02 18:05 - 2015-06-19 16:54 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
2016-03-01 19:50 - 2013-08-25 19:14 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
2016-03-01 19:10 - 2013-03-18 20:30 - 00000000 ___RD C:\Users\shag\Dropbox
2016-03-01 19:10 - 2013-03-18 20:29 - 00000000 ____D C:\Users\shag\AppData\Roaming\Dropbox
2016-02-28 10:10 - 2013-05-02 20:29 - 00000000 ____D C:\ProgramData\Origin
2016-02-25 12:05 - 2015-06-19 16:54 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
2016-02-25 08:15 - 2015-10-15 19:41 - 00013405 _____ C:\Windows\BRRBCOM.INI
2016-02-24 16:09 - 2015-11-09 18:52 - 00000498 _____ C:\Users\shag\Desktop\Coco.txt
2016-02-23 21:03 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Oracle
2016-02-23 21:02 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-02-23 21:02 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-23 21:02 - 2013-09-03 20:26 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-23 21:02 - 2013-03-18 20:28 - 00000000 ____D C:\Program Files\Java
2016-02-23 20:59 - 2015-03-13 18:22 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-02-21 11:57 - 2015-12-06 19:16 - 00000000 ____D C:\Users\shag\Desktop\Spiele
2016-02-21 11:44 - 2014-12-05 21:30 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-21 11:44 - 2014-12-05 21:30 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-18 10:22 - 2013-07-24 17:53 - 00000000 ____D C:\ProgramData\Battle.net
2016-02-18 08:09 - 2013-04-02 21:33 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-02-15 21:54 - 2015-01-12 18:27 - 00000000 ____D C:\Users\shag\AppData\Roaming\Mp3tag
2016-02-10 23:35 - 2016-02-07 20:19 - 00000000 ____D C:\Users\shag\Documents\StarCraft II
2016-02-10 20:57 - 2013-04-18 20:08 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-10 20:57 - 2013-03-18 20:25 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-10 20:57 - 2013-03-18 20:25 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-10 19:45 - 2013-08-25 19:14 - 00004084 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA
2016-02-10 19:45 - 2013-08-25 19:14 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-10-14 03:44 - 2013-10-14 03:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2015-06-10 22:13 - 2015-08-24 19:58 - 0007859 _____ () C:\Users\shag\AppData\Roaming\pcouffin.cat
2015-06-10 22:13 - 2015-08-24 19:58 - 0001167 _____ () C:\Users\shag\AppData\Roaming\pcouffin.inf
2015-06-10 22:13 - 2015-08-24 19:58 - 0000055 _____ () C:\Users\shag\AppData\Roaming\pcouffin.log
2014-10-05 15:03 - 2014-10-05 15:03 - 0004096 _____ (Microsoft) C:\Users\shag\AppData\Roaming\Microsoft\1.exe
2014-10-05 15:01 - 2014-11-23 18:21 - 0004096 _____ (Microsoft) C:\Users\shag\AppData\Roaming\Microsoft\Setupx.exe
2014-10-05 15:05 - 2014-10-05 15:10 - 0004096 _____ (Microsoft) C:\Users\shag\AppData\Roaming\Microsoft\svchost.exe
2013-06-04 20:34 - 2015-06-13 17:45 - 0014848 _____ () C:\Users\shag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-02 16:18 - 2015-06-02 16:21 - 0585728 _____ () C:\Users\shag\AppData\Local\file__0.localstorage
2015-11-20 18:47 - 2015-11-20 18:47 - 0000819 _____ () C:\Users\shag\AppData\Local\recently-used.xbel
2013-03-18 19:55 - 2015-05-27 19:39 - 0007649 _____ () C:\Users\shag\AppData\Local\resmon.resmoncfg
2016-03-01 21:11 - 2016-03-01 21:11 - 0000006 ____S () C:\ProgramData\cfc4764f3bbfae7c2c155456e0ae08a61242b9ff

Einige Dateien in TEMP:
====================
C:\Users\Besuch\AppData\Local\Temp\avgnt.exe
C:\Users\Coco\AppData\Local\Temp\avgnt.exe
C:\Users\shag\AppData\Local\Temp\avgnt.exe
C:\Users\shag\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl1ceez.dll
C:\Users\shag\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\shag\AppData\Local\Temp\nvStInst.exe
C:\Users\shag\AppData\Local\Temp\rldfw32_s18g.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s1hc.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s25k.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s2dg.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s2t0.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s3hs.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s5r0.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s6d8.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s6lg.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s6os.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s90.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_sl4.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s1ak.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s3lo.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s3rk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s4gk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s4lc.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s57o.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s58o.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s5kk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s5qk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s5ss.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s6gk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s6og.dll
C:\Users\shag\AppData\Local\Temp\svhost.exe
C:\Users\shag\AppData\Local\Temp\_is3AAF.exe
C:\Users\shag\AppData\Local\Temp\_is4481.exe
C:\Users\shag\AppData\Local\Temp\_isA517.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-03-01 12:59

==================== Ende von FRST.txt ============================
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von shag (2016-03-11 21:55:50)
Gestartet von C:\Users\shag\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-03-18 18:16:49)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2443269024-3109390385-3364977999-500 - Administrator - Disabled)
Coco (S-1-5-21-2443269024-3109390385-3364977999-1008 - Administrator - Enabled) => C:\Users\Coco
Gast (S-1-5-21-2443269024-3109390385-3364977999-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2443269024-3109390385-3364977999-1004 - Limited - Enabled)
shag (S-1-5-21-2443269024-3109390385-3364977999-1000 - Administrator - Enabled) => C:\Users\shag

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Age of Conan: Hyborian Adventures (HKLM-x32\...\Age of Conan_is1) (Version:  - Funcom)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Anno 2205 (HKLM-x32\...\Uplay Install 1253) (Version:  - Ubisoft)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Photo Commander 10 v.10.0.1 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.0.1 - Ashampoo GmbH & Co. KG)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2002861294.48.56.34082026 - Audible, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.141 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BDE Information Utility (HKLM-x32\...\BDE Information Utility) (Version:  - InterBase Installation Info (and BDE Information Utility))
Blender (HKLM\...\{BBE9D9F0-3F77-4E26-9E10-1AFB56D41363}) (Version: 2.76.0 - Blender Foundation)
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J5320DW (HKLM-x32\...\{7FC49664-DAA4-4E7C-ADD0-614ABB43691B}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.20.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.4.0.0377 - Disc Soft Ltd)
Darkest Dungeon (HKLM-x32\...\Darkest Dungeon_is1) (Version:  - )
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
DVDFab 9.0.6.3 (09/09/2013) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.2.17437 - Landesfinanzdirektion Thüringen)
ElsterFormular 2006/2007 (HKLM-x32\...\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}) (Version: 8.2.1.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2007/2008 (HKLM-x32\...\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}) (Version: 9.2.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2008/2009 (HKLM-x32\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.0.0.0 - Steuerverwaltung des Bundes und der Länder)
EuCaSoft 4.4.0.4377 (HKLM-x32\...\EuCaSoft_is1) (Version:  - itas GmbH)
FFB Racing Wheel drivers (HKLM-x32\...\{28B758EA-5C83-48B1-B352-C70F12C73F5A}) (Version: 3.TTRS.2014 - Thrustmaster)
FreeArc 0.666 (HKLM-x32\...\FreeArc) (Version: 0.666 - Bulat Ziganshin)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge)
Geeks3D FurMark 1.13.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0512 - iRacing.com Motorsport Simulations)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java SE Development Kit 7 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Java SE Development Kit 8 Update 73 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180730}) (Version: 8.0.730.2 - Oracle Corporation)
JetDrive (HKLM-x32\...\JetDrive_is1) (Version: 6.11 - Abelssoft)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version:  - Nadeo)
MechWarrior Online (HKLM-x32\...\{9f17023b-d04f-432b-b08a-3bb4c3a7ed3c}) (Version: 1.6.0.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.6.1.0 - Piranha Games Inc.) Hidden
MediaCoder x64 0.8.19.5372 (HKLM\...\MediaCoder x64) (Version: 0.8.19.5372 - Broad Intelligence)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mosaizer Pro v12.0 (HKLM-x32\...\Mosaizer Pro_is1) (Version: 12.0 - APP Helmond)
Mozilla Firefox 19.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 19.0.2 (x86 de)) (Version: 19.0.2 - Mozilla)
Mozilla Firefox 44.0.2 (x86 de) (HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 19.0.2 - Mozilla)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Next Car Game Free Technology Demo (HKLM-x32\...\Next Car Game Free Technology Demo) (Version:  - Bugbear Entertainment)
NoLimits 2 Demo (remove only) (HKLM\...\NoLimits 2 Demo) (Version:  - )
NoLimits Coasters 1.8 (remove only) (HKLM-x32\...\NoLimits Coasters full) (Version:  - )
Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Treiber 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Passbild-Generator v4.0a (HKLM-x32\...\Passbild-Generator_is1) (Version:  - Passbild-Generator)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Railroad Tycoon 3 (HKLM-x32\...\{DE29025A-091F-4998-AD2D-24C84421190F}) (Version: 1.0 - )
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Sentinel System Driver Installer 7.5.1 (HKLM-x32\...\{BF9E346B-5ECE-4A18-9510-55729FD08323}) (Version: 7.5.1 - SafeNet, Inc.)
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Spintires RIP MULTI18 (HKLM-x32\...\U3BpbnRpcmVz_is1) (Version: 1 - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.0.115 - MSI)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.43148 - TeamViewer)
The Witcher 3: Wild Hunt - Alternative Look for Ciri (HKLM-x32\...\Alternative Look for Ciri_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Alternative Look for Triss (HKLM-x32\...\Alternative Look for Triss_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Alternative Look for Yennefer (HKLM-x32\...\Alternative Look for Yennefer_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Ballad Heroes - Neutral Gwent Card Set (HKLM-x32\...\Ballad Heroes - Neutral Gwent Card Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Elite Crossbow Set (HKLM-x32\...\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Finisher Animations (HKLM-x32\...\New Finisher Animations_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract - Skellige's Most Wanted (HKLM-x32\...\New Quest - Contract: Skellige's Most Wanted_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Fool's Gold (HKLM-x32\...\New Quest - Fool's Gold_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Scavenger Hunt - Wolf School Gear (HKLM-x32\...\New Quest - Scavenger Hunt: Wolf School Gear_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Where the Cat and Wolf Play... (HKLM-x32\...\New Quest - Where the Cat and Wolf Play..._is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Nilfgaardian Armor Set (HKLM-x32\...\Nilfgaardian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Skellige Armor Set (HKLM-x32\...\Skellige Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Voodoo Chronicles (HKLM-x32\...\{947E7026-E000-4159-86BC-6B9855EC4517}) (Version: 1.00.0000 - PurpleHills)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.3.0.18 - VSO Software)
War Thunder Launcher 1.0.1.278 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
WhiteCap (HKLM-x32\...\WhiteCap) (Version: 6.4.1 - SoundSpectrum)
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.116 - MSI)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.7.3.20131014 - Xilisoft)
XMedia Recode Version 3.1.7.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.8 - XMedia Recode)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> d:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {2DDE40A1-B5C9-4E30-B49A-056A855363D0} - System32\Tasks\Search Filter Host => C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.exe [2016-03-01] (IvoSoft)
Task: {5CDC7D13-A92F-4C6A-9037-DFA121DFEAA2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {6167180D-AC7E-4C68-8CC9-023DBC147E37} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {6EB11A62-09BE-4E9B-83D4-6A882DE1ED34} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {8497BBEE-475E-4265-AAA8-F224139C7BA0} - System32\Tasks\Super Charger => C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe [2011-07-06] (MSI)
Task: {C5C53FF5-B82F-4F17-AE3C-81D0F93E55D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DB2708DA-72B3-456B-A231-CAA7741EFF08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {DBCDFCAF-D9E9-40F1-AF62-1F1C50B250EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {E4737B22-8F2C-4315-9743-9053915C8DBA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {EC19B7C3-4AAF-4DEF-9968-077FFE35F30A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {EC4FE598-9EC1-4664-A6F2-59D0338E59D0} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {F854E768-B92F-45F6-9F15-D807D339052F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-07-30 10:04 - 2015-12-16 15:53 - 00126072 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-30 20:54 - 2015-12-09 02:52 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-10-15 19:40 - 2005-04-22 05:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2013-05-31 20:12 - 2015-02-10 14:08 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
2013-03-18 19:24 - 2011-11-10 18:01 - 00506384 _____ () C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
2015-05-15 09:45 - 2015-12-09 02:53 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-05-31 20:12 - 2015-02-18 13:11 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2014-08-17 13:48 - 00001055 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1	acdid.acdsystems.com
127.0.0.1 activate.adobe.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\shag\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: Super-Charger => C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{6B1F38FA-F6F9-4ABD-B206-E8C90B977830}] => (Allow) C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B7325FFE-3ADA-4DA1-9DE8-3A2DCA7F5A3B}] => (Allow) C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{07D86DA9-61A3-47CB-B1A6-0513D4F06B65}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FDD9CBBE-0ABD-4667-9596-44E879C79778}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{86E3BE82-CA85-440E-B4B2-B2664B446D92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{11DDDDE2-F308-40AF-8D9D-0E2072E70150}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3163EBD-DDB7-4275-AC6D-8C732590173F}] => (Block) %ProgramFiles% (x86)\SQUARE ENIX\Tombraider\TombRaider.exe
FirewallRules: [TCP Query User{73C838EF-603A-4CF2-A23E-2041E1CFCD82}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{E71ACD03-DA48-431D-949F-BF986E2AC015}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [{4BBC53DD-4D5D-4C50-B909-22E10583A056}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{469D4751-7DFA-4A7C-B361-434CEB6A5A81}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{5BB1082F-2E2D-4EE6-944B-DC344AA5B470}C:\eucasoft\meta.exe] => (Allow) C:\eucasoft\meta.exe
FirewallRules: [UDP Query User{A2668BF5-70B4-4A1E-BDF8-5AB545E14AD3}C:\eucasoft\meta.exe] => (Allow) C:\eucasoft\meta.exe
FirewallRules: [TCP Query User{E3CEC154-48F6-4462-86A3-FA11B8C6E49A}C:\eucasoft\eucasoft.exe] => (Allow) C:\eucasoft\eucasoft.exe
FirewallRules: [UDP Query User{6ABB59E9-B8AC-4332-BD91-82B6FA02BCBC}C:\eucasoft\eucasoft.exe] => (Allow) C:\eucasoft\eucasoft.exe
FirewallRules: [TCP Query User{C38681B1-F9C5-4091-9454-BB9C91B9C217}C:\eucasoft\eucaprn.exe] => (Allow) C:\eucasoft\eucaprn.exe
FirewallRules: [UDP Query User{B68FAD45-EBB9-418D-9418-289EC845D24E}C:\eucasoft\eucaprn.exe] => (Allow) C:\eucasoft\eucaprn.exe
FirewallRules: [TCP Query User{3DC74B91-28FD-420E-AD76-7684D5631DE6}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [UDP Query User{E199CF05-61AE-482C-ADCD-46BC0D125AF6}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [TCP Query User{36345DBD-FF4D-463E-947F-2FB5E8F97CE1}E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe] => (Block) E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe
FirewallRules: [UDP Query User{3C8D0343-259F-44B4-9BF4-9116E1EDCF55}E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe] => (Block) E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe
FirewallRules: [TCP Query User{4A3487F5-0DF9-465C-859C-B2E3CB28767D}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{D243A6A0-89AA-47B7-8C5F-EE81A220C3CB}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{D746F088-F43E-4AD9-9FD0-782FFFF44266}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{C1409997-93DC-4B19-8C85-BE34ADE9EC79}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{BB497C68-00F8-4212-B457-64BD9CE73233}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{8D7CAD06-081F-4293-9AFA-A574B67C0766}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{68094F16-F5E3-4BFE-B7E7-0086A112EDFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1D18F698-41EF-4FF1-B72D-D7D764974717}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CF8BFAAF-E0E6-4FBE-9260-2B26188DFB50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{697C2CFB-27E5-4A1B-83B2-D908CF8D0F1F}D:\program files (x86)\rayman legends\rayman legends.exe] => (Block) D:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{4415CC36-28EC-477F-8CA5-84335AD7A691}D:\program files (x86)\rayman legends\rayman legends.exe] => (Block) D:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [{E3D7CB83-5E5C-47E5-8FE7-0E543DEF0773}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{763A8944-677E-40D8-A3BF-36F032CAE895}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DC6F0895-BCFA-477C-8FAA-6D8FAE970845}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{2527224D-47C0-479D-A667-612AF086AD65}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [TCP Query User{D6BCEDD8-4D78-4A28-8B5E-6D6A755083BE}D:\program files (x86)\warthunder\aces.exe] => (Allow) D:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{018EDE3C-20A5-4DEC-83DC-A0F4035CA4F3}D:\program files (x86)\warthunder\aces.exe] => (Allow) D:\program files (x86)\warthunder\aces.exe
FirewallRules: [{E89F95BB-3F00-4592-BF46-D7A0247E3238}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A453AEC4-A7B7-4DA7-B840-7087754DDBF5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AD67C548-8E7C-40B0-A74F-BA65ACD252C3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rush\rush.exe
FirewallRules: [{1B6D63C6-DF1F-46D9-944A-4534CF00CE52}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rush\rush.exe
FirewallRules: [{90FC0048-BB3C-42A3-838C-93D2305165A5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{D2515F04-7392-4710-8C0B-11C44D9D5051}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{7EAC378D-BC60-44E4-8D20-97726450695B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{CA140986-66FC-4FD1-BD7B-4C731BA13B0D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{E6B3BB6E-1BC0-4659-A1C4-0E907310097A}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A5024DE2-F094-4A6B-B3CE-205B577386AF}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{928EC490-B5EE-4BC5-B83D-0877319F5188}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{18A7466B-1BA1-4EBA-8E1D-2AF3988F32B8}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{596BBFE3-EC8B-41A2-896B-BFC6212DD615}] => (Allow) D:\Program Files (x86)\OriginGames\Dead Space\Dead Space.exe
FirewallRules: [{482F736C-0431-441B-892B-ADD6495FE0B5}] => (Allow) D:\Program Files (x86)\OriginGames\Dead Space\Dead Space.exe
FirewallRules: [TCP Query User{3AC563F9-56E0-4D00-AA38-E94904A971D9}D:\program files (x86)\valve\portal 2\portal2.exe] => (Block) D:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [UDP Query User{CE925544-FD60-47B6-9BB2-776A0331FDBA}D:\program files (x86)\valve\portal 2\portal2.exe] => (Block) D:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [TCP Query User{5B653E1C-7A11-48EC-9DBE-A5A6CB0BE297}D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{CFFFAA87-8C93-421C-9379-BEC740574581}D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [TCP Query User{6F9B727C-9EFD-4404-AA37-4AD93A12B836}D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe
FirewallRules: [UDP Query User{C2D99373-F636-44F6-95F8-91527CB4F5C9}D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe
FirewallRules: [TCP Query User{C542631D-D296-4DD5-A464-85B3CB755448}D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe] => (Block) D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe
FirewallRules: [UDP Query User{3EE0E562-25EE-4679-B1F2-206503432AD1}D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe] => (Block) D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe
FirewallRules: [TCP Query User{B78239F5-94BD-4F90-9F9B-BBE7B1F4F294}D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [UDP Query User{BAB1384F-46C8-4EA3-8AE8-F8FDC3DC2678}D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [{6A8DAA67-50D6-4693-9A05-E987BE0BC205}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{F1084AB7-A049-4C1E-A87E-69EA97D45F5A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [TCP Query User{10A90911-6943-486F-B637-EBF581F06F38}D:\program files (x86)\tera\tera-launcher.exe] => (Allow) D:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [UDP Query User{578E97A2-CE4F-4099-B0C8-66F332017191}D:\program files (x86)\tera\tera-launcher.exe] => (Allow) D:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [{66D14BBE-0EA6-415C-9ECD-21364CA004B2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{3E85FEBD-4AEB-45AF-BDAC-E6C9F4F5702D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{69287390-3691-457C-A38B-CC9337E9E2A5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{E7240E72-D750-43AC-91CA-09B8B47924DF}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{5FC65538-FA6D-49E2-89F9-6FCDEE0078BD}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{1D9830DA-43E2-45B8-BC15-4DB65EB7890C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{F600BCAF-ADBB-4F5D-B30B-9316781C151B}C:\users\shag\appdata\local\temp\gw2.exe] => (Allow) C:\users\shag\appdata\local\temp\gw2.exe
FirewallRules: [UDP Query User{41FA0A67-7849-47E9-8705-46E3EE198D57}C:\users\shag\appdata\local\temp\gw2.exe] => (Allow) C:\users\shag\appdata\local\temp\gw2.exe
FirewallRules: [TCP Query User{A3884C3A-1703-41EC-ABE3-45DD9E7CE962}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{78536A0E-367B-49EF-BC0A-2FA83E57D071}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{0F3E8BC1-14C2-481A-98AB-B244B4F084C5}D:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) D:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{BA93D511-5C13-403C-BFB6-40893AF03417}D:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) D:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [{EBFA0E67-670C-4DF3-A88E-B4A8DDF8AA98}] => (Allow) D:\Program Files (x86)\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [{C269B6F7-1883-40EB-B878-9EF8A9EB172E}] => (Allow) D:\Program Files (x86)\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [TCP Query User{D889D8F7-55CC-445A-8E3E-C0B52B5CDF93}D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Block) D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [UDP Query User{46EE6606-D08C-4C75-ACF2-6CEB161D465F}D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Block) D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [TCP Query User{52DC2877-88F2-42CC-A0CA-E3979AC92D06}D:\program files (x86)\ubisoft\driver san francisco\driver.exe] => (Block) D:\program files (x86)\ubisoft\driver san francisco\driver.exe
FirewallRules: [UDP Query User{4B4DB25B-416E-4147-A842-D107757F7375}D:\program files (x86)\ubisoft\driver san francisco\driver.exe] => (Block) D:\program files (x86)\ubisoft\driver san francisco\driver.exe
FirewallRules: [TCP Query User{65ADDC17-D41E-43CF-8F91-0D1A5E64D260}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [UDP Query User{4FCCBC6A-ECB2-4D49-A0C7-06AA70EDCD31}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [TCP Query User{4727CA4A-F3CF-4D4C-BE94-77013DB3E561}D:\gog games\oddworld - new 'n' tasty\nnt.exe] => (Block) D:\gog games\oddworld - new 'n' tasty\nnt.exe
FirewallRules: [UDP Query User{16F3CC54-81C2-4D68-AC5B-A5F110F39B09}D:\gog games\oddworld - new 'n' tasty\nnt.exe] => (Block) D:\gog games\oddworld - new 'n' tasty\nnt.exe
FirewallRules: [{1EDBCBD6-77FE-4354-AFC1-82B6EEF9C166}] => (Allow) d:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{E95D1DBC-A572-4898-977A-09355E2080D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B6D7FDC2-79E5-443F-B573-ADBE5AE02395}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CC4C363A-92C1-483D-A1F8-D8D10344E52C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{09E746F3-3FA8-46A1-8D39-D2FAA689C686}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{20DEB04C-991B-4CE0-BF6E-832CFE776471}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{318028F5-A87E-4579-9378-43E2C20672BB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{2E5D2FF7-7055-42A5-BA32-6F6F01B54240}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{AA87FFA5-9C61-4FAA-8885-C7C06558CA9F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{F99BA5FE-DD38-41F4-A72E-CE7D43AD47E6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{CBF93050-29C7-4CAA-9A0D-5ED1DD81E6EB}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{52E17C41-63A9-4BE2-8174-4167278F4903}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3BEA036E-82D0-4D77-920E-8482907A261F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{5EA49FF2-A58C-43FF-A927-0A95BC6FCD49}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{60D3597B-38BF-4726-B37B-D84C6033C47A}] => (Allow) D:\Program Files (x86)\OriginGames\SimCity\SimCity\SimCity.exe
FirewallRules: [{FF9D86C5-9E1C-4141-A59B-AAA7CF001273}] => (Allow) D:\Program Files (x86)\OriginGames\SimCity\SimCity\SimCity.exe
FirewallRules: [{0EA73370-3A10-4766-A12F-38F0627859C8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F72DC3C7-0503-41A5-9041-0B676C1641F6}] => (Allow) d:\Program Files (x86)\Brother\Brmfl14e\FAXRX.EXE
FirewallRules: [{2DEEF5AC-1862-4BFF-85D2-38570B129251}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{28C6BC4A-6416-4AB8-9D95-58BFF751A037}D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Block) D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
FirewallRules: [UDP Query User{A3AB2A72-C4C0-4F06-A7EE-35C0A00F8240}D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Block) D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
FirewallRules: [TCP Query User{148864F7-C1E4-43C7-8550-2BD665282F51}D:\program files (x86)\the beginner's guide\beginnersguide.exe] => (Block) D:\program files (x86)\the beginner's guide\beginnersguide.exe
FirewallRules: [UDP Query User{C2EF76C4-BCF3-48FB-B86F-7B9BA0048225}D:\program files (x86)\the beginner's guide\beginnersguide.exe] => (Block) D:\program files (x86)\the beginner's guide\beginnersguide.exe
FirewallRules: [{8D43ABC5-5B12-4069-A956-405E2BDADA0D}] => (Allow) C:\Program Files (x86)\Ubisoft\Anno 2205\Bin\Win64\Anno2205.exe
FirewallRules: [TCP Query User{94CB0C90-4707-4792-A2D5-C25AF29D2469}D:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) D:\program files (x86)\funcom\age of conan\conanpatcher.exe
FirewallRules: [UDP Query User{97F8F9D2-7879-4A76-8105-5F4D34C015FA}D:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) D:\program files (x86)\funcom\age of conan\conanpatcher.exe
FirewallRules: [TCP Query User{99C24D58-9BFA-4554-9E71-00D636CD7E73}D:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconan.exe
FirewallRules: [UDP Query User{4047640F-E7E9-40FE-BA37-92EA829E5E29}D:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconan.exe
FirewallRules: [TCP Query User{427ECFE4-217A-4173-992A-9C438892908B}D:\program files (x86)\funcom\age of conan\ageofconandx10.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconandx10.exe
FirewallRules: [UDP Query User{156CF8DA-5855-45EC-BB9D-FF170F6A355E}D:\program files (x86)\funcom\age of conan\ageofconandx10.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconandx10.exe
FirewallRules: [{64B10E9D-6428-4CFA-90EB-011BF57188B4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{703D5913-0510-4C51-8CD3-10C7E1EA0EE6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A37ABBA-07A0-432C-BCD4-096215DA9189}] => (Allow) D:\Program Files\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{9794E91D-9859-47DE-B442-972C8D67A12B}] => (Allow) D:\Program Files\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{E3EB6327-951D-427C-962D-A9D15D80D3BC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{056185A1-5BA0-4BD6-A258-82BA88A67103}D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe] => (Block) D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe
FirewallRules: [UDP Query User{0E5A04DE-1325-45DA-9DA5-912070B8C4F0}D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe] => (Block) D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe

==================== Wiederherstellungspunkte =========================

14-02-2013 01:40:44 Windows Update
14-02-2013 03:00:19 Windows Update
17-03-2013 17:59:43 Removed Java(TM) 6 Update 39
17-03-2013 18:02:58 Installed Java 7 Update 17
17-03-2013 18:20:27 Windows Update
02-03-2016 18:56:53 Geplanter Prüfpunkt
11-03-2016 21:47:57 Removed RollerCoaster Tycoon® 3

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: AODDriver4.01
Description: AODDriver4.01
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.01
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/11/2016 09:48:36 PM) (Source: MsiInstaller) (EventID: 1024) (User: shag-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F0A4E5C00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (03/11/2016 09:35:59 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/11/2016 09:18:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws.exe, Version: 1.1.56.9119, Zeitstempel: 0x56a8ec36
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a69ec4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x16c4
Startzeit der fehlerhaften Anwendung: 0xavira_de_av_56e31e2f28336__ws.exe0
Pfad der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws.exe1
Pfad des fehlerhaften Moduls: avira_de_av_56e31e2f28336__ws.exe2
Berichtskennung: avira_de_av_56e31e2f28336__ws.exe3

Error: (03/11/2016 09:17:18 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/11/2016 08:51:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws(2).exe, Version: 1.1.56.9119, Zeitstempel: 0x56a8ec36
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a69ec4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xd20
Startzeit der fehlerhaften Anwendung: 0xavira_de_av_56e31e2f28336__ws(2).exe0
Pfad der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws(2).exe1
Pfad des fehlerhaften Moduls: avira_de_av_56e31e2f28336__ws(2).exe2
Berichtskennung: avira_de_av_56e31e2f28336__ws(2).exe3

Error: (03/11/2016 08:50:37 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/11/2016 08:42:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws(1).exe, Version: 1.1.56.9119, Zeitstempel: 0x56a8ec36
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a69ec4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x81c
Startzeit der fehlerhaften Anwendung: 0xavira_de_av_56e31e2f28336__ws(1).exe0
Pfad der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws(1).exe1
Pfad des fehlerhaften Moduls: avira_de_av_56e31e2f28336__ws(1).exe2
Berichtskennung: avira_de_av_56e31e2f28336__ws(1).exe3

Error: (03/11/2016 08:41:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws.exe, Version: 1.1.56.9119, Zeitstempel: 0x56a8ec36
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a69ec4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x2fc
Startzeit der fehlerhaften Anwendung: 0xavira_de_av_56e31e2f28336__ws.exe0
Pfad der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws.exe1
Pfad des fehlerhaften Moduls: avira_de_av_56e31e2f28336__ws.exe2
Berichtskennung: avira_de_av_56e31e2f28336__ws.exe3

Error: (03/11/2016 08:41:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Setup.Bundle.exe, Version: 1.1.56.9119, Zeitstempel: 0x56a8ec36
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a69ec4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xb34
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Setup.Bundle.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Setup.Bundle.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Setup.Bundle.exe2
Berichtskennung: Avira.OE.Setup.Bundle.exe3

Error: (03/11/2016 08:40:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Setup.Bundle.exe, Version: 1.1.56.9119, Zeitstempel: 0x56a8ec36
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a69ec4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1670
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Setup.Bundle.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Setup.Bundle.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Setup.Bundle.exe2
Berichtskennung: Avira.OE.Setup.Bundle.exe3


Systemfehler:
=============
Error: (03/11/2016 09:36:11 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%303.

Error: (03/11/2016 09:36:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (03/11/2016 09:36:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Email-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (03/11/2016 09:35:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/11/2016 09:35:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMService erreicht.

Error: (03/11/2016 09:35:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (03/11/2016 09:35:58 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Planer" wurde mit folgendem dienstspezifischem Fehler beendet: %%305.

Error: (03/11/2016 09:35:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (03/11/2016 09:34:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (03/11/2016 09:34:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


==================== Speicherinformationen =========================== 

Prozessor: AMD Phenom(tm) II X4 965 Processor
Prozentuale Nutzung des RAM: 25%
Installierter physikalischer RAM: 8178.14 MB
Verfügbarer physikalischer RAM: 6054.96 MB
Summe virtueller Speicher: 14176.34 MB
Verfügbarer virtueller Speicher: 11607.18 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:7.53 GB) NTFS
Drive d: (Programme) (Fixed) (Total:833.85 GB) (Free:251.81 GB) NTFS
Drive e: (Safe) (Fixed) (Total:1863.01 GB) (Free:4.93 GB) NTFS
Drive f: (Daten) (Fixed) (Total:208.46 GB) (Free:12.35 GB) NTFS
Drive g: (Win7) (Fixed) (Total:97.56 GB) (Free:16.33 GB) NTFS
Drive h: (WinXP) (Fixed) (Total:24.41 GB) (Free:1.13 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive i: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: B45C1AEF)
Partition 2: (Active) - (Size=1863 GB) - (Type=05)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C68DC68D)
Partition 1: (Active) - (Size=24.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=208.5 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 90486699)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AFD27FD7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

Alt 12.03.2016, 13:54   #2
M-K-D-B
/// TB-Ausbilder
 
Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht - Standard

Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!



Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!





Schritt 1
Bitte lade dir rKill von Grinler auf deinen Desktop von einem der folgenden Links: RKill oder http://www.trojaner-board.de/85629-rkill-download.html
  • Starte nun das Programm durch einen Doppelklick.
  • Wenn sich jetzt kein schwarzes Fenster öffnet, dann versuche einen der anderen Downloadlinks.
  • Das Tool wird jetzt einige Minuten lang laufen und verschiedene Einstellungen prüfen und neu setzen.
  • Nach dem Ende der Abarbeitung öffnet sich automatisch die Logdatei rkill.txt.
  • Bitte poste sie in deinen Thread in CODE-Tags (Anleitung).





Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 4

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 5
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von rKill,
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.
__________________


Geändert von M-K-D-B (12.03.2016 um 14:17 Uhr)

Alt 12.03.2016, 18:02   #3
shag48
 
Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht - Standard

Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht



Hallo Matthias,

danke für Deine Hilfe.

Schritt 1 - rkill
Code:
ATTFilter
Rkill 2.8.3 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 hxxp://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/12/2016 05:34:28 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.exe (PID: 3708) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Backup Registry file created at:
 C:\Users\shag\Desktop\rkill\rkill-03-12-2016-05-34-32.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity: 

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * HOSTS file entries found: 

  127.0.0.1	acdid.acdsystems.com
  127.0.0.1 activate.adobe.com

Program finished at: 03/12/2016 05:34:43 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)
         
Schritt 2 - Adw-Cleaner
Code:
ATTFilter
# AdwCleaner v5.101 - Bericht erstellt am 12/03/2016 um 17:40:41
# Aktualisiert am 07/03/2016 von Xplode
# Datenbank : 2016-03-08.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : shag - SHAG-PC
# Gestartet von : C:\Users\shag\Desktop\AdwCleaner_5.101.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\ProgramData\Trymedia
[-] Ordner Gelöscht : C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\ICQToolbarData

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\searchplugins\icqplugin.xml
[-] Datei Gelöscht : C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\invalidprefs.js

***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HiJackThis.exe
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

***** [ Internetbrowser ] *****

[-] [C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.param.yahoo-fr", "chr-greentree_ff&type=302398");
[-] [C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\prefs.js] [Preference] Gelöscht : user_pref("keyword.URL", "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=");

*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2144 Bytes] - [12/03/2016 17:40:41]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [2062 Bytes] - [12/03/2016 17:39:31]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2330 Bytes] ##########
         
Schritt 3 - Malwarebytes.
War schon installiert bei mir. Lässt sich aber nicht starten.
Deinstallieren und neu installieren funktioniert nicht.
Fehlermeldung bei Installation: Interner Fehler: Expression error 'Runtime Error (at112:109):

Schritt 4 - JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x64 
Ran by shag (Administrator) on 12.03.2016 at 17:51:14,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 30 

Failed to delete: C:\ProgramData\274435 (Folder) 
Successfully deleted: C:\ProgramData\274335 (Folder) 
Successfully deleted: C:\Users\shag\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\user.js (File) 
Successfully deleted: C:\Users\shag\AppData\Roaming\pdfforge (Folder) 
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YPI15MJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2S4E3MDQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\909B81IW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COTE14NY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1F15JCJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXDCPS10 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W996E00P (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\shag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZP79D0MH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YPI15MJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2S4E3MDQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\909B81IW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COTE14NY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1F15JCJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXDCPS10 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W996E00P (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZP79D0MH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\SysWOW64\RENF24A.tmp (File) 



Registry: 2 

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.03.2016 at 17:52:39,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Schritt 5 - FRST
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von shag (Administrator) auf SHAG-PC (12-03-2016 17:54:04)
Gestartet von C:\Users\shag\Desktop
Geladene Profile: shag (Verfügbare Profile: shag & Coco)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) D:\Program Files (x86)\iRacing\iRacingService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Thrustmaster®) D:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IvoSoft) C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_182.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7512680 2011-10-25] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-09] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\clientmon.exe" [X]
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {6734fc30-9002-11e2-851a-8c89a5c2e538} - K:\setup.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {ccf4559d-4ca0-11e4-b1b1-8c89a5c2e538} - K:\setup.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {ddc22528-591b-11e3-8b61-8c89a5c2e538} - L:\ting.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-30] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
IFEO\AvastSvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\AvastUI.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avcenter.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avconfig.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgidsagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgrsx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.ServiceHost.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.Systray.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.SystrayStartTrigger.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avp.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\bdagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\blindman.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ccuac.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ComboFix.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\egui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\gsam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\hijackthis.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\instup.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\keyscrambler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbampt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamservice.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mcapexe.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mcuicnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MSASCui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MsMpEng.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\msseces.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\rstrui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDFiles.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDMain.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDWinSec.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\spybotsd.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\update.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\wireshark.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\zlclient.exe: [Debugger] C:\Windows\System32\svchost.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-05-31]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{64956C90-8573-4570-AE9E-9C6059173262}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Session Restore: -> ist aktiviert.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-11] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\shag\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @talk.google.com/O1DPlugin -> C:\Users\shag\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @tools.google.com/Google Update;version=3 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @tools.google.com/Google Update;version=9 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\shag\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\shag\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Avira Browser Safety - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\abs@avira.com [2016-02-19]
FF Extension: leethax.net extension - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\leethax@leethax.net.xpi [2014-02-08] [ist nicht signiert]
FF Extension: Move Media Player - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\moveplayer@movenetworks.com [2013-03-18] [ist nicht signiert]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-03-18] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-15] [ist nicht signiert]
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-27]
CHR Extension: (Google Docs) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-27]
CHR Extension: (Google Drive) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-27]
CHR Extension: (Google-Suche) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Tabellen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-27]
CHR Extension: (Avira Browserschutz) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-07]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-27]
CHR Extension: (Google Mail) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-27]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]
S3 GalaxyClientService; D:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-11-13] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7220792 2016-02-11] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-09] (NVIDIA Corporation)
R2 iRacingService; D:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-12] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-09] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-09] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-28] (Electronic Arts)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145736 2013-08-15] (Nuance Communications, Inc.)
R2 tmInstall; d:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [45296 2014-07-22] (Thrustmaster®)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2013-12-19] (Advanced Micro Devices) [Datei ist nicht signiert]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2016-02-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 cancel; C:\Program Files (x86)\MSI\Super-Charger\cancel_64.sys [16184 2010-05-21] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-05] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [37248 2012-05-22] (Abelssoft GmbH)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [34528 2013-05-16] (Windows (R) Win 7 DDK provider)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-10-05] (Duplex Secure Ltd.)
S3 tmhidusb; C:\Windows\System32\DRIVERS\tmhidusb.sys [166640 2014-07-22] (Thrustmaster)
R2 zntport64; C:\EuCaSoft\zntport64.sys [13880 2007-12-22] (Zeal SoftStudio)
U3 ahiuozps; C:\Windows\System32\Drivers\ahiuozps.sys [0 ] (Advanced Micro Devices) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 cpuz130; \??\C:\Users\shag\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 NTIOLib_1_0_4; \??\d:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\J:\NTIOLib_X64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-12 17:54 - 2016-03-12 17:54 - 00022593 _____ C:\Users\shag\Desktop\FRST.txt
2016-03-12 17:52 - 2016-03-12 17:52 - 00005224 _____ C:\Users\shag\Desktop\JRT.txt
2016-03-12 17:51 - 2016-03-12 17:51 - 00000000 ____D C:\ProgramData\274335
2016-03-12 17:48 - 2016-03-12 17:48 - 01609216 _____ (Malwarebytes) C:\Users\shag\Desktop\JRT.exe
2016-03-12 17:39 - 2016-03-12 17:40 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-12 17:37 - 2016-03-12 17:35 - 01524224 _____ C:\Users\shag\Desktop\AdwCleaner_5.101.exe
2016-03-12 17:34 - 2016-03-12 17:52 - 00001625 _____ C:\ProgramData\XML
2016-03-12 17:34 - 2016-03-12 17:34 - 00002890 _____ C:\Users\shag\Desktop\Rkill.txt
2016-03-12 17:34 - 2016-03-12 17:34 - 00000000 ____D C:\Users\shag\Desktop\rkill
2016-03-12 17:34 - 2016-03-12 17:33 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\shag\Desktop\rkill.com
2016-03-11 21:55 - 2016-03-11 21:42 - 02374144 _____ (Farbar) C:\Users\shag\Desktop\FRST64.exe
2016-03-11 21:53 - 2016-03-12 17:54 - 00000000 ____D C:\FRST
2016-03-11 21:32 - 2016-03-11 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-03-11 21:31 - 2016-03-11 21:32 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-03-11 21:31 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-11 21:31 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-11 21:31 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-11 21:20 - 2016-03-11 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-05 12:03 - 2016-03-05 12:03 - 00000000 ____D C:\Users\shag\AppData\Roaming\cerasus.media
2016-03-01 21:22 - 2016-03-01 16:25 - 03793920 _____ (IvoSoft) C:\Windows\SysWOW64\clientmon.exe
2016-03-01 21:12 - 2016-03-12 17:51 - 00003362 _____ C:\Windows\System32\Tasks\Search Filter Host
2016-03-01 21:12 - 2016-03-01 21:12 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Lazy Bear Games
2016-03-01 21:11 - 2016-03-12 17:51 - 00000000 __SHD C:\ProgramData\274435
2016-03-01 21:11 - 2016-03-11 21:47 - 00000000 ____D C:\Users\shag\AppData\Local\IIIQF
2016-03-01 21:11 - 2016-03-01 21:11 - 00000006 ____S C:\ProgramData\cfc4764f3bbfae7c2c155456e0ae08a61242b9ff
2016-03-01 21:11 - 2016-03-01 21:11 - 00000000 ____D C:\Users\shag\AppData\Roaming\Windows
2016-03-01 21:11 - 2016-03-01 21:11 - 00000000 ____D C:\ProgramData\mia2477.tmp
2016-03-01 19:55 - 2016-03-01 19:55 - 00000000 ____D C:\ProgramData\dbdata
2016-02-29 20:27 - 2016-02-29 22:37 - 00000000 ____D C:\Users\shag\AppData\Roaming\Factorio
2016-02-29 20:26 - 2016-02-29 20:26 - 00000936 _____ C:\Users\shag\Desktop\Factorio v0.9.8.lnk
2016-02-25 08:09 - 2016-02-25 08:09 - 00000801 _____ C:\Users\Public\Desktop\Passbild-Generator.lnk
2016-02-25 08:09 - 2016-02-25 08:09 - 00000000 ____D C:\Users\shag\AppData\Local\_3_
2016-02-25 08:09 - 2016-02-25 08:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passbild-Generator
2016-02-23 21:01 - 2016-02-23 20:59 - 00110176 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2016-02-23 20:59 - 2016-02-23 21:01 - 00000000 ____D C:\Users\shag\.oracle_jre_usage
2016-02-23 20:59 - 2016-02-23 20:59 - 00000000 ____D C:\Users\shag\AppData\Roaming\Sun
2016-02-23 20:58 - 2016-02-23 20:58 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Oracle
2016-02-23 20:17 - 2016-02-23 21:09 - 00000000 ____D C:\Users\shag\.litwrl
2016-02-21 11:59 - 2016-02-21 11:59 - 00000000 ____D C:\Users\shag\Documents\DyingLight
2016-02-19 18:50 - 2016-02-19 18:50 - 00000000 ____D C:\Users\shag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-12 16:22 - 2016-02-12 16:22 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Google

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-12 17:50 - 2013-08-25 19:14 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
2016-03-12 17:50 - 2009-07-14 05:45 - 00022848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-12 17:50 - 2009-07-14 05:45 - 00022848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-12 17:48 - 2009-07-14 18:58 - 00699416 _____ C:\Windows\system32\perfh007.dat
2016-03-12 17:48 - 2009-07-14 18:58 - 00149556 _____ C:\Windows\system32\perfc007.dat
2016-03-12 17:48 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-12 17:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-12 17:42 - 2013-05-14 20:49 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-12 17:42 - 2013-03-18 19:28 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-12 17:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-12 17:41 - 2013-05-14 20:49 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-12 17:31 - 2015-06-19 16:54 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
2016-03-12 17:31 - 2013-04-18 20:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-12 01:14 - 2015-12-06 19:16 - 00000000 ____D C:\Users\shag\Desktop\Spiele
2016-03-12 01:11 - 2016-01-03 15:42 - 00000000 ____D C:\Users\shag\AppData\Local\CrashDumps
2016-03-12 01:11 - 2013-03-21 22:46 - 00000000 ____D C:\Users\shag\AppData\Roaming\vlc
2016-03-11 22:57 - 2013-04-18 20:08 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-11 22:57 - 2013-03-18 20:25 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-11 22:57 - 2013-03-18 20:25 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-11 21:49 - 2014-11-23 19:32 - 00000000 ____D C:\Users\shag\AppData\Local\My Games
2016-03-11 21:49 - 2013-03-30 23:41 - 00000000 ____D C:\Users\shag\Documents\My Games
2016-03-11 21:49 - 2013-03-18 19:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-11 21:48 - 2015-12-30 20:54 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-11 21:47 - 2015-09-30 22:11 - 00000000 ____D C:\Users\shag\AppData\Roaming\Atari
2016-03-11 21:46 - 2015-03-13 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-03-11 21:46 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-11 21:30 - 2014-07-25 20:28 - 00242786 _____ C:\Windows\ntbtlog.txt
2016-03-11 21:17 - 2013-03-18 19:16 - 00000000 ____D C:\Users\shag
2016-03-11 21:10 - 2015-10-03 09:12 - 00000000 ____D C:\Users\Coco
2016-03-11 21:10 - 2015-06-10 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-03-11 21:10 - 2015-05-15 10:42 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-11 21:10 - 2014-10-05 15:49 - 00000000 ____D C:\Users\shag\AppData\Roaming\FreeArc
2016-03-11 21:10 - 2014-08-07 21:41 - 00000000 ____D C:\Users\Besuch
2016-03-11 21:10 - 2014-07-27 20:34 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-11 21:10 - 2014-02-10 20:00 - 00000000 ____D C:\Users\shag\AppData\Roaming\Battle.net
2016-03-11 21:10 - 2013-03-18 20:25 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\ProgramData\Avira
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\Program Files (x86)\Avira
2016-03-11 21:10 - 2009-07-14 19:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-11 21:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-03-11 20:27 - 2013-03-19 20:07 - 00000000 ____D C:\Users\shag\AppData\Roaming\UseNeXT
2016-03-11 20:21 - 2014-02-10 20:00 - 00000000 ____D C:\Users\shag\AppData\Local\Battle.net
2016-03-11 13:20 - 2015-11-15 18:24 - 00033792 _____ C:\Users\shag\Desktop\Finanzen.xls
2016-03-08 16:41 - 2015-11-20 18:45 - 00000000 ____D C:\Users\shag\.gimp-2.8
2016-03-01 19:50 - 2013-08-25 19:14 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
2016-03-01 19:10 - 2013-03-18 20:30 - 00000000 ___RD C:\Users\shag\Dropbox
2016-03-01 19:10 - 2013-03-18 20:29 - 00000000 ____D C:\Users\shag\AppData\Roaming\Dropbox
2016-02-28 10:10 - 2013-05-02 20:29 - 00000000 ____D C:\ProgramData\Origin
2016-02-25 12:05 - 2015-06-19 16:54 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
2016-02-25 08:15 - 2015-10-15 19:41 - 00013405 _____ C:\Windows\BRRBCOM.INI
2016-02-24 16:09 - 2015-11-09 18:52 - 00000498 _____ C:\Users\shag\Desktop\Coco.txt
2016-02-23 21:03 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Oracle
2016-02-23 21:02 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-02-23 21:02 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-23 21:02 - 2013-09-03 20:26 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-23 21:02 - 2013-03-18 20:28 - 00000000 ____D C:\Program Files\Java
2016-02-23 20:59 - 2015-03-13 18:22 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-02-21 11:44 - 2014-12-05 21:30 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-21 11:44 - 2014-12-05 21:30 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-18 10:22 - 2013-07-24 17:53 - 00000000 ____D C:\ProgramData\Battle.net
2016-02-18 08:09 - 2013-04-02 21:33 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-02-15 21:54 - 2015-01-12 18:27 - 00000000 ____D C:\Users\shag\AppData\Roaming\Mp3tag

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-10-14 03:44 - 2013-10-14 03:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2015-06-10 22:13 - 2015-08-24 19:58 - 0007859 _____ () C:\Users\shag\AppData\Roaming\pcouffin.cat
2015-06-10 22:13 - 2015-08-24 19:58 - 0001167 _____ () C:\Users\shag\AppData\Roaming\pcouffin.inf
2015-06-10 22:13 - 2015-08-24 19:58 - 0000055 _____ () C:\Users\shag\AppData\Roaming\pcouffin.log
2014-10-05 15:03 - 2014-10-05 15:03 - 0004096 _____ (Microsoft) C:\Users\shag\AppData\Roaming\Microsoft\1.exe
2014-10-05 15:01 - 2014-11-23 18:21 - 0004096 _____ (Microsoft) C:\Users\shag\AppData\Roaming\Microsoft\Setupx.exe
2014-10-05 15:05 - 2014-10-05 15:10 - 0004096 _____ (Microsoft) C:\Users\shag\AppData\Roaming\Microsoft\svchost.exe
2013-06-04 20:34 - 2015-06-13 17:45 - 0014848 _____ () C:\Users\shag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-02 16:18 - 2015-06-02 16:21 - 0585728 _____ () C:\Users\shag\AppData\Local\file__0.localstorage
2015-11-20 18:47 - 2015-11-20 18:47 - 0000819 _____ () C:\Users\shag\AppData\Local\recently-used.xbel
2013-03-18 19:55 - 2015-05-27 19:39 - 0007649 _____ () C:\Users\shag\AppData\Local\resmon.resmoncfg
2016-03-01 21:11 - 2016-03-01 21:11 - 0000006 ____S () C:\ProgramData\cfc4764f3bbfae7c2c155456e0ae08a61242b9ff
2016-03-12 17:34 - 2016-03-12 17:52 - 0001625 _____ () C:\ProgramData\XML

Einige Dateien in TEMP:
====================
C:\Users\Besuch\AppData\Local\Temp\avgnt.exe
C:\Users\Coco\AppData\Local\Temp\avgnt.exe
C:\Users\shag\AppData\Local\Temp\avgnt.exe
C:\Users\shag\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl1ceez.dll
C:\Users\shag\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\shag\AppData\Local\Temp\nvStInst.exe
C:\Users\shag\AppData\Local\Temp\rldfw32_s18g.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s1hc.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s25k.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s2dg.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s2t0.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s3hs.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s5r0.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s6d8.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s6lg.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s6os.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s90.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_sl4.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s1ak.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s3lo.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s3rk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s4gk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s4lc.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s57o.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s58o.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s5kk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s5qk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s5ss.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s6gk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s6og.dll
C:\Users\shag\AppData\Local\Temp\sqlite3.dll
C:\Users\shag\AppData\Local\Temp\svhost.exe
C:\Users\shag\AppData\Local\Temp\_is3AAF.exe
C:\Users\shag\AppData\Local\Temp\_is4481.exe
C:\Users\shag\AppData\Local\Temp\_isA517.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-03-12 15:55

==================== Ende von FRST.txt ============================
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von shag (2016-03-12 17:54:22)
Gestartet von C:\Users\shag\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-03-18 18:16:49)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2443269024-3109390385-3364977999-500 - Administrator - Disabled)
Coco (S-1-5-21-2443269024-3109390385-3364977999-1008 - Administrator - Enabled) => C:\Users\Coco
Gast (S-1-5-21-2443269024-3109390385-3364977999-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2443269024-3109390385-3364977999-1004 - Limited - Enabled)
shag (S-1-5-21-2443269024-3109390385-3364977999-1000 - Administrator - Enabled) => C:\Users\shag

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Age of Conan: Hyborian Adventures (HKLM-x32\...\Age of Conan_is1) (Version:  - Funcom)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Anno 2205 (HKLM-x32\...\Uplay Install 1253) (Version:  - Ubisoft)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Photo Commander 10 v.10.0.1 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.0.1 - Ashampoo GmbH & Co. KG)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2002861294.48.56.34082026 - Audible, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.141 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BDE Information Utility (HKLM-x32\...\BDE Information Utility) (Version:  - InterBase Installation Info (and BDE Information Utility))
Blender (HKLM\...\{BBE9D9F0-3F77-4E26-9E10-1AFB56D41363}) (Version: 2.76.0 - Blender Foundation)
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J5320DW (HKLM-x32\...\{7FC49664-DAA4-4E7C-ADD0-614ABB43691B}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.20.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.4.0.0377 - Disc Soft Ltd)
Darkest Dungeon (HKLM-x32\...\Darkest Dungeon_is1) (Version:  - )
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
DVDFab 9.0.6.3 (09/09/2013) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.2.17437 - Landesfinanzdirektion Thüringen)
ElsterFormular 2006/2007 (HKLM-x32\...\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}) (Version: 8.2.1.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2007/2008 (HKLM-x32\...\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}) (Version: 9.2.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2008/2009 (HKLM-x32\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.0.0.0 - Steuerverwaltung des Bundes und der Länder)
EuCaSoft 4.4.0.4377 (HKLM-x32\...\EuCaSoft_is1) (Version:  - itas GmbH)
FFB Racing Wheel drivers (HKLM-x32\...\{28B758EA-5C83-48B1-B352-C70F12C73F5A}) (Version: 3.TTRS.2014 - Thrustmaster)
FreeArc 0.666 (HKLM-x32\...\FreeArc) (Version: 0.666 - Bulat Ziganshin)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge)
Geeks3D FurMark 1.13.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0512 - iRacing.com Motorsport Simulations)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java SE Development Kit 7 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Java SE Development Kit 8 Update 73 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180730}) (Version: 8.0.730.2 - Oracle Corporation)
JetDrive (HKLM-x32\...\JetDrive_is1) (Version: 6.11 - Abelssoft)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version:  - Nadeo)
MechWarrior Online (HKLM-x32\...\{9f17023b-d04f-432b-b08a-3bb4c3a7ed3c}) (Version: 1.6.0.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.6.1.0 - Piranha Games Inc.) Hidden
MediaCoder x64 0.8.19.5372 (HKLM\...\MediaCoder x64) (Version: 0.8.19.5372 - Broad Intelligence)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mosaizer Pro v12.0 (HKLM-x32\...\Mosaizer Pro_is1) (Version: 12.0 - APP Helmond)
Mozilla Firefox 19.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 19.0.2 (x86 de)) (Version: 19.0.2 - Mozilla)
Mozilla Firefox 44.0.2 (x86 de) (HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 19.0.2 - Mozilla)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Next Car Game Free Technology Demo (HKLM-x32\...\Next Car Game Free Technology Demo) (Version:  - Bugbear Entertainment)
NoLimits 2 Demo (remove only) (HKLM\...\NoLimits 2 Demo) (Version:  - )
NoLimits Coasters 1.8 (remove only) (HKLM-x32\...\NoLimits Coasters full) (Version:  - )
Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Treiber 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Passbild-Generator v4.0a (HKLM-x32\...\Passbild-Generator_is1) (Version:  - Passbild-Generator)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Railroad Tycoon 3 (HKLM-x32\...\{DE29025A-091F-4998-AD2D-24C84421190F}) (Version: 1.0 - )
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Sentinel System Driver Installer 7.5.1 (HKLM-x32\...\{BF9E346B-5ECE-4A18-9510-55729FD08323}) (Version: 7.5.1 - SafeNet, Inc.)
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Spintires RIP MULTI18 (HKLM-x32\...\U3BpbnRpcmVz_is1) (Version: 1 - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.0.115 - MSI)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.43148 - TeamViewer)
The Witcher 3: Wild Hunt - Alternative Look for Ciri (HKLM-x32\...\Alternative Look for Ciri_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Alternative Look for Triss (HKLM-x32\...\Alternative Look for Triss_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Alternative Look for Yennefer (HKLM-x32\...\Alternative Look for Yennefer_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Ballad Heroes - Neutral Gwent Card Set (HKLM-x32\...\Ballad Heroes - Neutral Gwent Card Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Elite Crossbow Set (HKLM-x32\...\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Finisher Animations (HKLM-x32\...\New Finisher Animations_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract - Skellige's Most Wanted (HKLM-x32\...\New Quest - Contract: Skellige's Most Wanted_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Fool's Gold (HKLM-x32\...\New Quest - Fool's Gold_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Scavenger Hunt - Wolf School Gear (HKLM-x32\...\New Quest - Scavenger Hunt: Wolf School Gear_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Where the Cat and Wolf Play... (HKLM-x32\...\New Quest - Where the Cat and Wolf Play..._is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Nilfgaardian Armor Set (HKLM-x32\...\Nilfgaardian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Skellige Armor Set (HKLM-x32\...\Skellige Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Voodoo Chronicles (HKLM-x32\...\{947E7026-E000-4159-86BC-6B9855EC4517}) (Version: 1.00.0000 - PurpleHills)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.3.0.18 - VSO Software)
War Thunder Launcher 1.0.1.278 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
WhiteCap (HKLM-x32\...\WhiteCap) (Version: 6.4.1 - SoundSpectrum)
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.116 - MSI)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.7.3.20131014 - Xilisoft)
XMedia Recode Version 3.1.7.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.8 - XMedia Recode)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> d:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {2DDE40A1-B5C9-4E30-B49A-056A855363D0} - System32\Tasks\Search Filter Host => C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.exe [2016-03-01] (IvoSoft)
Task: {5CDC7D13-A92F-4C6A-9037-DFA121DFEAA2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {6167180D-AC7E-4C68-8CC9-023DBC147E37} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {6EB11A62-09BE-4E9B-83D4-6A882DE1ED34} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {8497BBEE-475E-4265-AAA8-F224139C7BA0} - System32\Tasks\Super Charger => C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe [2011-07-06] (MSI)
Task: {C5C53FF5-B82F-4F17-AE3C-81D0F93E55D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DB2708DA-72B3-456B-A231-CAA7741EFF08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-11] (Adobe Systems Incorporated)
Task: {DBCDFCAF-D9E9-40F1-AF62-1F1C50B250EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {E4737B22-8F2C-4315-9743-9053915C8DBA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {EC19B7C3-4AAF-4DEF-9968-077FFE35F30A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {EC4FE598-9EC1-4664-A6F2-59D0338E59D0} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {F854E768-B92F-45F6-9F15-D807D339052F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-30 20:54 - 2015-12-09 02:52 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-10-15 19:40 - 2005-04-22 05:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2015-05-15 09:45 - 2015-12-09 02:53 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-03-11 22:57 - 2016-03-11 22:57 - 19397824 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2014-08-17 13:48 - 00001055 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1	acdid.acdsystems.com
127.0.0.1 activate.adobe.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\shag\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: Super-Charger => C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{6B1F38FA-F6F9-4ABD-B206-E8C90B977830}] => (Allow) C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B7325FFE-3ADA-4DA1-9DE8-3A2DCA7F5A3B}] => (Allow) C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{07D86DA9-61A3-47CB-B1A6-0513D4F06B65}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FDD9CBBE-0ABD-4667-9596-44E879C79778}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{86E3BE82-CA85-440E-B4B2-B2664B446D92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{11DDDDE2-F308-40AF-8D9D-0E2072E70150}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3163EBD-DDB7-4275-AC6D-8C732590173F}] => (Block) %ProgramFiles% (x86)\SQUARE ENIX\Tombraider\TombRaider.exe
FirewallRules: [TCP Query User{73C838EF-603A-4CF2-A23E-2041E1CFCD82}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{E71ACD03-DA48-431D-949F-BF986E2AC015}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [{4BBC53DD-4D5D-4C50-B909-22E10583A056}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{469D4751-7DFA-4A7C-B361-434CEB6A5A81}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{5BB1082F-2E2D-4EE6-944B-DC344AA5B470}C:\eucasoft\meta.exe] => (Allow) C:\eucasoft\meta.exe
FirewallRules: [UDP Query User{A2668BF5-70B4-4A1E-BDF8-5AB545E14AD3}C:\eucasoft\meta.exe] => (Allow) C:\eucasoft\meta.exe
FirewallRules: [TCP Query User{E3CEC154-48F6-4462-86A3-FA11B8C6E49A}C:\eucasoft\eucasoft.exe] => (Allow) C:\eucasoft\eucasoft.exe
FirewallRules: [UDP Query User{6ABB59E9-B8AC-4332-BD91-82B6FA02BCBC}C:\eucasoft\eucasoft.exe] => (Allow) C:\eucasoft\eucasoft.exe
FirewallRules: [TCP Query User{C38681B1-F9C5-4091-9454-BB9C91B9C217}C:\eucasoft\eucaprn.exe] => (Allow) C:\eucasoft\eucaprn.exe
FirewallRules: [UDP Query User{B68FAD45-EBB9-418D-9418-289EC845D24E}C:\eucasoft\eucaprn.exe] => (Allow) C:\eucasoft\eucaprn.exe
FirewallRules: [TCP Query User{3DC74B91-28FD-420E-AD76-7684D5631DE6}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [UDP Query User{E199CF05-61AE-482C-ADCD-46BC0D125AF6}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [TCP Query User{36345DBD-FF4D-463E-947F-2FB5E8F97CE1}E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe] => (Block) E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe
FirewallRules: [UDP Query User{3C8D0343-259F-44B4-9BF4-9116E1EDCF55}E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe] => (Block) E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe
FirewallRules: [TCP Query User{4A3487F5-0DF9-465C-859C-B2E3CB28767D}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{D243A6A0-89AA-47B7-8C5F-EE81A220C3CB}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{D746F088-F43E-4AD9-9FD0-782FFFF44266}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{C1409997-93DC-4B19-8C85-BE34ADE9EC79}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{BB497C68-00F8-4212-B457-64BD9CE73233}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{8D7CAD06-081F-4293-9AFA-A574B67C0766}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{68094F16-F5E3-4BFE-B7E7-0086A112EDFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1D18F698-41EF-4FF1-B72D-D7D764974717}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CF8BFAAF-E0E6-4FBE-9260-2B26188DFB50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{697C2CFB-27E5-4A1B-83B2-D908CF8D0F1F}D:\program files (x86)\rayman legends\rayman legends.exe] => (Block) D:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{4415CC36-28EC-477F-8CA5-84335AD7A691}D:\program files (x86)\rayman legends\rayman legends.exe] => (Block) D:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [{E3D7CB83-5E5C-47E5-8FE7-0E543DEF0773}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{763A8944-677E-40D8-A3BF-36F032CAE895}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DC6F0895-BCFA-477C-8FAA-6D8FAE970845}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{2527224D-47C0-479D-A667-612AF086AD65}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [TCP Query User{D6BCEDD8-4D78-4A28-8B5E-6D6A755083BE}D:\program files (x86)\warthunder\aces.exe] => (Allow) D:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{018EDE3C-20A5-4DEC-83DC-A0F4035CA4F3}D:\program files (x86)\warthunder\aces.exe] => (Allow) D:\program files (x86)\warthunder\aces.exe
FirewallRules: [{E89F95BB-3F00-4592-BF46-D7A0247E3238}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A453AEC4-A7B7-4DA7-B840-7087754DDBF5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AD67C548-8E7C-40B0-A74F-BA65ACD252C3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rush\rush.exe
FirewallRules: [{1B6D63C6-DF1F-46D9-944A-4534CF00CE52}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rush\rush.exe
FirewallRules: [{90FC0048-BB3C-42A3-838C-93D2305165A5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{D2515F04-7392-4710-8C0B-11C44D9D5051}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{7EAC378D-BC60-44E4-8D20-97726450695B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{CA140986-66FC-4FD1-BD7B-4C731BA13B0D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{E6B3BB6E-1BC0-4659-A1C4-0E907310097A}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A5024DE2-F094-4A6B-B3CE-205B577386AF}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{928EC490-B5EE-4BC5-B83D-0877319F5188}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{18A7466B-1BA1-4EBA-8E1D-2AF3988F32B8}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{596BBFE3-EC8B-41A2-896B-BFC6212DD615}] => (Allow) D:\Program Files (x86)\OriginGames\Dead Space\Dead Space.exe
FirewallRules: [{482F736C-0431-441B-892B-ADD6495FE0B5}] => (Allow) D:\Program Files (x86)\OriginGames\Dead Space\Dead Space.exe
FirewallRules: [TCP Query User{3AC563F9-56E0-4D00-AA38-E94904A971D9}D:\program files (x86)\valve\portal 2\portal2.exe] => (Block) D:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [UDP Query User{CE925544-FD60-47B6-9BB2-776A0331FDBA}D:\program files (x86)\valve\portal 2\portal2.exe] => (Block) D:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [TCP Query User{5B653E1C-7A11-48EC-9DBE-A5A6CB0BE297}D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{CFFFAA87-8C93-421C-9379-BEC740574581}D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [TCP Query User{6F9B727C-9EFD-4404-AA37-4AD93A12B836}D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe
FirewallRules: [UDP Query User{C2D99373-F636-44F6-95F8-91527CB4F5C9}D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe
FirewallRules: [TCP Query User{C542631D-D296-4DD5-A464-85B3CB755448}D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe] => (Block) D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe
FirewallRules: [UDP Query User{3EE0E562-25EE-4679-B1F2-206503432AD1}D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe] => (Block) D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe
FirewallRules: [TCP Query User{B78239F5-94BD-4F90-9F9B-BBE7B1F4F294}D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [UDP Query User{BAB1384F-46C8-4EA3-8AE8-F8FDC3DC2678}D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [{6A8DAA67-50D6-4693-9A05-E987BE0BC205}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{F1084AB7-A049-4C1E-A87E-69EA97D45F5A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [TCP Query User{10A90911-6943-486F-B637-EBF581F06F38}D:\program files (x86)\tera\tera-launcher.exe] => (Allow) D:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [UDP Query User{578E97A2-CE4F-4099-B0C8-66F332017191}D:\program files (x86)\tera\tera-launcher.exe] => (Allow) D:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [{66D14BBE-0EA6-415C-9ECD-21364CA004B2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{3E85FEBD-4AEB-45AF-BDAC-E6C9F4F5702D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{69287390-3691-457C-A38B-CC9337E9E2A5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{E7240E72-D750-43AC-91CA-09B8B47924DF}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{5FC65538-FA6D-49E2-89F9-6FCDEE0078BD}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{1D9830DA-43E2-45B8-BC15-4DB65EB7890C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{F600BCAF-ADBB-4F5D-B30B-9316781C151B}C:\users\shag\appdata\local\temp\gw2.exe] => (Allow) C:\users\shag\appdata\local\temp\gw2.exe
FirewallRules: [UDP Query User{41FA0A67-7849-47E9-8705-46E3EE198D57}C:\users\shag\appdata\local\temp\gw2.exe] => (Allow) C:\users\shag\appdata\local\temp\gw2.exe
FirewallRules: [TCP Query User{A3884C3A-1703-41EC-ABE3-45DD9E7CE962}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{78536A0E-367B-49EF-BC0A-2FA83E57D071}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{0F3E8BC1-14C2-481A-98AB-B244B4F084C5}D:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) D:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{BA93D511-5C13-403C-BFB6-40893AF03417}D:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) D:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [{EBFA0E67-670C-4DF3-A88E-B4A8DDF8AA98}] => (Allow) D:\Program Files (x86)\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [{C269B6F7-1883-40EB-B878-9EF8A9EB172E}] => (Allow) D:\Program Files (x86)\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [TCP Query User{D889D8F7-55CC-445A-8E3E-C0B52B5CDF93}D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Block) D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [UDP Query User{46EE6606-D08C-4C75-ACF2-6CEB161D465F}D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Block) D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [TCP Query User{52DC2877-88F2-42CC-A0CA-E3979AC92D06}D:\program files (x86)\ubisoft\driver san francisco\driver.exe] => (Block) D:\program files (x86)\ubisoft\driver san francisco\driver.exe
FirewallRules: [UDP Query User{4B4DB25B-416E-4147-A842-D107757F7375}D:\program files (x86)\ubisoft\driver san francisco\driver.exe] => (Block) D:\program files (x86)\ubisoft\driver san francisco\driver.exe
FirewallRules: [TCP Query User{65ADDC17-D41E-43CF-8F91-0D1A5E64D260}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [UDP Query User{4FCCBC6A-ECB2-4D49-A0C7-06AA70EDCD31}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [TCP Query User{4727CA4A-F3CF-4D4C-BE94-77013DB3E561}D:\gog games\oddworld - new 'n' tasty\nnt.exe] => (Block) D:\gog games\oddworld - new 'n' tasty\nnt.exe
FirewallRules: [UDP Query User{16F3CC54-81C2-4D68-AC5B-A5F110F39B09}D:\gog games\oddworld - new 'n' tasty\nnt.exe] => (Block) D:\gog games\oddworld - new 'n' tasty\nnt.exe
FirewallRules: [{1EDBCBD6-77FE-4354-AFC1-82B6EEF9C166}] => (Allow) d:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{E95D1DBC-A572-4898-977A-09355E2080D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B6D7FDC2-79E5-443F-B573-ADBE5AE02395}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CC4C363A-92C1-483D-A1F8-D8D10344E52C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{09E746F3-3FA8-46A1-8D39-D2FAA689C686}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{20DEB04C-991B-4CE0-BF6E-832CFE776471}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{318028F5-A87E-4579-9378-43E2C20672BB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{2E5D2FF7-7055-42A5-BA32-6F6F01B54240}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{AA87FFA5-9C61-4FAA-8885-C7C06558CA9F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{F99BA5FE-DD38-41F4-A72E-CE7D43AD47E6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{CBF93050-29C7-4CAA-9A0D-5ED1DD81E6EB}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{52E17C41-63A9-4BE2-8174-4167278F4903}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3BEA036E-82D0-4D77-920E-8482907A261F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{5EA49FF2-A58C-43FF-A927-0A95BC6FCD49}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{60D3597B-38BF-4726-B37B-D84C6033C47A}] => (Allow) D:\Program Files (x86)\OriginGames\SimCity\SimCity\SimCity.exe
FirewallRules: [{FF9D86C5-9E1C-4141-A59B-AAA7CF001273}] => (Allow) D:\Program Files (x86)\OriginGames\SimCity\SimCity\SimCity.exe
FirewallRules: [{0EA73370-3A10-4766-A12F-38F0627859C8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F72DC3C7-0503-41A5-9041-0B676C1641F6}] => (Allow) d:\Program Files (x86)\Brother\Brmfl14e\FAXRX.EXE
FirewallRules: [{2DEEF5AC-1862-4BFF-85D2-38570B129251}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{28C6BC4A-6416-4AB8-9D95-58BFF751A037}D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Block) D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
FirewallRules: [UDP Query User{A3AB2A72-C4C0-4F06-A7EE-35C0A00F8240}D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Block) D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
FirewallRules: [TCP Query User{148864F7-C1E4-43C7-8550-2BD665282F51}D:\program files (x86)\the beginner's guide\beginnersguide.exe] => (Block) D:\program files (x86)\the beginner's guide\beginnersguide.exe
FirewallRules: [UDP Query User{C2EF76C4-BCF3-48FB-B86F-7B9BA0048225}D:\program files (x86)\the beginner's guide\beginnersguide.exe] => (Block) D:\program files (x86)\the beginner's guide\beginnersguide.exe
FirewallRules: [{8D43ABC5-5B12-4069-A956-405E2BDADA0D}] => (Allow) C:\Program Files (x86)\Ubisoft\Anno 2205\Bin\Win64\Anno2205.exe
FirewallRules: [TCP Query User{94CB0C90-4707-4792-A2D5-C25AF29D2469}D:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) D:\program files (x86)\funcom\age of conan\conanpatcher.exe
FirewallRules: [UDP Query User{97F8F9D2-7879-4A76-8105-5F4D34C015FA}D:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) D:\program files (x86)\funcom\age of conan\conanpatcher.exe
FirewallRules: [TCP Query User{99C24D58-9BFA-4554-9E71-00D636CD7E73}D:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconan.exe
FirewallRules: [UDP Query User{4047640F-E7E9-40FE-BA37-92EA829E5E29}D:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconan.exe
FirewallRules: [TCP Query User{427ECFE4-217A-4173-992A-9C438892908B}D:\program files (x86)\funcom\age of conan\ageofconandx10.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconandx10.exe
FirewallRules: [UDP Query User{156CF8DA-5855-45EC-BB9D-FF170F6A355E}D:\program files (x86)\funcom\age of conan\ageofconandx10.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconandx10.exe
FirewallRules: [{64B10E9D-6428-4CFA-90EB-011BF57188B4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{703D5913-0510-4C51-8CD3-10C7E1EA0EE6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A37ABBA-07A0-432C-BCD4-096215DA9189}] => (Allow) D:\Program Files\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{9794E91D-9859-47DE-B442-972C8D67A12B}] => (Allow) D:\Program Files\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{E3EB6327-951D-427C-962D-A9D15D80D3BC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{056185A1-5BA0-4BD6-A258-82BA88A67103}D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe] => (Block) D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe
FirewallRules: [UDP Query User{0E5A04DE-1325-45DA-9DA5-912070B8C4F0}D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe] => (Block) D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe

==================== Wiederherstellungspunkte =========================

14-02-2013 01:40:44 Windows Update
14-02-2013 03:00:19 Windows Update
17-03-2013 17:59:43 Removed Java(TM) 6 Update 39
17-03-2013 18:02:58 Installed Java 7 Update 17
17-03-2013 18:20:27 Windows Update
11-03-2016 21:47:57 Removed RollerCoaster Tycoon® 3
12-03-2016 17:51:16 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: AODDriver4.01
Description: AODDriver4.01
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.01
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/12/2016 05:42:08 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/12/2016 02:37:45 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/12/2016 01:11:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a6a196
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ac04
ID des fehlerhaften Prozesses: 0x1210
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (03/12/2016 12:11:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a6a196
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ac04
ID des fehlerhaften Prozesses: 0xefc
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (03/11/2016 09:48:36 PM) (Source: MsiInstaller) (EventID: 1024) (User: shag-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F0A4E5C00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (03/11/2016 09:35:59 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/11/2016 09:18:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws.exe, Version: 1.1.56.9119, Zeitstempel: 0x56a8ec36
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a69ec4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x16c4
Startzeit der fehlerhaften Anwendung: 0xavira_de_av_56e31e2f28336__ws.exe0
Pfad der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws.exe1
Pfad des fehlerhaften Moduls: avira_de_av_56e31e2f28336__ws.exe2
Berichtskennung: avira_de_av_56e31e2f28336__ws.exe3

Error: (03/11/2016 09:17:18 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/11/2016 08:51:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws(2).exe, Version: 1.1.56.9119, Zeitstempel: 0x56a8ec36
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a69ec4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xd20
Startzeit der fehlerhaften Anwendung: 0xavira_de_av_56e31e2f28336__ws(2).exe0
Pfad der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws(2).exe1
Pfad des fehlerhaften Moduls: avira_de_av_56e31e2f28336__ws(2).exe2
Berichtskennung: avira_de_av_56e31e2f28336__ws(2).exe3

Error: (03/11/2016 08:50:37 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig


Systemfehler:
=============
Error: (03/12/2016 05:51:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/12/2016 05:42:17 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%303.

Error: (03/12/2016 05:42:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (03/12/2016 05:42:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Email-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (03/12/2016 05:42:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%5

Error: (03/12/2016 05:42:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (03/12/2016 05:42:07 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Planer" wurde mit folgendem dienstspezifischem Fehler beendet: %%305.

Error: (03/12/2016 05:41:11 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (03/12/2016 05:40:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/12/2016 05:40:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


==================== Speicherinformationen =========================== 

Prozessor: AMD Phenom(tm) II X4 965 Processor
Prozentuale Nutzung des RAM: 20%
Installierter physikalischer RAM: 8178.14 MB
Verfügbarer physikalischer RAM: 6514.63 MB
Summe virtueller Speicher: 14176.34 MB
Verfügbarer virtueller Speicher: 12310.61 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:8.68 GB) NTFS
Drive d: (Programme) (Fixed) (Total:833.85 GB) (Free:251.82 GB) NTFS
Drive e: (Safe) (Fixed) (Total:1863.01 GB) (Free:4.93 GB) NTFS
Drive f: (Daten) (Fixed) (Total:208.46 GB) (Free:12.35 GB) NTFS
Drive g: (Win7) (Fixed) (Total:97.56 GB) (Free:16.33 GB) NTFS
Drive h: (WinXP) (Fixed) (Total:24.41 GB) (Free:1.13 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive i: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: B45C1AEF)
Partition 2: (Active) - (Size=1863 GB) - (Type=05)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C68DC68D)
Partition 1: (Active) - (Size=24.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=208.5 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 90486699)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AFD27FD7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
__________________

Alt 13.03.2016, 12:28   #4
M-K-D-B
/// TB-Ausbilder
 
Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht - Standard

Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht



Servus,



Du hast da mindestens eine illegale/gecrackte Software auf deinem Rechner:
Adobe Photoshop


Lesestoff:
Illegale Software: Cracks, Keygens und Co

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter, wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

Alt 13.03.2016, 13:26   #5
shag48
 
Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht - Standard

Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht



Ok Matthias,

danke für den Hinweis. Ich habe es entfernt.

Wie jetzt weiter?
FRST wiederholen, oder alle Schritte aus dem vorherigen Post?


Alt 13.03.2016, 13:45   #6
M-K-D-B
/// TB-Ausbilder
 
Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht - Standard

Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht



Servus,



FRST neu bitte:
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.

Alt 13.03.2016, 13:55   #7
shag48
 
Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht - Standard

Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht



Hi,

hier die FRST:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von shag (Administrator) auf SHAG-PC (13-03-2016 13:52:45)
Gestartet von C:\Users\shag\Desktop
Geladene Profile: shag (Verfügbare Profile: shag & Coco)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) D:\Program Files (x86)\iRacing\iRacingService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Thrustmaster®) D:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(IvoSoft) C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7512680 2011-10-25] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-09] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\clientmon.exe" [X]
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {6734fc30-9002-11e2-851a-8c89a5c2e538} - K:\setup.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {ccf4559d-4ca0-11e4-b1b1-8c89a5c2e538} - K:\setup.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {ddc22528-591b-11e3-8b61-8c89a5c2e538} - L:\ting.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\Winlogon: [Shell] explorer.exe,"C:\Users\shag\AppData\Roaming\clientmon.exe" <==== ACHTUNG
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-30] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
IFEO\AvastSvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\AvastUI.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avcenter.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avconfig.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgidsagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgrsx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.ServiceHost.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.Systray.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.SystrayStartTrigger.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avp.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\bdagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\blindman.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ccuac.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ComboFix.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\egui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\gsam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\hijackthis.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\instup.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\keyscrambler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbampt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamservice.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mcapexe.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mcuicnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MSASCui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MsMpEng.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\msseces.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\rstrui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDFiles.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDMain.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDWinSec.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\spybotsd.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\update.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\wireshark.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\zlclient.exe: [Debugger] C:\Windows\System32\svchost.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-05-31]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{64956C90-8573-4570-AE9E-9C6059173262}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Session Restore: -> ist aktiviert.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-11] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\shag\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @talk.google.com/O1DPlugin -> C:\Users\shag\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @tools.google.com/Google Update;version=3 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @tools.google.com/Google Update;version=9 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\shag\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\shag\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Avira Browser Safety - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\abs@avira.com [2016-02-19]
FF Extension: leethax.net extension - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\leethax@leethax.net.xpi [2014-02-08] [ist nicht signiert]
FF Extension: Move Media Player - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\moveplayer@movenetworks.com [2013-03-18] [ist nicht signiert]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-03-18] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-15] [ist nicht signiert]
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-27]
CHR Extension: (Google Docs) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-27]
CHR Extension: (Google Drive) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-27]
CHR Extension: (Google-Suche) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Tabellen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-27]
CHR Extension: (Avira Browserschutz) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-07]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-27]
CHR Extension: (Google Mail) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-27]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]
S3 GalaxyClientService; D:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-11-13] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7220792 2016-02-11] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-09] (NVIDIA Corporation)
R2 iRacingService; D:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-12] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-09] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-09] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-28] (Electronic Arts)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145736 2013-08-15] (Nuance Communications, Inc.)
R2 tmInstall; d:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [45296 2014-07-22] (Thrustmaster®)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2013-12-19] (Advanced Micro Devices) [Datei ist nicht signiert]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2016-02-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 cancel; C:\Program Files (x86)\MSI\Super-Charger\cancel_64.sys [16184 2010-05-21] (Windows (R) Win 7 DDK provider)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [37248 2012-05-22] (Abelssoft GmbH)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [34528 2013-05-16] (Windows (R) Win 7 DDK provider)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-10-05] (Duplex Secure Ltd.)
S3 tmhidusb; C:\Windows\System32\DRIVERS\tmhidusb.sys [166640 2014-07-22] (Thrustmaster)
R2 zntport64; C:\EuCaSoft\zntport64.sys [13880 2007-12-22] (Zeal SoftStudio)
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 cpuz130; \??\C:\Users\shag\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 NTIOLib_1_0_4; \??\d:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\J:\NTIOLib_X64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-13 13:20 - 2016-03-13 13:20 - 00099384 _____ C:\Users\shag\AppData\Roaming\inst.exe
2016-03-13 13:20 - 2016-03-13 13:20 - 00082816 _____ (VSO Software) C:\Users\shag\AppData\Roaming\pcouffin.sys
2016-03-12 18:02 - 2016-03-01 16:25 - 03793920 _____ (IvoSoft) C:\Users\shag\AppData\Roaming\clientmon.exe
2016-03-12 17:54 - 2016-03-13 13:52 - 00058565 _____ C:\Users\shag\Desktop\Addition.txt
2016-03-12 17:54 - 2016-03-13 13:52 - 00022811 _____ C:\Users\shag\Desktop\FRST.txt
2016-03-12 17:52 - 2016-03-12 17:52 - 00005224 _____ C:\Users\shag\Desktop\JRT.txt
2016-03-12 17:51 - 2016-03-12 17:51 - 00000000 _RSHD C:\ProgramData\274335
2016-03-12 17:48 - 2016-03-12 17:48 - 01609216 _____ (Malwarebytes) C:\Users\shag\Desktop\JRT.exe
2016-03-12 17:39 - 2016-03-12 17:40 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-12 17:37 - 2016-03-12 17:35 - 01524224 _____ C:\Users\shag\Desktop\AdwCleaner_5.101.exe
2016-03-12 17:34 - 2016-03-12 17:52 - 00001625 _____ C:\ProgramData\XML
2016-03-12 17:34 - 2016-03-12 17:34 - 00002890 _____ C:\Users\shag\Desktop\Rkill.txt
2016-03-12 17:34 - 2016-03-12 17:34 - 00000000 ____D C:\Users\shag\Desktop\rkill
2016-03-12 17:34 - 2016-03-12 17:33 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\shag\Desktop\rkill.com
2016-03-11 21:55 - 2016-03-11 21:42 - 02374144 _____ (Farbar) C:\Users\shag\Desktop\FRST64.exe
2016-03-11 21:53 - 2016-03-13 13:52 - 00000000 ____D C:\FRST
2016-03-11 21:32 - 2016-03-11 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-03-11 21:31 - 2016-03-11 21:32 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-03-11 21:31 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-11 21:31 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-11 21:31 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-11 21:20 - 2016-03-11 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-05 12:03 - 2016-03-05 12:03 - 00000000 ____D C:\Users\shag\AppData\Roaming\cerasus.media
2016-03-01 21:22 - 2016-03-01 16:25 - 03793920 _____ (IvoSoft) C:\Windows\SysWOW64\clientmon.exe
2016-03-01 21:12 - 2016-03-13 13:23 - 00003362 _____ C:\Windows\System32\Tasks\Search Filter Host
2016-03-01 21:12 - 2016-03-01 21:12 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Lazy Bear Games
2016-03-01 21:11 - 2016-03-12 17:51 - 00000000 _RSHD C:\ProgramData\274435
2016-03-01 21:11 - 2016-03-11 21:47 - 00000000 ____D C:\Users\shag\AppData\Local\IIIQF
2016-03-01 21:11 - 2016-03-01 21:11 - 00000006 ____S C:\ProgramData\cfc4764f3bbfae7c2c155456e0ae08a61242b9ff
2016-03-01 21:11 - 2016-03-01 21:11 - 00000000 ____D C:\Users\shag\AppData\Roaming\Windows
2016-03-01 21:11 - 2016-03-01 21:11 - 00000000 ____D C:\ProgramData\mia2477.tmp
2016-03-01 19:55 - 2016-03-01 19:55 - 00000000 ____D C:\ProgramData\dbdata
2016-02-29 20:27 - 2016-02-29 22:37 - 00000000 ____D C:\Users\shag\AppData\Roaming\Factorio
2016-02-29 20:26 - 2016-02-29 20:26 - 00000936 _____ C:\Users\shag\Desktop\Factorio v0.9.8.lnk
2016-02-25 08:09 - 2016-02-25 08:09 - 00000801 _____ C:\Users\Public\Desktop\Passbild-Generator.lnk
2016-02-25 08:09 - 2016-02-25 08:09 - 00000000 ____D C:\Users\shag\AppData\Local\_3_
2016-02-25 08:09 - 2016-02-25 08:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passbild-Generator
2016-02-23 21:01 - 2016-02-23 20:59 - 00110176 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2016-02-23 20:59 - 2016-02-23 21:01 - 00000000 ____D C:\Users\shag\.oracle_jre_usage
2016-02-23 20:59 - 2016-02-23 20:59 - 00000000 ____D C:\Users\shag\AppData\Roaming\Sun
2016-02-23 20:58 - 2016-02-23 20:58 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Oracle
2016-02-23 20:17 - 2016-02-23 21:09 - 00000000 ____D C:\Users\shag\.litwrl
2016-02-21 11:59 - 2016-02-21 11:59 - 00000000 ____D C:\Users\shag\Documents\DyingLight
2016-02-19 18:50 - 2016-02-19 18:50 - 00000000 ____D C:\Users\shag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-12 16:22 - 2016-02-12 16:22 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Google

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-13 13:50 - 2013-08-25 19:14 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
2016-03-13 13:41 - 2013-05-14 20:49 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-13 13:31 - 2009-07-14 05:45 - 00022848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-13 13:31 - 2009-07-14 05:45 - 00022848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-13 13:30 - 2009-07-14 18:58 - 00699416 _____ C:\Windows\system32\perfh007.dat
2016-03-13 13:30 - 2009-07-14 18:58 - 00149556 _____ C:\Windows\system32\perfc007.dat
2016-03-13 13:30 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-13 13:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-13 13:23 - 2013-05-14 20:49 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-13 13:23 - 2013-03-18 19:28 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-13 13:23 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-13 13:20 - 2015-08-21 09:34 - 00000000 ____D C:\Users\shag\AppData\Roaming\SoundSpectrum
2016-03-13 13:20 - 2015-08-21 09:34 - 00000000 ____D C:\Program Files (x86)\SoundSpectrum
2016-03-13 13:20 - 2015-06-10 22:13 - 00007859 _____ C:\Users\shag\AppData\Roaming\pcouffin.cat
2016-03-13 13:20 - 2015-06-10 22:13 - 00000000 ____D C:\Users\shag\AppData\Roaming\Vso
2016-03-13 13:20 - 2015-06-10 22:13 - 00000000 ____D C:\Program Files (x86)\vso
2016-03-13 13:18 - 2013-03-19 20:07 - 00000000 ____D C:\Users\shag\AppData\Roaming\UseNeXT
2016-03-13 13:16 - 2013-03-23 01:14 - 00000000 ____D C:\Users\shag\AppData\Roaming\Broad Intelligence
2016-03-13 13:16 - 2013-03-21 23:24 - 00000000 ____D C:\Users\shag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-03-13 13:05 - 2015-06-19 16:54 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
2016-03-13 12:57 - 2013-04-18 20:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-13 12:05 - 2015-06-19 16:54 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
2016-03-12 19:50 - 2013-08-25 19:14 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
2016-03-12 01:14 - 2015-12-06 19:16 - 00000000 ____D C:\Users\shag\Desktop\Spiele
2016-03-12 01:11 - 2016-01-03 15:42 - 00000000 ____D C:\Users\shag\AppData\Local\CrashDumps
2016-03-12 01:11 - 2013-03-21 22:46 - 00000000 ____D C:\Users\shag\AppData\Roaming\vlc
2016-03-11 22:57 - 2013-04-18 20:08 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-11 22:57 - 2013-03-18 20:25 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-11 22:57 - 2013-03-18 20:25 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-11 21:49 - 2014-11-23 19:32 - 00000000 ____D C:\Users\shag\AppData\Local\My Games
2016-03-11 21:49 - 2013-03-30 23:41 - 00000000 ____D C:\Users\shag\Documents\My Games
2016-03-11 21:49 - 2013-03-18 19:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-11 21:48 - 2015-12-30 20:54 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-11 21:47 - 2015-09-30 22:11 - 00000000 ____D C:\Users\shag\AppData\Roaming\Atari
2016-03-11 21:46 - 2015-03-13 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-03-11 21:46 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-11 21:30 - 2014-07-25 20:28 - 00242786 _____ C:\Windows\ntbtlog.txt
2016-03-11 21:17 - 2013-03-18 19:16 - 00000000 ____D C:\Users\shag
2016-03-11 21:10 - 2015-10-03 09:12 - 00000000 ____D C:\Users\Coco
2016-03-11 21:10 - 2015-06-10 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-03-11 21:10 - 2015-05-15 10:42 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-11 21:10 - 2014-10-05 15:49 - 00000000 ____D C:\Users\shag\AppData\Roaming\FreeArc
2016-03-11 21:10 - 2014-08-07 21:41 - 00000000 ____D C:\Users\Besuch
2016-03-11 21:10 - 2014-07-27 20:34 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-11 21:10 - 2014-02-10 20:00 - 00000000 ____D C:\Users\shag\AppData\Roaming\Battle.net
2016-03-11 21:10 - 2013-03-18 20:25 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\ProgramData\Avira
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\Program Files (x86)\Avira
2016-03-11 21:10 - 2009-07-14 19:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-11 21:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-03-11 20:21 - 2014-02-10 20:00 - 00000000 ____D C:\Users\shag\AppData\Local\Battle.net
2016-03-11 13:20 - 2015-11-15 18:24 - 00033792 _____ C:\Users\shag\Desktop\Finanzen.xls
2016-03-08 16:41 - 2015-11-20 18:45 - 00000000 ____D C:\Users\shag\.gimp-2.8
2016-03-01 19:10 - 2013-03-18 20:30 - 00000000 ___RD C:\Users\shag\Dropbox
2016-03-01 19:10 - 2013-03-18 20:29 - 00000000 ____D C:\Users\shag\AppData\Roaming\Dropbox
2016-02-28 10:10 - 2013-05-02 20:29 - 00000000 ____D C:\ProgramData\Origin
2016-02-25 08:15 - 2015-10-15 19:41 - 00013405 _____ C:\Windows\BRRBCOM.INI
2016-02-24 16:09 - 2015-11-09 18:52 - 00000498 _____ C:\Users\shag\Desktop\Coco.txt
2016-02-23 21:03 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Oracle
2016-02-23 21:02 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-02-23 21:02 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-23 21:02 - 2013-09-03 20:26 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-23 21:02 - 2013-03-18 20:28 - 00000000 ____D C:\Program Files\Java
2016-02-23 20:59 - 2015-03-13 18:22 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-02-21 11:44 - 2014-12-05 21:30 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-21 11:44 - 2014-12-05 21:30 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-18 10:22 - 2013-07-24 17:53 - 00000000 ____D C:\ProgramData\Battle.net
2016-02-18 08:09 - 2013-04-02 21:33 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-02-15 21:54 - 2015-01-12 18:27 - 00000000 ____D C:\Users\shag\AppData\Roaming\Mp3tag

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-10-14 03:44 - 2013-10-14 03:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2016-03-12 18:02 - 2016-03-01 16:25 - 3793920 _____ (IvoSoft) C:\Users\shag\AppData\Roaming\clientmon.exe
2016-03-13 13:20 - 2016-03-13 13:20 - 0099384 _____ () C:\Users\shag\AppData\Roaming\inst.exe
2015-06-10 22:13 - 2016-03-13 13:20 - 0007859 _____ () C:\Users\shag\AppData\Roaming\pcouffin.cat
2015-06-10 22:13 - 2016-03-13 13:20 - 0001167 _____ () C:\Users\shag\AppData\Roaming\pcouffin.inf
2015-06-10 22:13 - 2016-03-13 13:20 - 0000055 _____ () C:\Users\shag\AppData\Roaming\pcouffin.log
2016-03-13 13:20 - 2016-03-13 13:20 - 0082816 _____ (VSO Software) C:\Users\shag\AppData\Roaming\pcouffin.sys
2014-10-05 15:03 - 2014-10-05 15:03 - 0004096 _____ (Microsoft) C:\Users\shag\AppData\Roaming\Microsoft\1.exe
2014-10-05 15:01 - 2014-11-23 18:21 - 0004096 _____ (Microsoft) C:\Users\shag\AppData\Roaming\Microsoft\Setupx.exe
2014-10-05 15:05 - 2014-10-05 15:10 - 0004096 _____ (Microsoft) C:\Users\shag\AppData\Roaming\Microsoft\svchost.exe
2013-06-04 20:34 - 2015-06-13 17:45 - 0014848 _____ () C:\Users\shag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-02 16:18 - 2015-06-02 16:21 - 0585728 _____ () C:\Users\shag\AppData\Local\file__0.localstorage
2015-11-20 18:47 - 2015-11-20 18:47 - 0000819 _____ () C:\Users\shag\AppData\Local\recently-used.xbel
2013-03-18 19:55 - 2015-05-27 19:39 - 0007649 _____ () C:\Users\shag\AppData\Local\resmon.resmoncfg
2016-03-01 21:11 - 2016-03-01 21:11 - 0000006 ____S () C:\ProgramData\cfc4764f3bbfae7c2c155456e0ae08a61242b9ff
2016-03-12 17:34 - 2016-03-12 17:52 - 0001625 _____ () C:\ProgramData\XML

Einige Dateien in TEMP:
====================
C:\Users\Besuch\AppData\Local\Temp\avgnt.exe
C:\Users\Coco\AppData\Local\Temp\avgnt.exe
C:\Users\shag\AppData\Local\Temp\avgnt.exe
C:\Users\shag\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl1ceez.dll
C:\Users\shag\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\shag\AppData\Local\Temp\nvStInst.exe
C:\Users\shag\AppData\Local\Temp\rldfw32_s18g.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s1hc.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s25k.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s2dg.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s2t0.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s3hs.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s5r0.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s6d8.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s6lg.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s6os.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_s90.dll
C:\Users\shag\AppData\Local\Temp\rldfw32_sl4.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s1ak.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s3lo.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s3rk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s4gk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s4lc.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s57o.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s58o.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s5kk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s5qk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s5ss.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s6gk.dll
C:\Users\shag\AppData\Local\Temp\rldfw64_s6og.dll
C:\Users\shag\AppData\Local\Temp\sqlite3.dll
C:\Users\shag\AppData\Local\Temp\svhost.exe
C:\Users\shag\AppData\Local\Temp\_is3AAF.exe
C:\Users\shag\AppData\Local\Temp\_is4481.exe
C:\Users\shag\AppData\Local\Temp\_isA517.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-03-12 15:55

==================== Ende von FRST.txt ============================
         
Hier die Addition:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von shag (2016-03-13 13:53:01)
Gestartet von C:\Users\shag\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-03-18 18:16:49)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2443269024-3109390385-3364977999-500 - Administrator - Disabled)
Coco (S-1-5-21-2443269024-3109390385-3364977999-1008 - Administrator - Enabled) => C:\Users\Coco
Gast (S-1-5-21-2443269024-3109390385-3364977999-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2443269024-3109390385-3364977999-1004 - Limited - Enabled)
shag (S-1-5-21-2443269024-3109390385-3364977999-1000 - Administrator - Enabled) => C:\Users\shag

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Age of Conan: Hyborian Adventures (HKLM-x32\...\Age of Conan_is1) (Version:  - Funcom)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Anno 2205 (HKLM-x32\...\Uplay Install 1253) (Version:  - Ubisoft)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Photo Commander 10 v.10.0.1 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.0.1 - Ashampoo GmbH & Co. KG)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2002861294.48.56.34082026 - Audible, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.141 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BDE Information Utility (HKLM-x32\...\BDE Information Utility) (Version:  - InterBase Installation Info (and BDE Information Utility))
Blender (HKLM\...\{BBE9D9F0-3F77-4E26-9E10-1AFB56D41363}) (Version: 2.76.0 - Blender Foundation)
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J5320DW (HKLM-x32\...\{7FC49664-DAA4-4E7C-ADD0-614ABB43691B}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.20.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.2.17437 - Landesfinanzdirektion Thüringen)
ElsterFormular 2006/2007 (HKLM-x32\...\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}) (Version: 8.2.1.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2007/2008 (HKLM-x32\...\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}) (Version: 9.2.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2008/2009 (HKLM-x32\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.0.0.0 - Steuerverwaltung des Bundes und der Länder)
EuCaSoft 4.4.0.4377 (HKLM-x32\...\EuCaSoft_is1) (Version:  - itas GmbH)
FFB Racing Wheel drivers (HKLM-x32\...\{28B758EA-5C83-48B1-B352-C70F12C73F5A}) (Version: 3.TTRS.2014 - Thrustmaster)
FreeArc 0.666 (HKLM-x32\...\FreeArc) (Version: 0.666 - Bulat Ziganshin)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge)
Geeks3D FurMark 1.13.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0512 - iRacing.com Motorsport Simulations)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java SE Development Kit 7 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Java SE Development Kit 8 Update 73 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180730}) (Version: 8.0.730.2 - Oracle Corporation)
JetDrive (HKLM-x32\...\JetDrive_is1) (Version: 6.11 - Abelssoft)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MechWarrior Online (HKLM-x32\...\{9f17023b-d04f-432b-b08a-3bb4c3a7ed3c}) (Version: 1.6.0.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.6.1.0 - Piranha Games Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mosaizer Pro v12.0 (HKLM-x32\...\Mosaizer Pro_is1) (Version: 12.0 - APP Helmond)
Mozilla Firefox 19.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 19.0.2 (x86 de)) (Version: 19.0.2 - Mozilla)
Mozilla Firefox 44.0.2 (x86 de) (HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 19.0.2 - Mozilla)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Next Car Game Free Technology Demo (HKLM-x32\...\Next Car Game Free Technology Demo) (Version:  - Bugbear Entertainment)
NoLimits 2 Demo (remove only) (HKLM\...\NoLimits 2 Demo) (Version:  - )
NoLimits Coasters 1.8 (remove only) (HKLM-x32\...\NoLimits Coasters full) (Version:  - )
Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Treiber 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Passbild-Generator v4.0a (HKLM-x32\...\Passbild-Generator_is1) (Version:  - Passbild-Generator)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Sentinel System Driver Installer 7.5.1 (HKLM-x32\...\{BF9E346B-5ECE-4A18-9510-55729FD08323}) (Version: 7.5.1 - SafeNet, Inc.)
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.0.115 - MSI)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.43148 - TeamViewer)
The Witcher 3: Wild Hunt - Alternative Look for Ciri (HKLM-x32\...\Alternative Look for Ciri_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Alternative Look for Triss (HKLM-x32\...\Alternative Look for Triss_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Alternative Look for Yennefer (HKLM-x32\...\Alternative Look for Yennefer_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Ballad Heroes - Neutral Gwent Card Set (HKLM-x32\...\Ballad Heroes - Neutral Gwent Card Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Elite Crossbow Set (HKLM-x32\...\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Finisher Animations (HKLM-x32\...\New Finisher Animations_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract - Skellige's Most Wanted (HKLM-x32\...\New Quest - Contract: Skellige's Most Wanted_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Fool's Gold (HKLM-x32\...\New Quest - Fool's Gold_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Scavenger Hunt - Wolf School Gear (HKLM-x32\...\New Quest - Scavenger Hunt: Wolf School Gear_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Where the Cat and Wolf Play... (HKLM-x32\...\New Quest - Where the Cat and Wolf Play..._is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Nilfgaardian Armor Set (HKLM-x32\...\Nilfgaardian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Skellige Armor Set (HKLM-x32\...\Skellige Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
War Thunder Launcher 1.0.1.278 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.116 - MSI)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> d:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {2DDE40A1-B5C9-4E30-B49A-056A855363D0} - System32\Tasks\Search Filter Host => C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.exe [2016-03-01] (IvoSoft)
Task: {5CDC7D13-A92F-4C6A-9037-DFA121DFEAA2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {6167180D-AC7E-4C68-8CC9-023DBC147E37} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {6EB11A62-09BE-4E9B-83D4-6A882DE1ED34} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {8497BBEE-475E-4265-AAA8-F224139C7BA0} - System32\Tasks\Super Charger => C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe [2011-07-06] (MSI)
Task: {C5C53FF5-B82F-4F17-AE3C-81D0F93E55D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DB2708DA-72B3-456B-A231-CAA7741EFF08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-11] (Adobe Systems Incorporated)
Task: {DBCDFCAF-D9E9-40F1-AF62-1F1C50B250EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {E4737B22-8F2C-4315-9743-9053915C8DBA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {EC19B7C3-4AAF-4DEF-9968-077FFE35F30A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {EC4FE598-9EC1-4664-A6F2-59D0338E59D0} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {F854E768-B92F-45F6-9F15-D807D339052F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-07-30 10:04 - 2015-12-16 15:53 - 00126072 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-30 20:54 - 2015-12-09 02:52 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-10-15 19:40 - 2005-04-22 05:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2013-05-31 20:12 - 2015-02-10 14:08 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
2013-03-18 19:24 - 2011-11-10 18:01 - 00506384 _____ () C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
2015-05-15 09:45 - 2015-12-09 02:53 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-05-31 20:12 - 2015-02-18 13:11 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2014-08-17 13:48 - 00001055 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1	acdid.acdsystems.com
127.0.0.1 activate.adobe.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\shag\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: Super-Charger => C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{6B1F38FA-F6F9-4ABD-B206-E8C90B977830}] => (Allow) C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B7325FFE-3ADA-4DA1-9DE8-3A2DCA7F5A3B}] => (Allow) C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{07D86DA9-61A3-47CB-B1A6-0513D4F06B65}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FDD9CBBE-0ABD-4667-9596-44E879C79778}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{86E3BE82-CA85-440E-B4B2-B2664B446D92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{11DDDDE2-F308-40AF-8D9D-0E2072E70150}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3163EBD-DDB7-4275-AC6D-8C732590173F}] => (Block) %ProgramFiles% (x86)\SQUARE ENIX\Tombraider\TombRaider.exe
FirewallRules: [TCP Query User{73C838EF-603A-4CF2-A23E-2041E1CFCD82}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{E71ACD03-DA48-431D-949F-BF986E2AC015}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [{4BBC53DD-4D5D-4C50-B909-22E10583A056}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{469D4751-7DFA-4A7C-B361-434CEB6A5A81}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{5BB1082F-2E2D-4EE6-944B-DC344AA5B470}C:\eucasoft\meta.exe] => (Allow) C:\eucasoft\meta.exe
FirewallRules: [UDP Query User{A2668BF5-70B4-4A1E-BDF8-5AB545E14AD3}C:\eucasoft\meta.exe] => (Allow) C:\eucasoft\meta.exe
FirewallRules: [TCP Query User{E3CEC154-48F6-4462-86A3-FA11B8C6E49A}C:\eucasoft\eucasoft.exe] => (Allow) C:\eucasoft\eucasoft.exe
FirewallRules: [UDP Query User{6ABB59E9-B8AC-4332-BD91-82B6FA02BCBC}C:\eucasoft\eucasoft.exe] => (Allow) C:\eucasoft\eucasoft.exe
FirewallRules: [TCP Query User{C38681B1-F9C5-4091-9454-BB9C91B9C217}C:\eucasoft\eucaprn.exe] => (Allow) C:\eucasoft\eucaprn.exe
FirewallRules: [UDP Query User{B68FAD45-EBB9-418D-9418-289EC845D24E}C:\eucasoft\eucaprn.exe] => (Allow) C:\eucasoft\eucaprn.exe
FirewallRules: [TCP Query User{3DC74B91-28FD-420E-AD76-7684D5631DE6}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [UDP Query User{E199CF05-61AE-482C-ADCD-46BC0D125AF6}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [TCP Query User{36345DBD-FF4D-463E-947F-2FB5E8F97CE1}E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe] => (Block) E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe
FirewallRules: [UDP Query User{3C8D0343-259F-44B4-9BF4-9116E1EDCF55}E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe] => (Block) E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe
FirewallRules: [TCP Query User{4A3487F5-0DF9-465C-859C-B2E3CB28767D}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{D243A6A0-89AA-47B7-8C5F-EE81A220C3CB}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{D746F088-F43E-4AD9-9FD0-782FFFF44266}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{C1409997-93DC-4B19-8C85-BE34ADE9EC79}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{BB497C68-00F8-4212-B457-64BD9CE73233}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{8D7CAD06-081F-4293-9AFA-A574B67C0766}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{68094F16-F5E3-4BFE-B7E7-0086A112EDFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1D18F698-41EF-4FF1-B72D-D7D764974717}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CF8BFAAF-E0E6-4FBE-9260-2B26188DFB50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{697C2CFB-27E5-4A1B-83B2-D908CF8D0F1F}D:\program files (x86)\rayman legends\rayman legends.exe] => (Block) D:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{4415CC36-28EC-477F-8CA5-84335AD7A691}D:\program files (x86)\rayman legends\rayman legends.exe] => (Block) D:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [{E3D7CB83-5E5C-47E5-8FE7-0E543DEF0773}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{763A8944-677E-40D8-A3BF-36F032CAE895}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DC6F0895-BCFA-477C-8FAA-6D8FAE970845}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{2527224D-47C0-479D-A667-612AF086AD65}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [TCP Query User{D6BCEDD8-4D78-4A28-8B5E-6D6A755083BE}D:\program files (x86)\warthunder\aces.exe] => (Allow) D:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{018EDE3C-20A5-4DEC-83DC-A0F4035CA4F3}D:\program files (x86)\warthunder\aces.exe] => (Allow) D:\program files (x86)\warthunder\aces.exe
FirewallRules: [{E89F95BB-3F00-4592-BF46-D7A0247E3238}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A453AEC4-A7B7-4DA7-B840-7087754DDBF5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AD67C548-8E7C-40B0-A74F-BA65ACD252C3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rush\rush.exe
FirewallRules: [{1B6D63C6-DF1F-46D9-944A-4534CF00CE52}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rush\rush.exe
FirewallRules: [{90FC0048-BB3C-42A3-838C-93D2305165A5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{D2515F04-7392-4710-8C0B-11C44D9D5051}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{7EAC378D-BC60-44E4-8D20-97726450695B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{CA140986-66FC-4FD1-BD7B-4C731BA13B0D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{E6B3BB6E-1BC0-4659-A1C4-0E907310097A}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A5024DE2-F094-4A6B-B3CE-205B577386AF}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{928EC490-B5EE-4BC5-B83D-0877319F5188}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{18A7466B-1BA1-4EBA-8E1D-2AF3988F32B8}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{596BBFE3-EC8B-41A2-896B-BFC6212DD615}] => (Allow) D:\Program Files (x86)\OriginGames\Dead Space\Dead Space.exe
FirewallRules: [{482F736C-0431-441B-892B-ADD6495FE0B5}] => (Allow) D:\Program Files (x86)\OriginGames\Dead Space\Dead Space.exe
FirewallRules: [TCP Query User{3AC563F9-56E0-4D00-AA38-E94904A971D9}D:\program files (x86)\valve\portal 2\portal2.exe] => (Block) D:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [UDP Query User{CE925544-FD60-47B6-9BB2-776A0331FDBA}D:\program files (x86)\valve\portal 2\portal2.exe] => (Block) D:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [TCP Query User{5B653E1C-7A11-48EC-9DBE-A5A6CB0BE297}D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{CFFFAA87-8C93-421C-9379-BEC740574581}D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [TCP Query User{6F9B727C-9EFD-4404-AA37-4AD93A12B836}D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe
FirewallRules: [UDP Query User{C2D99373-F636-44F6-95F8-91527CB4F5C9}D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe
FirewallRules: [TCP Query User{C542631D-D296-4DD5-A464-85B3CB755448}D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe] => (Block) D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe
FirewallRules: [UDP Query User{3EE0E562-25EE-4679-B1F2-206503432AD1}D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe] => (Block) D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe
FirewallRules: [TCP Query User{B78239F5-94BD-4F90-9F9B-BBE7B1F4F294}D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [UDP Query User{BAB1384F-46C8-4EA3-8AE8-F8FDC3DC2678}D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [{6A8DAA67-50D6-4693-9A05-E987BE0BC205}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{F1084AB7-A049-4C1E-A87E-69EA97D45F5A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [TCP Query User{10A90911-6943-486F-B637-EBF581F06F38}D:\program files (x86)\tera\tera-launcher.exe] => (Allow) D:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [UDP Query User{578E97A2-CE4F-4099-B0C8-66F332017191}D:\program files (x86)\tera\tera-launcher.exe] => (Allow) D:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [{66D14BBE-0EA6-415C-9ECD-21364CA004B2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{3E85FEBD-4AEB-45AF-BDAC-E6C9F4F5702D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{69287390-3691-457C-A38B-CC9337E9E2A5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{E7240E72-D750-43AC-91CA-09B8B47924DF}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{5FC65538-FA6D-49E2-89F9-6FCDEE0078BD}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{1D9830DA-43E2-45B8-BC15-4DB65EB7890C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{F600BCAF-ADBB-4F5D-B30B-9316781C151B}C:\users\shag\appdata\local\temp\gw2.exe] => (Allow) C:\users\shag\appdata\local\temp\gw2.exe
FirewallRules: [UDP Query User{41FA0A67-7849-47E9-8705-46E3EE198D57}C:\users\shag\appdata\local\temp\gw2.exe] => (Allow) C:\users\shag\appdata\local\temp\gw2.exe
FirewallRules: [TCP Query User{A3884C3A-1703-41EC-ABE3-45DD9E7CE962}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{78536A0E-367B-49EF-BC0A-2FA83E57D071}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{0F3E8BC1-14C2-481A-98AB-B244B4F084C5}D:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) D:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{BA93D511-5C13-403C-BFB6-40893AF03417}D:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) D:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [{EBFA0E67-670C-4DF3-A88E-B4A8DDF8AA98}] => (Allow) D:\Program Files (x86)\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [{C269B6F7-1883-40EB-B878-9EF8A9EB172E}] => (Allow) D:\Program Files (x86)\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [TCP Query User{D889D8F7-55CC-445A-8E3E-C0B52B5CDF93}D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Block) D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [UDP Query User{46EE6606-D08C-4C75-ACF2-6CEB161D465F}D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Block) D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [TCP Query User{52DC2877-88F2-42CC-A0CA-E3979AC92D06}D:\program files (x86)\ubisoft\driver san francisco\driver.exe] => (Block) D:\program files (x86)\ubisoft\driver san francisco\driver.exe
FirewallRules: [UDP Query User{4B4DB25B-416E-4147-A842-D107757F7375}D:\program files (x86)\ubisoft\driver san francisco\driver.exe] => (Block) D:\program files (x86)\ubisoft\driver san francisco\driver.exe
FirewallRules: [TCP Query User{65ADDC17-D41E-43CF-8F91-0D1A5E64D260}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [UDP Query User{4FCCBC6A-ECB2-4D49-A0C7-06AA70EDCD31}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [TCP Query User{4727CA4A-F3CF-4D4C-BE94-77013DB3E561}D:\gog games\oddworld - new 'n' tasty\nnt.exe] => (Block) D:\gog games\oddworld - new 'n' tasty\nnt.exe
FirewallRules: [UDP Query User{16F3CC54-81C2-4D68-AC5B-A5F110F39B09}D:\gog games\oddworld - new 'n' tasty\nnt.exe] => (Block) D:\gog games\oddworld - new 'n' tasty\nnt.exe
FirewallRules: [{1EDBCBD6-77FE-4354-AFC1-82B6EEF9C166}] => (Allow) d:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{E95D1DBC-A572-4898-977A-09355E2080D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B6D7FDC2-79E5-443F-B573-ADBE5AE02395}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CC4C363A-92C1-483D-A1F8-D8D10344E52C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{09E746F3-3FA8-46A1-8D39-D2FAA689C686}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{20DEB04C-991B-4CE0-BF6E-832CFE776471}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{318028F5-A87E-4579-9378-43E2C20672BB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{2E5D2FF7-7055-42A5-BA32-6F6F01B54240}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{AA87FFA5-9C61-4FAA-8885-C7C06558CA9F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{F99BA5FE-DD38-41F4-A72E-CE7D43AD47E6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{CBF93050-29C7-4CAA-9A0D-5ED1DD81E6EB}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{52E17C41-63A9-4BE2-8174-4167278F4903}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3BEA036E-82D0-4D77-920E-8482907A261F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{5EA49FF2-A58C-43FF-A927-0A95BC6FCD49}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{60D3597B-38BF-4726-B37B-D84C6033C47A}] => (Allow) D:\Program Files (x86)\OriginGames\SimCity\SimCity\SimCity.exe
FirewallRules: [{FF9D86C5-9E1C-4141-A59B-AAA7CF001273}] => (Allow) D:\Program Files (x86)\OriginGames\SimCity\SimCity\SimCity.exe
FirewallRules: [{0EA73370-3A10-4766-A12F-38F0627859C8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F72DC3C7-0503-41A5-9041-0B676C1641F6}] => (Allow) d:\Program Files (x86)\Brother\Brmfl14e\FAXRX.EXE
FirewallRules: [{2DEEF5AC-1862-4BFF-85D2-38570B129251}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{28C6BC4A-6416-4AB8-9D95-58BFF751A037}D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Block) D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
FirewallRules: [UDP Query User{A3AB2A72-C4C0-4F06-A7EE-35C0A00F8240}D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Block) D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
FirewallRules: [TCP Query User{148864F7-C1E4-43C7-8550-2BD665282F51}D:\program files (x86)\the beginner's guide\beginnersguide.exe] => (Block) D:\program files (x86)\the beginner's guide\beginnersguide.exe
FirewallRules: [UDP Query User{C2EF76C4-BCF3-48FB-B86F-7B9BA0048225}D:\program files (x86)\the beginner's guide\beginnersguide.exe] => (Block) D:\program files (x86)\the beginner's guide\beginnersguide.exe
FirewallRules: [{8D43ABC5-5B12-4069-A956-405E2BDADA0D}] => (Allow) C:\Program Files (x86)\Ubisoft\Anno 2205\Bin\Win64\Anno2205.exe
FirewallRules: [TCP Query User{94CB0C90-4707-4792-A2D5-C25AF29D2469}D:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) D:\program files (x86)\funcom\age of conan\conanpatcher.exe
FirewallRules: [UDP Query User{97F8F9D2-7879-4A76-8105-5F4D34C015FA}D:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) D:\program files (x86)\funcom\age of conan\conanpatcher.exe
FirewallRules: [TCP Query User{99C24D58-9BFA-4554-9E71-00D636CD7E73}D:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconan.exe
FirewallRules: [UDP Query User{4047640F-E7E9-40FE-BA37-92EA829E5E29}D:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconan.exe
FirewallRules: [TCP Query User{427ECFE4-217A-4173-992A-9C438892908B}D:\program files (x86)\funcom\age of conan\ageofconandx10.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconandx10.exe
FirewallRules: [UDP Query User{156CF8DA-5855-45EC-BB9D-FF170F6A355E}D:\program files (x86)\funcom\age of conan\ageofconandx10.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconandx10.exe
FirewallRules: [{64B10E9D-6428-4CFA-90EB-011BF57188B4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{703D5913-0510-4C51-8CD3-10C7E1EA0EE6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A37ABBA-07A0-432C-BCD4-096215DA9189}] => (Allow) D:\Program Files\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{9794E91D-9859-47DE-B442-972C8D67A12B}] => (Allow) D:\Program Files\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{E3EB6327-951D-427C-962D-A9D15D80D3BC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{056185A1-5BA0-4BD6-A258-82BA88A67103}D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe] => (Block) D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe
FirewallRules: [UDP Query User{0E5A04DE-1325-45DA-9DA5-912070B8C4F0}D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe] => (Block) D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe

==================== Wiederherstellungspunkte =========================

14-02-2013 01:40:44 Windows Update
14-02-2013 03:00:19 Windows Update
17-03-2013 17:59:43 Removed Java(TM) 6 Update 39
17-03-2013 18:02:58 Installed Java 7 Update 17
17-03-2013 18:20:27 Windows Update
11-03-2016 21:47:57 Removed RollerCoaster Tycoon® 3
12-03-2016 17:51:16 JRT Pre-Junkware Removal
13-03-2016 12:42:33 Removed Adobe Photoshop Lightroom 4.4 64-bit.
13-03-2016 13:17:48 Entfernt Railroad Tycoon 3
13-03-2016 13:19:16 Voodoo Chronicles wurde entfernt.

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: AODDriver4.01
Description: AODDriver4.01
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.01
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/13/2016 01:23:23 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/13/2016 09:54:38 AM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/12/2016 05:42:08 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/12/2016 02:37:45 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/12/2016 01:11:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a6a196
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ac04
ID des fehlerhaften Prozesses: 0x1210
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (03/12/2016 12:11:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a6a196
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ac04
ID des fehlerhaften Prozesses: 0xefc
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (03/11/2016 09:48:36 PM) (Source: MsiInstaller) (EventID: 1024) (User: shag-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F0A4E5C00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (03/11/2016 09:35:59 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/11/2016 09:18:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws.exe, Version: 1.1.56.9119, Zeitstempel: 0x56a8ec36
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a69ec4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x16c4
Startzeit der fehlerhaften Anwendung: 0xavira_de_av_56e31e2f28336__ws.exe0
Pfad der fehlerhaften Anwendung: avira_de_av_56e31e2f28336__ws.exe1
Pfad des fehlerhaften Moduls: avira_de_av_56e31e2f28336__ws.exe2
Berichtskennung: avira_de_av_56e31e2f28336__ws.exe3

Error: (03/11/2016 09:17:18 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig


Systemfehler:
=============
Error: (03/13/2016 01:23:33 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%303.

Error: (03/13/2016 01:23:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (03/13/2016 01:23:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Email-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (03/13/2016 01:23:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (03/13/2016 01:23:22 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Planer" wurde mit folgendem dienstspezifischem Fehler beendet: %%305.

Error: (03/13/2016 09:54:48 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%303.

Error: (03/13/2016 09:54:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (03/13/2016 09:54:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Email-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (03/13/2016 09:54:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (03/13/2016 09:54:37 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Planer" wurde mit folgendem dienstspezifischem Fehler beendet: %%305.


==================== Speicherinformationen =========================== 

Prozessor: AMD Phenom(tm) II X4 965 Processor
Prozentuale Nutzung des RAM: 32%
Installierter physikalischer RAM: 8178.14 MB
Verfügbarer physikalischer RAM: 5549.96 MB
Summe virtueller Speicher: 14176.34 MB
Verfügbarer virtueller Speicher: 11668.89 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:9.71 GB) NTFS
Drive d: (Programme) (Fixed) (Total:833.85 GB) (Free:259.51 GB) NTFS
Drive e: (Safe) (Fixed) (Total:1863.01 GB) (Free:4.93 GB) NTFS
Drive f: (Daten) (Fixed) (Total:208.46 GB) (Free:12.35 GB) NTFS
Drive g: (Win7) (Fixed) (Total:97.56 GB) (Free:16.33 GB) NTFS
Drive h: (WinXP) (Fixed) (Total:24.41 GB) (Free:1.13 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive i: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: B45C1AEF)
Partition 2: (Active) - (Size=1863 GB) - (Type=05)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C68DC68D)
Partition 1: (Active) - (Size=24.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=208.5 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 90486699)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AFD27FD7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

Alt 14.03.2016, 06:55   #8
M-K-D-B
/// TB-Ausbilder
 
Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht - Standard

Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht



Servus,




Schritt x
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
C:\Windows\system32\Drivers\etc\hosts
Hosts:
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\clientmon.exe" [X]
IFEO\AvastSvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\AvastUI.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avcenter.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avconfig.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgidsagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgrsx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.ServiceHost.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.Systray.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.SystrayStartTrigger.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avp.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\bdagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\blindman.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ccuac.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ComboFix.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\egui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\gsam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\hijackthis.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\instup.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\keyscrambler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbampt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamservice.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mcapexe.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mcuicnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MSASCui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MsMpEng.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\msseces.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\rstrui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDFiles.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDMain.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDWinSec.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\spybotsd.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\update.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\wireshark.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\zlclient.exe: [Debugger] C:\Windows\System32\svchost.exe
Unlock: C:\ProgramData\274335
C:\ProgramData\274335
C:\Users\shag\AppData\Local\IIIQF
C:\ProgramData\cfc4764f3bbfae7c2c155456e0ae08a61242b9ff
C:\ProgramData\mia2477.tmp
C:\Users\shag\AppData\Roaming\Microsoft\svchost.exe
C:\Users\shag\AppData\Roaming\Microsoft\Setupx.exe
C:\Users\shag\AppData\Roaming\Microsoft\1.exe
C:\Users\shag\AppData\Roaming\inst.exe
Folder: C:\Users\shag\AppData\Roaming\Windows 
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.









Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST.

Alt 14.03.2016, 19:28   #9
shag48
 
Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht - Standard

Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht



Schritt 1 - Fixlog.txt
Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von shag (2016-03-14 18:17:25) Run:1
Gestartet von C:\Users\shag\Desktop
Geladene Profile: shag (Verfügbare Profile: shag & Coco)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
C:\Windows\system32\Drivers\etc\hosts
Hosts:
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\clientmon.exe" [X]
IFEO\AvastSvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\AvastUI.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avcenter.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avconfig.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgidsagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgrsx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.ServiceHost.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.Systray.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\Avira.SystrayStartTrigger.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avp.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\bdagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\blindman.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ccuac.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ComboFix.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\egui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\gsam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\hijackthis.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\instup.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\keyscrambler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbampt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamservice.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mcapexe.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mcuicnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MSASCui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MsMpEng.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\msseces.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\rstrui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDFiles.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDMain.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDWinSec.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\spybotsd.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\update.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\wireshark.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\zlclient.exe: [Debugger] C:\Windows\System32\svchost.exe
Unlock: C:\ProgramData\274335
C:\ProgramData\274335
C:\Users\shag\AppData\Local\IIIQF
C:\ProgramData\cfc4764f3bbfae7c2c155456e0ae08a61242b9ff
C:\ProgramData\mia2477.tmp
C:\Users\shag\AppData\Roaming\Microsoft\svchost.exe
C:\Users\shag\AppData\Roaming\Microsoft\Setupx.exe
C:\Users\shag\AppData\Roaming\Microsoft\1.exe
C:\Users\shag\AppData\Roaming\inst.exe
Folder: C:\Users\shag\AppData\Roaming\Windows 
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         
*****************

Prozess erfolgreich geschlossen.
C:\Windows\system32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Wert erfolgreich wiederhergestellt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Avira.ServiceHost.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Avira.Systray.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Avira.SystrayStartTrigger.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\blindman.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\gsam.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mcapexe.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mcuicnt.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDFiles.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDMain.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDWinSec.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\update.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe" => Schlüssel erfolgreich entfernt
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe" => Schlüssel erfolgreich entfernt
"C:\ProgramData\274335" => wurde entsperrt
C:\ProgramData\274335 => erfolgreich verschoben
C:\Users\shag\AppData\Local\IIIQF => erfolgreich verschoben
C:\ProgramData\cfc4764f3bbfae7c2c155456e0ae08a61242b9ff => erfolgreich verschoben
C:\ProgramData\mia2477.tmp => erfolgreich verschoben
C:\Users\shag\AppData\Roaming\Microsoft\svchost.exe => erfolgreich verschoben
C:\Users\shag\AppData\Roaming\Microsoft\Setupx.exe => erfolgreich verschoben
C:\Users\shag\AppData\Roaming\Microsoft\1.exe => erfolgreich verschoben
C:\Users\shag\AppData\Roaming\inst.exe => erfolgreich verschoben

========================= Folder: C:\Users\shag\AppData\Roaming\Windows ========================

2016-03-01 21:11 - 2016-03-01 21:11 - 0000000 ____D () C:\Users\shag\AppData\Roaming\Windows\Applications
2016-03-01 21:11 - 2016-03-11 21:10 - 0000000 ____D () C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex
2016-03-01 21:11 - 2016-03-01 21:11 - 0352218 _____ () C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.7z
2016-03-01 21:11 - 2016-03-01 16:25 - 3793920 _____ (IvoSoft) C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.exe

====== Ende von Folder: ======


========= RemoveProxy: =========

HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


=========  ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl�sungscache wurde geleert.

========= Ende von CMD: =========


=========  netsh winsock reset =========


Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.


========= Ende von CMD: =========

EmptyTemp: => 2.8 GB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 18:17:47 ====
         
Schritt 2 - AdwCleaner:
Code:
ATTFilter
# AdwCleaner v5.101 - Bericht erstellt am 14/03/2016 um 18:22:56
# Aktualisiert am 07/03/2016 von Xplode
# Datenbank : 2016-03-14.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : shag - SHAG-PC
# Gestartet von : C:\Users\shag\Desktop\AdwCleaner_5.101.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****


*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2429 Bytes] - [12/03/2016 17:40:41]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C2].txt - [984 Bytes] - [14/03/2016 18:22:56]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [2062 Bytes] - [12/03/2016 17:39:31]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [1043 Bytes] - [14/03/2016 18:21:56]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C2].txt - [1262 Bytes] ##########
         
Schritt 3 - Malwarebytes.
Geht immer noch nicht.
War schon installiert bei mir. Lässt sich aber nicht starten.
Deinstallieren und neu installieren funktioniert nicht.
Fehlermeldung bei Installation: Interner Fehler: Expression error 'Runtime Error (at112:109): (muss sehr oft weggeklickt werden).
Dann kommt noch die Fehlermeldung: CreateFile schlug fehl; Code 80. Die Datei ist vorhanden.

Schritt 4 - FRST
FRST.txt
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von shag (Administrator) auf SHAG-PC (14-03-2016 18:37:24)
Gestartet von C:\Users\shag\Desktop
Geladene Profile: shag (Verfügbare Profile: shag & Coco)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) D:\Program Files (x86)\iRacing\iRacingService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Thrustmaster®) D:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\agcp.exe
(IvoSoft) C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7512680 2011-10-25] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-09] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {6734fc30-9002-11e2-851a-8c89a5c2e538} - K:\setup.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {ccf4559d-4ca0-11e4-b1b1-8c89a5c2e538} - K:\setup.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\MountPoints2: {ddc22528-591b-11e3-8b61-8c89a5c2e538} - L:\ting.exe
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\Winlogon: [Shell] explorer.exe,"C:\Users\shag\AppData\Roaming\clientmon.exe" <==== ACHTUNG
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-30] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-05-31]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{64956C90-8573-4570-AE9E-9C6059173262}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Session Restore: -> ist aktiviert.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-11] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\shag\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @talk.google.com/O1DPlugin -> C:\Users\shag\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @tools.google.com/Google Update;version=3 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2443269024-3109390385-3364977999-1000: @tools.google.com/Google Update;version=9 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\shag\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\shag\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Avira Browser Safety - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\abs@avira.com [2016-02-19]
FF Extension: leethax.net extension - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\leethax@leethax.net.xpi [2014-02-08] [ist nicht signiert]
FF Extension: Move Media Player - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\moveplayer@movenetworks.com [2013-03-18] [ist nicht signiert]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-03-18] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-15] [ist nicht signiert]
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-27]
CHR Extension: (Google Docs) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-27]
CHR Extension: (Google Drive) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-27]
CHR Extension: (Google-Suche) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Tabellen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-27]
CHR Extension: (Avira Browserschutz) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-07]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-27]
CHR Extension: (Google Mail) - C:\Users\shag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-27]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [0 ] (Avira Operations GmbH & Co. KG) <==== ACHTUNG (Null Byte Datei/Ordner)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]
S3 GalaxyClientService; D:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-11-13] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7220792 2016-02-11] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-09] (NVIDIA Corporation)
R2 iRacingService; D:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-12] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-09] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-09] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-28] (Electronic Arts)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145736 2013-08-15] (Nuance Communications, Inc.)
R2 tmInstall; d:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [45296 2014-07-22] (Thrustmaster®)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2013-12-19] (Advanced Micro Devices) [Datei ist nicht signiert]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2016-02-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 cancel; C:\Program Files (x86)\MSI\Super-Charger\cancel_64.sys [16184 2010-05-21] (Windows (R) Win 7 DDK provider)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [37248 2012-05-22] (Abelssoft GmbH)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [34528 2013-05-16] (Windows (R) Win 7 DDK provider)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-10-05] (Duplex Secure Ltd.)
S3 tmhidusb; C:\Windows\System32\DRIVERS\tmhidusb.sys [166640 2014-07-22] (Thrustmaster)
R2 zntport64; C:\EuCaSoft\zntport64.sys [13880 2007-12-22] (Zeal SoftStudio)
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 cpuz130; \??\C:\Users\shag\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 NTIOLib_1_0_4; \??\d:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\J:\NTIOLib_X64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-14 18:19 - 2016-03-14 18:19 - 00000000 ____D C:\ProgramData\274335
2016-03-14 18:17 - 2016-03-14 18:17 - 00011543 _____ C:\Users\shag\Desktop\Fixlog.txt
2016-03-13 13:20 - 2016-03-13 13:20 - 00082816 _____ (VSO Software) C:\Users\shag\AppData\Roaming\pcouffin.sys
2016-03-12 18:02 - 2016-03-01 16:25 - 03793920 _____ (IvoSoft) C:\Users\shag\AppData\Roaming\clientmon.exe
2016-03-12 17:54 - 2016-03-14 18:37 - 00020172 _____ C:\Users\shag\Desktop\FRST.txt
2016-03-12 17:54 - 2016-03-13 13:53 - 00058472 _____ C:\Users\shag\Desktop\Addition.txt
2016-03-12 17:52 - 2016-03-12 17:52 - 00005224 _____ C:\Users\shag\Desktop\JRT.txt
2016-03-12 17:48 - 2016-03-12 17:48 - 01609216 _____ (Malwarebytes) C:\Users\shag\Desktop\JRT.exe
2016-03-12 17:39 - 2016-03-14 18:22 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-12 17:37 - 2016-03-14 18:21 - 01524224 _____ C:\Users\shag\Desktop\AdwCleaner_5.101.exe
2016-03-12 17:34 - 2016-03-12 17:52 - 00001625 _____ C:\ProgramData\XML
2016-03-12 17:34 - 2016-03-12 17:34 - 00002890 _____ C:\Users\shag\Desktop\Rkill.txt
2016-03-12 17:34 - 2016-03-12 17:34 - 00000000 ____D C:\Users\shag\Desktop\rkill
2016-03-12 17:34 - 2016-03-12 17:33 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\shag\Desktop\rkill.com
2016-03-11 21:55 - 2016-03-11 21:42 - 02374144 _____ (Farbar) C:\Users\shag\Desktop\FRST64.exe
2016-03-11 21:53 - 2016-03-14 18:37 - 00000000 ____D C:\FRST
2016-03-11 21:32 - 2016-03-11 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-03-11 21:31 - 2016-03-11 21:32 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-03-11 21:31 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-11 21:31 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-11 21:31 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-11 21:20 - 2016-03-11 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-05 12:03 - 2016-03-05 12:03 - 00000000 ____D C:\Users\shag\AppData\Roaming\cerasus.media
2016-03-01 21:22 - 2016-03-01 16:25 - 03793920 _____ (IvoSoft) C:\Windows\SysWOW64\clientmon.exe
2016-03-01 21:12 - 2016-03-14 18:30 - 00003362 _____ C:\Windows\System32\Tasks\Search Filter Host
2016-03-01 21:12 - 2016-03-01 21:12 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Lazy Bear Games
2016-03-01 21:11 - 2016-03-12 17:51 - 00000000 _RSHD C:\ProgramData\274435
2016-03-01 21:11 - 2016-03-01 21:11 - 00000000 ____D C:\Users\shag\AppData\Roaming\Windows
2016-03-01 19:55 - 2016-03-01 19:55 - 00000000 ____D C:\ProgramData\dbdata
2016-02-29 20:27 - 2016-02-29 22:37 - 00000000 ____D C:\Users\shag\AppData\Roaming\Factorio
2016-02-29 20:26 - 2016-02-29 20:26 - 00000936 _____ C:\Users\shag\Desktop\Factorio v0.9.8.lnk
2016-02-25 08:09 - 2016-02-25 08:09 - 00000801 _____ C:\Users\Public\Desktop\Passbild-Generator.lnk
2016-02-25 08:09 - 2016-02-25 08:09 - 00000000 ____D C:\Users\shag\AppData\Local\_3_
2016-02-25 08:09 - 2016-02-25 08:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passbild-Generator
2016-02-23 21:01 - 2016-02-23 20:59 - 00110176 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2016-02-23 20:59 - 2016-02-23 21:01 - 00000000 ____D C:\Users\shag\.oracle_jre_usage
2016-02-23 20:59 - 2016-02-23 20:59 - 00000000 ____D C:\Users\shag\AppData\Roaming\Sun
2016-02-23 20:58 - 2016-02-23 20:58 - 00000000 ____D C:\Users\shag\AppData\LocalLow\Oracle
2016-02-23 20:17 - 2016-02-23 21:09 - 00000000 ____D C:\Users\shag\.litwrl
2016-02-21 11:59 - 2016-02-21 11:59 - 00000000 ____D C:\Users\shag\Documents\DyingLight
2016-02-19 18:50 - 2016-02-19 18:50 - 00000000 ____D C:\Users\shag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-14 18:35 - 2009-07-14 05:45 - 00022848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-14 18:35 - 2009-07-14 05:45 - 00022848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-14 18:34 - 2016-01-03 15:42 - 00000000 ____D C:\Users\shag\AppData\Local\CrashDumps
2016-03-14 18:30 - 2013-05-14 20:49 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-14 18:30 - 2009-07-14 18:58 - 00699416 _____ C:\Windows\system32\perfh007.dat
2016-03-14 18:30 - 2009-07-14 18:58 - 00149556 _____ C:\Windows\system32\perfc007.dat
2016-03-14 18:30 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-14 18:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-14 18:23 - 2013-03-18 19:28 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-14 18:23 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-14 18:05 - 2015-06-19 16:54 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
2016-03-14 17:57 - 2013-04-18 20:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-14 17:50 - 2013-08-25 19:14 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
2016-03-14 17:41 - 2013-05-14 20:49 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-13 19:50 - 2013-08-25 19:14 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
2016-03-13 16:46 - 2013-03-21 22:46 - 00000000 ____D C:\Users\shag\AppData\Roaming\vlc
2016-03-13 15:04 - 2015-12-06 19:16 - 00000000 ____D C:\Users\shag\Desktop\Spiele
2016-03-13 13:20 - 2015-08-21 09:34 - 00000000 ____D C:\Users\shag\AppData\Roaming\SoundSpectrum
2016-03-13 13:20 - 2015-08-21 09:34 - 00000000 ____D C:\Program Files (x86)\SoundSpectrum
2016-03-13 13:20 - 2015-06-10 22:13 - 00007859 _____ C:\Users\shag\AppData\Roaming\pcouffin.cat
2016-03-13 13:20 - 2015-06-10 22:13 - 00000000 ____D C:\Users\shag\AppData\Roaming\Vso
2016-03-13 13:20 - 2015-06-10 22:13 - 00000000 ____D C:\Program Files (x86)\vso
2016-03-13 13:18 - 2013-03-19 20:07 - 00000000 ____D C:\Users\shag\AppData\Roaming\UseNeXT
2016-03-13 13:16 - 2013-03-23 01:14 - 00000000 ____D C:\Users\shag\AppData\Roaming\Broad Intelligence
2016-03-13 13:16 - 2013-03-21 23:24 - 00000000 ____D C:\Users\shag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-03-13 12:05 - 2015-06-19 16:54 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
2016-03-11 22:57 - 2013-04-18 20:08 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-11 22:57 - 2013-03-18 20:25 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-11 22:57 - 2013-03-18 20:25 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-11 21:49 - 2014-11-23 19:32 - 00000000 ____D C:\Users\shag\AppData\Local\My Games
2016-03-11 21:49 - 2013-03-30 23:41 - 00000000 ____D C:\Users\shag\Documents\My Games
2016-03-11 21:49 - 2013-03-18 19:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-11 21:48 - 2015-12-30 20:54 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-11 21:47 - 2015-09-30 22:11 - 00000000 ____D C:\Users\shag\AppData\Roaming\Atari
2016-03-11 21:46 - 2015-03-13 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-03-11 21:46 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-11 21:30 - 2014-07-25 20:28 - 00242786 _____ C:\Windows\ntbtlog.txt
2016-03-11 21:17 - 2013-03-18 19:16 - 00000000 ____D C:\Users\shag
2016-03-11 21:10 - 2015-10-03 09:12 - 00000000 ____D C:\Users\Coco
2016-03-11 21:10 - 2015-06-10 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-03-11 21:10 - 2015-05-15 10:42 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-11 21:10 - 2014-10-05 15:49 - 00000000 ____D C:\Users\shag\AppData\Roaming\FreeArc
2016-03-11 21:10 - 2014-08-07 21:41 - 00000000 ____D C:\Users\Besuch
2016-03-11 21:10 - 2014-07-27 20:34 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-11 21:10 - 2014-02-10 20:00 - 00000000 ____D C:\Users\shag\AppData\Roaming\Battle.net
2016-03-11 21:10 - 2013-03-18 20:25 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\ProgramData\Avira
2016-03-11 21:10 - 2013-03-18 20:22 - 00000000 ____D C:\Program Files (x86)\Avira
2016-03-11 21:10 - 2009-07-14 19:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-11 21:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-03-11 20:21 - 2014-02-10 20:00 - 00000000 ____D C:\Users\shag\AppData\Local\Battle.net
2016-03-11 13:20 - 2015-11-15 18:24 - 00033792 _____ C:\Users\shag\Desktop\Finanzen.xls
2016-03-08 16:41 - 2015-11-20 18:45 - 00000000 ____D C:\Users\shag\.gimp-2.8
2016-03-01 19:10 - 2013-03-18 20:30 - 00000000 ___RD C:\Users\shag\Dropbox
2016-03-01 19:10 - 2013-03-18 20:29 - 00000000 ____D C:\Users\shag\AppData\Roaming\Dropbox
2016-02-28 10:10 - 2013-05-02 20:29 - 00000000 ____D C:\ProgramData\Origin
2016-02-25 08:15 - 2015-10-15 19:41 - 00013405 _____ C:\Windows\BRRBCOM.INI
2016-02-24 16:09 - 2015-11-09 18:52 - 00000498 _____ C:\Users\shag\Desktop\Coco.txt
2016-02-23 21:03 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Oracle
2016-02-23 21:02 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-02-23 21:02 - 2013-10-28 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-23 21:02 - 2013-09-03 20:26 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-23 21:02 - 2013-03-18 20:28 - 00000000 ____D C:\Program Files\Java
2016-02-23 20:59 - 2015-03-13 18:22 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-02-21 11:44 - 2014-12-05 21:30 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-21 11:44 - 2014-12-05 21:30 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-18 10:22 - 2013-07-24 17:53 - 00000000 ____D C:\ProgramData\Battle.net
2016-02-18 08:09 - 2013-04-02 21:33 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-02-15 21:54 - 2015-01-12 18:27 - 00000000 ____D C:\Users\shag\AppData\Roaming\Mp3tag

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-10-14 03:44 - 2013-10-14 03:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2016-03-12 18:02 - 2016-03-01 16:25 - 3793920 _____ (IvoSoft) C:\Users\shag\AppData\Roaming\clientmon.exe
2015-06-10 22:13 - 2016-03-13 13:20 - 0007859 _____ () C:\Users\shag\AppData\Roaming\pcouffin.cat
2015-06-10 22:13 - 2016-03-13 13:20 - 0001167 _____ () C:\Users\shag\AppData\Roaming\pcouffin.inf
2015-06-10 22:13 - 2016-03-13 13:20 - 0000055 _____ () C:\Users\shag\AppData\Roaming\pcouffin.log
2016-03-13 13:20 - 2016-03-13 13:20 - 0082816 _____ (VSO Software) C:\Users\shag\AppData\Roaming\pcouffin.sys
2013-06-04 20:34 - 2015-06-13 17:45 - 0014848 _____ () C:\Users\shag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-02 16:18 - 2015-06-02 16:21 - 0585728 _____ () C:\Users\shag\AppData\Local\file__0.localstorage
2015-11-20 18:47 - 2015-11-20 18:47 - 0000819 _____ () C:\Users\shag\AppData\Local\recently-used.xbel
2013-03-18 19:55 - 2015-05-27 19:39 - 0007649 _____ () C:\Users\shag\AppData\Local\resmon.resmoncfg
2016-03-12 17:34 - 2016-03-12 17:52 - 0001625 _____ () C:\ProgramData\XML

Einige Dateien in TEMP:
====================
C:\Users\shag\AppData\Local\Temp\sqlite3.dll
C:\Users\shag\AppData\Local\Temp\svhost.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-03-12 15:55

==================== Ende von FRST.txt ============================
         
Addition.txt
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von shag (2016-03-14 18:37:43)
Gestartet von C:\Users\shag\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-03-18 18:16:49)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2443269024-3109390385-3364977999-500 - Administrator - Disabled)
Coco (S-1-5-21-2443269024-3109390385-3364977999-1008 - Administrator - Enabled) => C:\Users\Coco
Gast (S-1-5-21-2443269024-3109390385-3364977999-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2443269024-3109390385-3364977999-1004 - Limited - Enabled)
shag (S-1-5-21-2443269024-3109390385-3364977999-1000 - Administrator - Enabled) => C:\Users\shag

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Age of Conan: Hyborian Adventures (HKLM-x32\...\Age of Conan_is1) (Version:  - Funcom)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Anno 2205 (HKLM-x32\...\Uplay Install 1253) (Version:  - Ubisoft)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Photo Commander 10 v.10.0.1 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.0.1 - Ashampoo GmbH & Co. KG)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2002861294.48.56.34082026 - Audible, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.141 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BDE Information Utility (HKLM-x32\...\BDE Information Utility) (Version:  - InterBase Installation Info (and BDE Information Utility))
Blender (HKLM\...\{BBE9D9F0-3F77-4E26-9E10-1AFB56D41363}) (Version: 2.76.0 - Blender Foundation)
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J5320DW (HKLM-x32\...\{7FC49664-DAA4-4E7C-ADD0-614ABB43691B}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.20.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.2.17437 - Landesfinanzdirektion Thüringen)
ElsterFormular 2006/2007 (HKLM-x32\...\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}) (Version: 8.2.1.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2007/2008 (HKLM-x32\...\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}) (Version: 9.2.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2008/2009 (HKLM-x32\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.0.0.0 - Steuerverwaltung des Bundes und der Länder)
EuCaSoft 4.4.0.4377 (HKLM-x32\...\EuCaSoft_is1) (Version:  - itas GmbH)
FFB Racing Wheel drivers (HKLM-x32\...\{28B758EA-5C83-48B1-B352-C70F12C73F5A}) (Version: 3.TTRS.2014 - Thrustmaster)
FreeArc 0.666 (HKLM-x32\...\FreeArc) (Version: 0.666 - Bulat Ziganshin)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge)
Geeks3D FurMark 1.13.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0512 - iRacing.com Motorsport Simulations)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java SE Development Kit 7 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Java SE Development Kit 8 Update 73 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180730}) (Version: 8.0.730.2 - Oracle Corporation)
JetDrive (HKLM-x32\...\JetDrive_is1) (Version: 6.11 - Abelssoft)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MechWarrior Online (HKLM-x32\...\{9f17023b-d04f-432b-b08a-3bb4c3a7ed3c}) (Version: 1.6.0.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.6.1.0 - Piranha Games Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mosaizer Pro v12.0 (HKLM-x32\...\Mosaizer Pro_is1) (Version: 12.0 - APP Helmond)
Mozilla Firefox 19.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 19.0.2 (x86 de)) (Version: 19.0.2 - Mozilla)
Mozilla Firefox 44.0.2 (x86 de) (HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 19.0.2 - Mozilla)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Next Car Game Free Technology Demo (HKLM-x32\...\Next Car Game Free Technology Demo) (Version:  - Bugbear Entertainment)
NoLimits 2 Demo (remove only) (HKLM\...\NoLimits 2 Demo) (Version:  - )
NoLimits Coasters 1.8 (remove only) (HKLM-x32\...\NoLimits Coasters full) (Version:  - )
Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Treiber 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Passbild-Generator v4.0a (HKLM-x32\...\Passbild-Generator_is1) (Version:  - Passbild-Generator)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Sentinel System Driver Installer 7.5.1 (HKLM-x32\...\{BF9E346B-5ECE-4A18-9510-55729FD08323}) (Version: 7.5.1 - SafeNet, Inc.)
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.0.115 - MSI)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.43148 - TeamViewer)
The Witcher 3: Wild Hunt - Alternative Look for Ciri (HKLM-x32\...\Alternative Look for Ciri_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Alternative Look for Triss (HKLM-x32\...\Alternative Look for Triss_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Alternative Look for Yennefer (HKLM-x32\...\Alternative Look for Yennefer_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Ballad Heroes - Neutral Gwent Card Set (HKLM-x32\...\Ballad Heroes - Neutral Gwent Card Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Elite Crossbow Set (HKLM-x32\...\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Finisher Animations (HKLM-x32\...\New Finisher Animations_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract - Skellige's Most Wanted (HKLM-x32\...\New Quest - Contract: Skellige's Most Wanted_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Fool's Gold (HKLM-x32\...\New Quest - Fool's Gold_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Scavenger Hunt - Wolf School Gear (HKLM-x32\...\New Quest - Scavenger Hunt: Wolf School Gear_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Where the Cat and Wolf Play... (HKLM-x32\...\New Quest - Where the Cat and Wolf Play..._is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Nilfgaardian Armor Set (HKLM-x32\...\Nilfgaardian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Skellige Armor Set (HKLM-x32\...\Skellige Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
War Thunder Launcher 1.0.1.278 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.116 - MSI)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> d:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2443269024-3109390385-3364977999-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\shag\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {2DDE40A1-B5C9-4E30-B49A-056A855363D0} - System32\Tasks\Search Filter Host => C:\Users\shag\AppData\Roaming\Windows\Applications\SearchIndex\SearchIndex.exe [2016-03-01] (IvoSoft)
Task: {5CDC7D13-A92F-4C6A-9037-DFA121DFEAA2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {6167180D-AC7E-4C68-8CC9-023DBC147E37} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {6EB11A62-09BE-4E9B-83D4-6A882DE1ED34} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {8497BBEE-475E-4265-AAA8-F224139C7BA0} - System32\Tasks\Super Charger => C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe [2011-07-06] (MSI)
Task: {C5C53FF5-B82F-4F17-AE3C-81D0F93E55D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DB2708DA-72B3-456B-A231-CAA7741EFF08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-11] (Adobe Systems Incorporated)
Task: {DBCDFCAF-D9E9-40F1-AF62-1F1C50B250EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {E4737B22-8F2C-4315-9743-9053915C8DBA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {EC19B7C3-4AAF-4DEF-9968-077FFE35F30A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {EC4FE598-9EC1-4664-A6F2-59D0338E59D0} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {F854E768-B92F-45F6-9F15-D807D339052F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job => C:\Users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job => C:\Users\shag\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-30 20:54 - 2015-12-09 02:52 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2014-07-30 10:04 - 2015-12-16 15:53 - 00126072 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-05-31 20:12 - 2015-02-10 14:08 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
2015-05-15 09:45 - 2015-12-09 02:53 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-05-31 20:12 - 2015-02-18 13:11 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2016-03-14 18:17 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\shag\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: Super-Charger => C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{6B1F38FA-F6F9-4ABD-B206-E8C90B977830}] => (Allow) C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B7325FFE-3ADA-4DA1-9DE8-3A2DCA7F5A3B}] => (Allow) C:\Users\shag\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{07D86DA9-61A3-47CB-B1A6-0513D4F06B65}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FDD9CBBE-0ABD-4667-9596-44E879C79778}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{86E3BE82-CA85-440E-B4B2-B2664B446D92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{11DDDDE2-F308-40AF-8D9D-0E2072E70150}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3163EBD-DDB7-4275-AC6D-8C732590173F}] => (Block) %ProgramFiles% (x86)\SQUARE ENIX\Tombraider\TombRaider.exe
FirewallRules: [TCP Query User{73C838EF-603A-4CF2-A23E-2041E1CFCD82}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{E71ACD03-DA48-431D-949F-BF986E2AC015}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [{4BBC53DD-4D5D-4C50-B909-22E10583A056}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{469D4751-7DFA-4A7C-B361-434CEB6A5A81}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{5BB1082F-2E2D-4EE6-944B-DC344AA5B470}C:\eucasoft\meta.exe] => (Allow) C:\eucasoft\meta.exe
FirewallRules: [UDP Query User{A2668BF5-70B4-4A1E-BDF8-5AB545E14AD3}C:\eucasoft\meta.exe] => (Allow) C:\eucasoft\meta.exe
FirewallRules: [TCP Query User{E3CEC154-48F6-4462-86A3-FA11B8C6E49A}C:\eucasoft\eucasoft.exe] => (Allow) C:\eucasoft\eucasoft.exe
FirewallRules: [UDP Query User{6ABB59E9-B8AC-4332-BD91-82B6FA02BCBC}C:\eucasoft\eucasoft.exe] => (Allow) C:\eucasoft\eucasoft.exe
FirewallRules: [TCP Query User{C38681B1-F9C5-4091-9454-BB9C91B9C217}C:\eucasoft\eucaprn.exe] => (Allow) C:\eucasoft\eucaprn.exe
FirewallRules: [UDP Query User{B68FAD45-EBB9-418D-9418-289EC845D24E}C:\eucasoft\eucaprn.exe] => (Allow) C:\eucasoft\eucaprn.exe
FirewallRules: [TCP Query User{3DC74B91-28FD-420E-AD76-7684D5631DE6}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [UDP Query User{E199CF05-61AE-482C-ADCD-46BC0D125AF6}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [TCP Query User{36345DBD-FF4D-463E-947F-2FB5E8F97CE1}E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe] => (Block) E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe
FirewallRules: [UDP Query User{3C8D0343-259F-44B4-9BF4-9116E1EDCF55}E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe] => (Block) E:\spiele\trackmania canyon\trackmania 2 canyon\maniaplanet.exe
FirewallRules: [TCP Query User{4A3487F5-0DF9-465C-859C-B2E3CB28767D}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{D243A6A0-89AA-47B7-8C5F-EE81A220C3CB}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{D746F088-F43E-4AD9-9FD0-782FFFF44266}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{C1409997-93DC-4B19-8C85-BE34ADE9EC79}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{BB497C68-00F8-4212-B457-64BD9CE73233}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{8D7CAD06-081F-4293-9AFA-A574B67C0766}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{68094F16-F5E3-4BFE-B7E7-0086A112EDFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1D18F698-41EF-4FF1-B72D-D7D764974717}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CF8BFAAF-E0E6-4FBE-9260-2B26188DFB50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{697C2CFB-27E5-4A1B-83B2-D908CF8D0F1F}D:\program files (x86)\rayman legends\rayman legends.exe] => (Block) D:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{4415CC36-28EC-477F-8CA5-84335AD7A691}D:\program files (x86)\rayman legends\rayman legends.exe] => (Block) D:\program files (x86)\rayman legends\rayman legends.exe
FirewallRules: [{E3D7CB83-5E5C-47E5-8FE7-0E543DEF0773}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{763A8944-677E-40D8-A3BF-36F032CAE895}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DC6F0895-BCFA-477C-8FAA-6D8FAE970845}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{2527224D-47C0-479D-A667-612AF086AD65}] => (Allow) D:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [TCP Query User{D6BCEDD8-4D78-4A28-8B5E-6D6A755083BE}D:\program files (x86)\warthunder\aces.exe] => (Allow) D:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{018EDE3C-20A5-4DEC-83DC-A0F4035CA4F3}D:\program files (x86)\warthunder\aces.exe] => (Allow) D:\program files (x86)\warthunder\aces.exe
FirewallRules: [{E89F95BB-3F00-4592-BF46-D7A0247E3238}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A453AEC4-A7B7-4DA7-B840-7087754DDBF5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AD67C548-8E7C-40B0-A74F-BA65ACD252C3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rush\rush.exe
FirewallRules: [{1B6D63C6-DF1F-46D9-944A-4534CF00CE52}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\rush\rush.exe
FirewallRules: [{90FC0048-BB3C-42A3-838C-93D2305165A5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{D2515F04-7392-4710-8C0B-11C44D9D5051}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{7EAC378D-BC60-44E4-8D20-97726450695B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{CA140986-66FC-4FD1-BD7B-4C731BA13B0D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{E6B3BB6E-1BC0-4659-A1C4-0E907310097A}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A5024DE2-F094-4A6B-B3CE-205B577386AF}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{928EC490-B5EE-4BC5-B83D-0877319F5188}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{18A7466B-1BA1-4EBA-8E1D-2AF3988F32B8}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{596BBFE3-EC8B-41A2-896B-BFC6212DD615}] => (Allow) D:\Program Files (x86)\OriginGames\Dead Space\Dead Space.exe
FirewallRules: [{482F736C-0431-441B-892B-ADD6495FE0B5}] => (Allow) D:\Program Files (x86)\OriginGames\Dead Space\Dead Space.exe
FirewallRules: [TCP Query User{3AC563F9-56E0-4D00-AA38-E94904A971D9}D:\program files (x86)\valve\portal 2\portal2.exe] => (Block) D:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [UDP Query User{CE925544-FD60-47B6-9BB2-776A0331FDBA}D:\program files (x86)\valve\portal 2\portal2.exe] => (Block) D:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [TCP Query User{5B653E1C-7A11-48EC-9DBE-A5A6CB0BE297}D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{CFFFAA87-8C93-421C-9379-BEC740574581}D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [TCP Query User{6F9B727C-9EFD-4404-AA37-4AD93A12B836}D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe
FirewallRules: [UDP Query User{C2D99373-F636-44F6-95F8-91527CB4F5C9}D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe
FirewallRules: [TCP Query User{C542631D-D296-4DD5-A464-85B3CB755448}D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe] => (Block) D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe
FirewallRules: [UDP Query User{3EE0E562-25EE-4679-B1F2-206503432AD1}D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe] => (Block) D:\watch_dogs-deluxe.edition-p2p\bin\watch_dogs.exe
FirewallRules: [TCP Query User{B78239F5-94BD-4F90-9F9B-BBE7B1F4F294}D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [UDP Query User{BAB1384F-46C8-4EA3-8AE8-F8FDC3DC2678}D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) D:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [{6A8DAA67-50D6-4693-9A05-E987BE0BC205}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{F1084AB7-A049-4C1E-A87E-69EA97D45F5A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [TCP Query User{10A90911-6943-486F-B637-EBF581F06F38}D:\program files (x86)\tera\tera-launcher.exe] => (Allow) D:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [UDP Query User{578E97A2-CE4F-4099-B0C8-66F332017191}D:\program files (x86)\tera\tera-launcher.exe] => (Allow) D:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [{66D14BBE-0EA6-415C-9ECD-21364CA004B2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{3E85FEBD-4AEB-45AF-BDAC-E6C9F4F5702D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{69287390-3691-457C-A38B-CC9337E9E2A5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{E7240E72-D750-43AC-91CA-09B8B47924DF}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{5FC65538-FA6D-49E2-89F9-6FCDEE0078BD}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{1D9830DA-43E2-45B8-BC15-4DB65EB7890C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{F600BCAF-ADBB-4F5D-B30B-9316781C151B}C:\users\shag\appdata\local\temp\gw2.exe] => (Allow) C:\users\shag\appdata\local\temp\gw2.exe
FirewallRules: [UDP Query User{41FA0A67-7849-47E9-8705-46E3EE198D57}C:\users\shag\appdata\local\temp\gw2.exe] => (Allow) C:\users\shag\appdata\local\temp\gw2.exe
FirewallRules: [TCP Query User{A3884C3A-1703-41EC-ABE3-45DD9E7CE962}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{78536A0E-367B-49EF-BC0A-2FA83E57D071}D:\guild wars 2\gw2.exe] => (Allow) D:\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{0F3E8BC1-14C2-481A-98AB-B244B4F084C5}D:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) D:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{BA93D511-5C13-403C-BFB6-40893AF03417}D:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) D:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [{EBFA0E67-670C-4DF3-A88E-B4A8DDF8AA98}] => (Allow) D:\Program Files (x86)\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [{C269B6F7-1883-40EB-B878-9EF8A9EB172E}] => (Allow) D:\Program Files (x86)\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [TCP Query User{D889D8F7-55CC-445A-8E3E-C0B52B5CDF93}D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Block) D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [UDP Query User{46EE6606-D08C-4C75-ACF2-6CEB161D465F}D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Block) D:\program files (x86)\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [TCP Query User{52DC2877-88F2-42CC-A0CA-E3979AC92D06}D:\program files (x86)\ubisoft\driver san francisco\driver.exe] => (Block) D:\program files (x86)\ubisoft\driver san francisco\driver.exe
FirewallRules: [UDP Query User{4B4DB25B-416E-4147-A842-D107757F7375}D:\program files (x86)\ubisoft\driver san francisco\driver.exe] => (Block) D:\program files (x86)\ubisoft\driver san francisco\driver.exe
FirewallRules: [TCP Query User{65ADDC17-D41E-43CF-8F91-0D1A5E64D260}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [UDP Query User{4FCCBC6A-ECB2-4D49-A0C7-06AA70EDCD31}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [TCP Query User{4727CA4A-F3CF-4D4C-BE94-77013DB3E561}D:\gog games\oddworld - new 'n' tasty\nnt.exe] => (Block) D:\gog games\oddworld - new 'n' tasty\nnt.exe
FirewallRules: [UDP Query User{16F3CC54-81C2-4D68-AC5B-A5F110F39B09}D:\gog games\oddworld - new 'n' tasty\nnt.exe] => (Block) D:\gog games\oddworld - new 'n' tasty\nnt.exe
FirewallRules: [{1EDBCBD6-77FE-4354-AFC1-82B6EEF9C166}] => (Allow) d:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{E95D1DBC-A572-4898-977A-09355E2080D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B6D7FDC2-79E5-443F-B573-ADBE5AE02395}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CC4C363A-92C1-483D-A1F8-D8D10344E52C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{09E746F3-3FA8-46A1-8D39-D2FAA689C686}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{20DEB04C-991B-4CE0-BF6E-832CFE776471}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{318028F5-A87E-4579-9378-43E2C20672BB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{2E5D2FF7-7055-42A5-BA32-6F6F01B54240}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{AA87FFA5-9C61-4FAA-8885-C7C06558CA9F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{F99BA5FE-DD38-41F4-A72E-CE7D43AD47E6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{CBF93050-29C7-4CAA-9A0D-5ED1DD81E6EB}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{52E17C41-63A9-4BE2-8174-4167278F4903}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3BEA036E-82D0-4D77-920E-8482907A261F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{5EA49FF2-A58C-43FF-A927-0A95BC6FCD49}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{60D3597B-38BF-4726-B37B-D84C6033C47A}] => (Allow) D:\Program Files (x86)\OriginGames\SimCity\SimCity\SimCity.exe
FirewallRules: [{FF9D86C5-9E1C-4141-A59B-AAA7CF001273}] => (Allow) D:\Program Files (x86)\OriginGames\SimCity\SimCity\SimCity.exe
FirewallRules: [{0EA73370-3A10-4766-A12F-38F0627859C8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F72DC3C7-0503-41A5-9041-0B676C1641F6}] => (Allow) d:\Program Files (x86)\Brother\Brmfl14e\FAXRX.EXE
FirewallRules: [{2DEEF5AC-1862-4BFF-85D2-38570B129251}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{28C6BC4A-6416-4AB8-9D95-58BFF751A037}D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Block) D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
FirewallRules: [UDP Query User{A3AB2A72-C4C0-4F06-A7EE-35C0A00F8240}D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Block) D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
FirewallRules: [TCP Query User{148864F7-C1E4-43C7-8550-2BD665282F51}D:\program files (x86)\the beginner's guide\beginnersguide.exe] => (Block) D:\program files (x86)\the beginner's guide\beginnersguide.exe
FirewallRules: [UDP Query User{C2EF76C4-BCF3-48FB-B86F-7B9BA0048225}D:\program files (x86)\the beginner's guide\beginnersguide.exe] => (Block) D:\program files (x86)\the beginner's guide\beginnersguide.exe
FirewallRules: [{8D43ABC5-5B12-4069-A956-405E2BDADA0D}] => (Allow) C:\Program Files (x86)\Ubisoft\Anno 2205\Bin\Win64\Anno2205.exe
FirewallRules: [TCP Query User{94CB0C90-4707-4792-A2D5-C25AF29D2469}D:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) D:\program files (x86)\funcom\age of conan\conanpatcher.exe
FirewallRules: [UDP Query User{97F8F9D2-7879-4A76-8105-5F4D34C015FA}D:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) D:\program files (x86)\funcom\age of conan\conanpatcher.exe
FirewallRules: [TCP Query User{99C24D58-9BFA-4554-9E71-00D636CD7E73}D:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconan.exe
FirewallRules: [UDP Query User{4047640F-E7E9-40FE-BA37-92EA829E5E29}D:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconan.exe
FirewallRules: [TCP Query User{427ECFE4-217A-4173-992A-9C438892908B}D:\program files (x86)\funcom\age of conan\ageofconandx10.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconandx10.exe
FirewallRules: [UDP Query User{156CF8DA-5855-45EC-BB9D-FF170F6A355E}D:\program files (x86)\funcom\age of conan\ageofconandx10.exe] => (Allow) D:\program files (x86)\funcom\age of conan\ageofconandx10.exe
FirewallRules: [{64B10E9D-6428-4CFA-90EB-011BF57188B4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{703D5913-0510-4C51-8CD3-10C7E1EA0EE6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A37ABBA-07A0-432C-BCD4-096215DA9189}] => (Allow) D:\Program Files\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{9794E91D-9859-47DE-B442-972C8D67A12B}] => (Allow) D:\Program Files\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{E3EB6327-951D-427C-962D-A9D15D80D3BC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{056185A1-5BA0-4BD6-A258-82BA88A67103}D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe] => (Block) D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe
FirewallRules: [UDP Query User{0E5A04DE-1325-45DA-9DA5-912070B8C4F0}D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe] => (Block) D:\program files (x86)\dying light the following enhanced edition\dyinglightgame.exe

==================== Wiederherstellungspunkte =========================

14-02-2013 01:40:44 Windows Update
14-02-2013 03:00:19 Windows Update
17-03-2013 17:59:43 Removed Java(TM) 6 Update 39
17-03-2013 18:02:58 Installed Java 7 Update 17
17-03-2013 18:20:27 Windows Update
11-03-2016 21:47:57 Removed RollerCoaster Tycoon® 3
12-03-2016 17:51:16 JRT Pre-Junkware Removal
13-03-2016 12:42:33 Removed Adobe Photoshop Lightroom 4.4 64-bit.
13-03-2016 13:17:48 Entfernt Railroad Tycoon 3
13-03-2016 13:19:16 Voodoo Chronicles wurde entfernt.

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: AODDriver4.01
Description: AODDriver4.01
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.01
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/14/2016 06:34:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 2.3.125.0, Zeitstempel: 0x5612a56b
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x1730
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (03/14/2016 06:23:53 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/14/2016 06:18:56 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/14/2016 05:12:57 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/14/2016 01:58:26 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/14/2016 07:14:23 AM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/14/2016 06:46:06 AM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/13/2016 04:46:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a6a196
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ac04
ID des fehlerhaften Prozesses: 0xf7c
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (03/13/2016 04:38:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a6a196
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ac04
ID des fehlerhaften Prozesses: 0x1698
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (03/13/2016 03:08:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a6a196
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ac04
ID des fehlerhaften Prozesses: 0x1228
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3


Systemfehler:
=============
Error: (03/14/2016 06:24:03 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%303.

Error: (03/14/2016 06:24:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (03/14/2016 06:24:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Avira Email-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (03/14/2016 06:23:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (03/14/2016 06:23:52 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Planer" wurde mit folgendem dienstspezifischem Fehler beendet: %%305.

Error: (03/14/2016 06:22:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/14/2016 06:22:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/14/2016 06:22:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/14/2016 06:22:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/14/2016 06:22:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


==================== Speicherinformationen =========================== 

Prozessor: AMD Phenom(tm) II X4 965 Processor
Prozentuale Nutzung des RAM: 31%
Installierter physikalischer RAM: 8178.14 MB
Verfügbarer physikalischer RAM: 5610.54 MB
Summe virtueller Speicher: 14176.34 MB
Verfügbarer virtueller Speicher: 11715 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:12.2 GB) NTFS
Drive d: (Programme) (Fixed) (Total:833.85 GB) (Free:259.51 GB) NTFS
Drive e: (Safe) (Fixed) (Total:1863.01 GB) (Free:4.9 GB) NTFS
Drive f: (Daten) (Fixed) (Total:208.46 GB) (Free:12.35 GB) NTFS
Drive g: (Win7) (Fixed) (Total:97.56 GB) (Free:16.33 GB) NTFS
Drive h: (WinXP) (Fixed) (Total:24.41 GB) (Free:1.13 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive i: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: B45C1AEF)
Partition 2: (Active) - (Size=1863 GB) - (Type=05)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C68DC68D)
Partition 1: (Active) - (Size=24.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=208.5 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 90486699)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AFD27FD7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
Hi,
noch ein kleiner Hinweis am Rande.
Seit wir angefangen haben, funktionieren meine Media-Tasten an meiner Logitech MK320 Tastatur nicht mehr.
Bei allen Media-Player Tasten öffnet sich Google im Browser mit folgender URL: https://www.google.de/?gws_rd=ssl
Kann das ein Nebeneffekt der Tools sein, die wir verwendet haben?

Gruß
shag48

Alt 15.03.2016, 14:36   #10
M-K-D-B
/// TB-Ausbilder
 
Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht - Standard

Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht



Servus,


ja, kann ein Nebeneffekt der Tools sein, wobei ich gerade nicht weiß, was da "fälschlicherweise" entfernt wurde, dass diese Tasten nicht mehr gehen.



Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Alt 15.03.2016, 19:41   #11
shag48
 
Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht - Standard

Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht



Hi,

nach 7 Scans in Folge, mal ein Zwischenergebniss.

Zur Info.
Während den ersten 3 Scans war mein Browser geöffnet während des Scans. Dabei habe ich aber keine neuen Seiten besucht, oder Links angeklickt.
Bei den nächsten 3 Scans habe ich den Browser geschlossen gelassen und auch sonst nichts am PC gemacht.
Seit dem 4. Scan findet er nur noch einen Eintrag und verlangt nicht mehr nach einem Neustart zum entfernen.
Das gleiche auch bei Scan 5 und 6.
Neustart habe ich trotzdem jedesmal gemacht.
Scan 7 läuft gerade, während ich den Post verfasse.

Hier die Ergebnisse:
Scan 1:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.03.15.05
  rootkit: v2016.03.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17914
shag :: SHAG-PC [administrator]

15.03.2016 17:54:57
mbar-log-2016-03-15 (17-54-57).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 455058
Time elapsed: 12 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKU\S-1-5-21-2443269024-3109390385-3364977999-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell (Hijack.ShellA.Gen) -> Data: explorer.exe,"C:\Users\shag\AppData\Roaming\clientmon.exe" -> Delete on reboot. [c948a5e32f6afd39fe74cd59867d7e82]

Registry Data Items Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,"C:\Windows\system32\clientmon.exe") Good: (userinit.exe) -> Replace on reboot. [f61b355311880d2904ecfb1ee61f42be]

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\shag\AppData\Local\Temp\svhost.exe (RiskWare.HeuristicsReservedWordExploit) -> Delete on reboot. [2de4f8902c6d61d5344f360635cf9070]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Scan 2:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.03.15.05
  rootkit: v2016.03.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17914
shag :: SHAG-PC [administrator]

15.03.2016 18:12:11
mbar-log-2016-03-15 (18-12-11).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 454791
Time elapsed: 12 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,"C:\Windows\system32\clientmon.exe") Good: (userinit.exe) -> Replace on reboot. [9879dbadf4a50135d51b4ccd4abba45c]

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\shag\AppData\Local\Temp\svhost.exe (RiskWare.HeuristicsReservedWordExploit) -> Delete on reboot. [937e73159dfcd85e552e51eb11f35ea2]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Scan 3:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.03.15.05
  rootkit: v2016.03.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17914
shag :: SHAG-PC [administrator]

15.03.2016 18:26:31
mbar-log-2016-03-15 (18-26-31).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 454961
Time elapsed: 12 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,"C:\Windows\system32\clientmon.exe") Good: (userinit.exe) -> Replace on reboot. [868bc9bff8a184b219d7ac6d46bf37c9]

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\shag\AppData\Local\Temp\svhost.exe (RiskWare.HeuristicsReservedWordExploit) -> Delete on reboot. [91800b7dcecba49294ef8eaefa0a31cf]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Scan 4:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.03.15.05
  rootkit: v2016.03.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17914
shag :: SHAG-PC [administrator]

15.03.2016 18:41:55
mbar-log-2016-03-15 (18-41-55).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 454759
Time elapsed: 12 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,"C:\Windows\system32\clientmon.exe") Good: (userinit.exe) -> Replace on reboot. [759cf692d8c13df9a94745d44fb6d62a]

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Scan 5:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.03.15.05
  rootkit: v2016.03.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17914
shag :: SHAG-PC [administrator]

15.03.2016 18:55:14
mbar-log-2016-03-15 (18-55-14).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 454814
Time elapsed: 12 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,"C:\Windows\system32\clientmon.exe") Good: (userinit.exe) -> Replace on reboot. [e22f9aeec6d3d4628a66849513f29b65]

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Scan 6:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.03.15.05
  rootkit: v2016.03.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17914
shag :: SHAG-PC [administrator]

15.03.2016 19:11:26
mbar-log-2016-03-15 (19-11-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 454816
Time elapsed: 12 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,"C:\Windows\system32\clientmon.exe") Good: (userinit.exe) -> Replace on reboot. [e9285236f1a84fe713ddfe1b53b259a7]

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Scan 7:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.03.15.05
  rootkit: v2016.03.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17914
shag :: SHAG-PC [administrator]

15.03.2016 19:25:48
mbar-log-2016-03-15 (19-25-48).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 454960
Time elapsed: 12 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,"C:\Windows\system32\clientmon.exe") Good: (userinit.exe) -> Replace on reboot. [e829d0b8405988ae618f4ccd8184857b]

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Die letzten 4 Logs sind, soweit ich das sehen kann, inhaltsgleich.

Alt 16.03.2016, 14:26   #12
M-K-D-B
/// TB-Ausbilder
 
Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht - Standard

Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht



Servus,



und jetzt ComboFix:



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Alt 16.03.2016, 20:19   #13
shag48
 
Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht - Standard

Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht



Hi,

hier der Combo-Fix Log:
Code:
ATTFilter
ComboFix 16-03-14.01 - shag 16.03.2016  20:10:33.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8178.6434 [GMT 1:00]
ausgeführt von:: c:\users\shag\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\shag\AppData\Roaming\clientmon.exe
c:\users\shag\AppData\Roaming\windows
c:\users\shag\AppData\Roaming\windows\Applications\SearchIndex\SearchIndex.7z
c:\users\shag\AppData\Roaming\windows\Applications\SearchIndex\SearchIndex.exe
c:\windows\SysWow64\tmpC66D.tmp
c:\windows\SysWow64\tmpC66E.tmp
c:\windows\SysWow64\tmpED6A.tmp
c:\windows\SysWow64\tmpED6B.tmp
c:\windows\UNWISE.EXE
D:\setup.exe
E:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2016-02-16 bis 2016-03-16  ))))))))))))))))))))))))))))))
.
.
2016-03-15 16:54 . 2016-03-15 18:38	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2016-03-15 16:54 . 2016-03-15 18:25	192216	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-14 17:19 . 2016-03-14 17:19	--------	d-sh--r-	c:\programdata\274335
2016-03-13 12:20 . 2016-03-13 12:20	82816	----a-w-	c:\users\shag\AppData\Roaming\pcouffin.sys
2016-03-12 16:39 . 2016-03-14 17:22	--------	d-----w-	c:\program files (x86)\AdwCleaner
2016-03-11 20:53 . 2016-03-14 17:37	--------	d-----w-	C:\FRST
2016-03-11 20:31 . 2016-03-15 18:24	109272	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2016-03-11 20:31 . 2016-03-11 20:32	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2016-03-11 20:31 . 2015-10-05 08:50	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2016-03-11 20:31 . 2015-10-05 08:50	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2016-03-11 20:20 . 2016-03-11 20:20	--------	d-----w-	c:\programdata\Malwarebytes
2016-03-05 11:03 . 2016-03-05 11:03	--------	d-----w-	c:\users\shag\AppData\Roaming\cerasus.media
2016-03-01 20:22 . 2016-03-01 15:25	3793920	----a-w-	c:\windows\SysWow64\clientmon.exe
2016-03-01 20:11 . 2016-03-12 16:51	--------	d-sh--r-	c:\programdata\274435
2016-03-01 18:55 . 2016-03-01 18:55	--------	d-----w-	c:\programdata\dbdata
2016-02-29 19:27 . 2016-02-29 21:37	--------	d-----w-	c:\users\shag\AppData\Roaming\Factorio
2016-02-25 07:09 . 2016-02-25 07:09	--------	d-----w-	c:\users\shag\AppData\Local\_3_
2016-02-23 20:01 . 2016-02-23 19:59	110176	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-64.dll
2016-02-23 20:00 . 2016-02-23 20:00	--------	d-----w-	c:\program files (x86)\Common Files\Java
2016-02-23 19:59 . 2016-02-23 20:01	--------	d-----w-	c:\users\shag\.oracle_jre_usage
2016-02-23 19:17 . 2016-02-23 20:09	--------	d-----w-	c:\users\shag\.litwrl
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-11 21:57 . 2013-03-18 19:25	797376	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2016-03-11 21:57 . 2013-03-18 19:25	142528	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-02-23 19:59 . 2015-03-13 17:22	110176	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2016-02-18 07:09 . 2013-04-02 20:33	140448	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-10-14 02:44 . 2013-10-14 02:44	2174976	----a-w-	c:\program files (x86)\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37	199488	----a-w-	c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37	199488	----a-w-	c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37	199488	----a-w-	c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"iCloud"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloud.exe" [2015-04-26 43816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2013-5-31 69120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 JetDrive WindowsClosingService;JetDrive WindowsClosingService;c:\windows\System32\WindowsClosingService;c:\windows\SYSNATIVE\WindowsClosingService [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 cancel;cancel;c:\program files (x86)\MSI\Super-Charger\cancel_64.sys;c:\program files (x86)\MSI\Super-Charger\cancel_64.sys [x]
R3 cpuz130;cpuz130;c:\users\shag\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\shag\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 GalaxyClientService;GalaxyClientService;d:\program files (x86)\GalaxyClient\GalaxyClientService.exe;d:\program files (x86)\GalaxyClient\GalaxyClientService.exe [x]
R3 GalaxyCommunication;GalaxyCommunication;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jetdrive;jddrv;c:\windows\system32\DRIVERS\jddrv.sys;c:\windows\SYSNATIVE\DRIVERS\jddrv.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;d:\program files (x86)\MSI\Live Update\NTIOLib_X64.sys;d:\program files (x86)\MSI\Live Update\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;j:\ntiolib_x64.sys;j:\NTIOLib_X64.sys [x]
R3 Origin Client Service;Origin Client Service;d:\program files (x86)\Origin\OriginClientService.exe;d:\program files (x86)\Origin\OriginClientService.exe [x]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys;c:\windows\SYSNATIVE\drivers\SndTAudio.sys [x]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS;c:\windows\SYSNATIVE\DRIVERS\SNTUSB64.SYS [x]
R3 tmhidusb;Thrustmaster HID USB Driver;c:\windows\system32\DRIVERS\tmhidusb.sys;c:\windows\SYSNATIVE\DRIVERS\tmhidusb.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 iRacingService;iRacing.com Helper Service;d:\program files (x86)\iRacing\iRacingService.exe;d:\program files (x86)\iRacing\iRacingService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 tmInstall;Thrustmaster Device Driver Installer;d:\program files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE;d:\program files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [x]
S2 zntport64;zntport64;c:\eucasoft\zntport64.sys;c:\eucasoft\zntport64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-15 13:42	1106072	----a-w-	c:\program files (x86)\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-12-18 15:42	286904	----a-w-	c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
2016-03-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-18 21:57]
.
2016-03-13 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
- c:\users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 15:54]
.
2016-03-16 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
- c:\users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 15:54]
.
2016-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14 13:34]
.
2016-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14 13:34]
.
2016-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
- c:\users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-25 13:39]
.
2016-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
- c:\users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-25 13:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37	236352	----a-w-	c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37	236352	----a-w-	c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37	236352	----a-w-	c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37	236352	----a-w-	c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-10-25 7512680]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-12-09 1846016]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-12-09 2771576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-08-13 170256]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-AOD - c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-Alternative Look for Ciri_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins010.exe
AddRemove-Alternative Look for Triss_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins006.exe
AddRemove-Alternative Look for Yennefer_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins004.exe
AddRemove-Avira Antivirus - c:\program files (x86)\Avira\AntiVir Desktop\setup.exe
AddRemove-Ballad Heroes - Neutral Gwent Card Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins008.exe
AddRemove-BDE Information Utility - c:\windows\UNWISE.EXE
AddRemove-Beard and Hairstyle Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins002.exe
AddRemove-Elite Crossbow Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins015.exe
AddRemove-Malwarebytes Anti-Malware_is1 - c:\program files (x86)\ Malwarebytes Anti-Malware \unins000.exe
AddRemove-New Finisher Animations_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins014.exe
AddRemove-New Quest - Contract Missing Miners_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins003.exe
AddRemove-New Quest - Contract: Skellige's Most Wanted_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins011.exe
AddRemove-New Quest - Fool's Gold_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins007.exe
AddRemove-New Quest - Scavenger Hunt: Wolf School Gear_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins009.exe
AddRemove-New Quest - Where the Cat and Wolf Play..._is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins013.exe
AddRemove-Nilfgaardian Armor Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins005.exe
AddRemove-Skellige Armor Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins012.exe
AddRemove-Temerian Armor Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins001.exe
AddRemove-{5F34CFF7-094A-4403-83B4-542938FE988E} - c:\programdata\{EF483DD0-9B7B-46F0-95DD-4B56E6939CF3}\setup.exe
AddRemove-{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1 - i:\winki\unins001.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\JetDrive WindowsClosingService]
"ImagePath"="c:\windows\System32\WindowsClosingService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.032"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.abr"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.ani"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.apd"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.bay"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Bitmap"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.cs1"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.cur"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.dcx"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.dib"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.djv"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.djvu"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.emf"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.eps"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.erf"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.fff"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Gif"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.hdr"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.icl"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.icn"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.iw4"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.j2c"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.j2k"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jbr"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jfif"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jif"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jp2"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jpc"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jpk"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jpx"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.mef"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.mos"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pbr"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pct"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pcx"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pic"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pict"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Png"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.psd"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.psp"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pspbrush"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pspimage"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.rle"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.rwl"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.srw"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.tga"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.thm"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.ttc"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.ttf"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60po"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60pp"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60ppf"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.wbm"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.wbmp"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.wmf"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.xif"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.xmp"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\SecuROM\License information*]
"datasecu"=hex:db,dd,1b,fe,64,41,0c,60,9c,8b,4f,a0,df,c0,01,1e,8b,76,02,d1,e2,
   a8,75,5a,1c,44,9f,89,55,2b,af,f1,80,58,22,66,ca,d4,87,43,55,2d,dc,4b,a6,2c,\
"rkeysecu"=hex:3a,78,12,f5,27,2d,b9,ea,ca,fe,57,1e,41,a1,96,25
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2016-03-16  20:15:03
ComboFix-quarantined-files.txt  2016-03-16 19:15
.
Vor Suchlauf: 15 Verzeichnis(se), 12.206.526.464 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 11.637.702.656 Bytes frei
.
- - End Of File - - 93345B509C77EC4C2F70923F0DF1778B
5F8B5082F3482CC06B72EC5806598AE9
         
Es wurde kein Neustart von Combofix ausgeführt.

Alt 17.03.2016, 14:55   #14
M-K-D-B
/// TB-Ausbilder
 
Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht - Standard

Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht



Servus,




Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

    Code:
    ATTFilter
    KillAll::
    
    Folder::
    c:\programdata\274335
    
    File::
    c:\windows\SysWow64\clientmon.exe
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!


Alt 17.03.2016, 15:44   #15
shag48
 
Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht - Standard

Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht



Hi,

hier der Inhalt der ComboFix Logdatei:
Code:
ATTFilter
ComboFix 16-03-14.01 - shag 17.03.2016  15:36:51.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8178.5863 [GMT 1:00]
ausgeführt von:: c:\users\shag\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\shag\Desktop\CFScript.txt
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\SysWow64\clientmon.exe"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\274335
c:\windows\SysWow64\clientmon.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2016-02-17 bis 2016-03-17  ))))))))))))))))))))))))))))))
.
.
2016-03-17 14:39 . 2016-03-17 14:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2016-03-17 14:39 . 2016-03-17 14:39	--------	d-----w-	c:\users\Coco\AppData\Local\temp
2016-03-17 14:39 . 2016-03-17 14:39	--------	d-----w-	c:\users\Besuch\AppData\Local\temp
2016-03-15 16:54 . 2016-03-15 18:38	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2016-03-15 16:54 . 2016-03-15 18:25	192216	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-13 12:20 . 2016-03-13 12:20	82816	----a-w-	c:\users\shag\AppData\Roaming\pcouffin.sys
2016-03-12 16:39 . 2016-03-14 17:22	--------	d-----w-	c:\program files (x86)\AdwCleaner
2016-03-11 20:53 . 2016-03-14 17:37	--------	d-----w-	C:\FRST
2016-03-11 20:31 . 2016-03-15 18:24	109272	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2016-03-11 20:31 . 2016-03-11 20:32	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2016-03-11 20:31 . 2015-10-05 08:50	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2016-03-11 20:31 . 2015-10-05 08:50	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2016-03-11 20:20 . 2016-03-11 20:20	--------	d-----w-	c:\programdata\Malwarebytes
2016-03-05 11:03 . 2016-03-05 11:03	--------	d-----w-	c:\users\shag\AppData\Roaming\cerasus.media
2016-03-01 20:11 . 2016-03-12 16:51	--------	d-sh--r-	c:\programdata\274435
2016-03-01 18:55 . 2016-03-01 18:55	--------	d-----w-	c:\programdata\dbdata
2016-02-29 19:27 . 2016-02-29 21:37	--------	d-----w-	c:\users\shag\AppData\Roaming\Factorio
2016-02-25 07:09 . 2016-02-25 07:09	--------	d-----w-	c:\users\shag\AppData\Local\_3_
2016-02-23 20:01 . 2016-02-23 19:59	110176	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-64.dll
2016-02-23 20:00 . 2016-02-23 20:00	--------	d-----w-	c:\program files (x86)\Common Files\Java
2016-02-23 19:59 . 2016-02-23 20:01	--------	d-----w-	c:\users\shag\.oracle_jre_usage
2016-02-23 19:17 . 2016-02-23 20:09	--------	d-----w-	c:\users\shag\.litwrl
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-11 21:57 . 2013-03-18 19:25	797376	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2016-03-11 21:57 . 2013-03-18 19:25	142528	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-02-23 19:59 . 2015-03-13 17:22	110176	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2016-02-18 07:09 . 2013-04-02 20:33	140448	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-10-14 02:44 . 2013-10-14 02:44	2174976	----a-w-	c:\program files (x86)\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37	199488	----a-w-	c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37	199488	----a-w-	c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37	199488	----a-w-	c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"iCloud"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloud.exe" [2015-04-26 43816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2013-5-31 69120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 JetDrive WindowsClosingService;JetDrive WindowsClosingService;c:\windows\System32\WindowsClosingService;c:\windows\SYSNATIVE\WindowsClosingService [x]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 cancel;cancel;c:\program files (x86)\MSI\Super-Charger\cancel_64.sys;c:\program files (x86)\MSI\Super-Charger\cancel_64.sys [x]
R3 cpuz130;cpuz130;c:\users\shag\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\shag\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 GalaxyClientService;GalaxyClientService;d:\program files (x86)\GalaxyClient\GalaxyClientService.exe;d:\program files (x86)\GalaxyClient\GalaxyClientService.exe [x]
R3 GalaxyCommunication;GalaxyCommunication;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jetdrive;jddrv;c:\windows\system32\DRIVERS\jddrv.sys;c:\windows\SYSNATIVE\DRIVERS\jddrv.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;d:\program files (x86)\MSI\Live Update\NTIOLib_X64.sys;d:\program files (x86)\MSI\Live Update\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;j:\ntiolib_x64.sys;j:\NTIOLib_X64.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
R3 Origin Client Service;Origin Client Service;d:\program files (x86)\Origin\OriginClientService.exe;d:\program files (x86)\Origin\OriginClientService.exe [x]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys;c:\windows\SYSNATIVE\drivers\SndTAudio.sys [x]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS;c:\windows\SYSNATIVE\DRIVERS\SNTUSB64.SYS [x]
R3 tmhidusb;Thrustmaster HID USB Driver;c:\windows\system32\DRIVERS\tmhidusb.sys;c:\windows\SYSNATIVE\DRIVERS\tmhidusb.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 iRacingService;iRacing.com Helper Service;d:\program files (x86)\iRacing\iRacingService.exe;d:\program files (x86)\iRacing\iRacingService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 tmInstall;Thrustmaster Device Driver Installer;d:\program files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE;d:\program files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [x]
S2 zntport64;zntport64;c:\eucasoft\zntport64.sys;c:\eucasoft\zntport64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-15 13:42	1106072	----a-w-	c:\program files (x86)\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-12-18 15:42	286904	----a-w-	c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
2016-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-18 21:57]
.
2016-03-13 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
- c:\users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 15:54]
.
2016-03-17 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
- c:\users\shag\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 15:54]
.
2016-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14 13:34]
.
2016-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14 13:34]
.
2016-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000Core.job
- c:\users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-25 13:39]
.
2016-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2443269024-3109390385-3364977999-1000UA.job
- c:\users\shag\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-25 13:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37	236352	----a-w-	c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37	236352	----a-w-	c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37	236352	----a-w-	c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-02-16 18:37	236352	----a-w-	c:\users\shag\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-10-25 7512680]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [BU]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-12-09 1846016]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-12-09 2771576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-08-13 170256]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\shag\AppData\Roaming\Mozilla\Firefox\Profiles\nlcfs56d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Alternative Look for Ciri_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins010.exe
AddRemove-Alternative Look for Triss_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins006.exe
AddRemove-Alternative Look for Yennefer_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins004.exe
AddRemove-Avira Antivirus - c:\program files (x86)\Avira\AntiVir Desktop\setup.exe
AddRemove-Ballad Heroes - Neutral Gwent Card Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins008.exe
AddRemove-BDE Information Utility - c:\windows\UNWISE.EXE
AddRemove-Beard and Hairstyle Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins002.exe
AddRemove-Elite Crossbow Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins015.exe
AddRemove-Malwarebytes Anti-Malware_is1 - c:\program files (x86)\ Malwarebytes Anti-Malware \unins000.exe
AddRemove-New Finisher Animations_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins014.exe
AddRemove-New Quest - Contract Missing Miners_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins003.exe
AddRemove-New Quest - Contract: Skellige's Most Wanted_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins011.exe
AddRemove-New Quest - Fool's Gold_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins007.exe
AddRemove-New Quest - Scavenger Hunt: Wolf School Gear_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins009.exe
AddRemove-New Quest - Where the Cat and Wolf Play..._is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins013.exe
AddRemove-Nilfgaardian Armor Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins005.exe
AddRemove-Skellige Armor Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins012.exe
AddRemove-Temerian Armor Set_is1 - c:\the witcher 3 wild hunt\The Witcher 3 Wild Hunt\unins001.exe
AddRemove-{5F34CFF7-094A-4403-83B4-542938FE988E} - c:\programdata\{EF483DD0-9B7B-46F0-95DD-4B56E6939CF3}\setup.exe
AddRemove-{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1 - i:\winki\unins001.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\JetDrive WindowsClosingService]
"ImagePath"="c:\windows\System32\WindowsClosingService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.032"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.abr"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.ani"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.apd"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.bay"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Bitmap"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.cs1"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.cur"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.dcx"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.dib"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.djv"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.djvu"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.emf"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.eps"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.erf"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.fff"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Gif"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.hdr"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.icl"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.icn"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.iw4"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.j2c"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.j2k"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jbr"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jfif"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jif"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jp2"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jpc"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jpk"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jpx"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.mef"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.mos"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pbr"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pct"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pcx"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pic"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pict"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Png"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.psd"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.psp"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pspbrush"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pspimage"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.rle"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.rwl"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.srw"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.tga"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.thm"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-2443269024-3109390385-3364977999-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.ttc"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.ttf"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60po"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60pp"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60ppf"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.wbm"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.wbmp"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.wmf"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.xif"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.xmp"
.
[HKEY_USERS\S-1-5-21-2443269024-3109390385-3364977999-1000\Software\SecuROM\License information*]
"datasecu"=hex:db,dd,1b,fe,64,41,0c,60,9c,8b,4f,a0,df,c0,01,1e,8b,76,02,d1,e2,
   a8,75,5a,1c,44,9f,89,55,2b,af,f1,80,58,22,66,ca,d4,87,43,55,2d,dc,4b,a6,2c,\
"rkeysecu"=hex:3a,78,12,f5,27,2d,b9,ea,ca,fe,57,1e,41,a1,96,25
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2016-03-17  15:42:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2016-03-17 14:42
ComboFix2.txt  2016-03-16 19:15
.
Vor Suchlauf: 20 Verzeichnis(se), 12.279.435.264 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 12.042.121.216 Bytes frei
.
- - End Of File - - 8E230A1FF08D1E243396CC42E8725111
5F8B5082F3482CC06B72EC5806598AE9
         

Antwort

Themen zu Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht
antivir, antivirus, bonjour, canon, converter, dnsapi.dll, error, fehlermeldung, firefox, flash player, google, hijack, home, homepage, installation, mozilla, mp3, prozesse, realtek, registry, rundll, scan, software, system, udp, uplay, usb, windows




Ähnliche Themen: Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht


  1. AntiViren Programme lassen sich nicht starten/installieren. Und beim MicrosoftSecurityCenter kann ich den EchtzeitSchutz nicht aktivieren!
    Plagegeister aller Art und deren Bekämpfung - 24.06.2015 (41)
  2. Avira Antivir lässt sich nicht mehr installieren/ Programme lassen sich nicht öffnen
    Antiviren-, Firewall- und andere Schutzprogramme - 23.03.2015 (10)
  3. Antivirus und andere Programm lassen sich nicht installieren
    Plagegeister aller Art und deren Bekämpfung - 12.01.2015 (10)
  4. CSC.exe popup, malwarebytes, SD lassen sich nicht installieren
    Plagegeister aller Art und deren Bekämpfung - 30.03.2014 (1)
  5. Drucker lässt sich nicht installieren da Druckerspooler nicht startet
    Log-Analyse und Auswertung - 21.12.2013 (7)
  6. Antivirenprogramme lassen sich nicht installieren/starten
    Plagegeister aller Art und deren Bekämpfung - 29.10.2013 (7)
  7. Antivir startet nicht: CCPLG.XML file is missing. Firefox startet nicht: "Couldnt open XPCOM" - Malwarebytes-Bericht beigefügt
    Log-Analyse und Auswertung - 05.10.2013 (3)
  8. Antivirenprogramme lassen sich nicht installieren/updaten
    Antiviren-, Firewall- und andere Schutzprogramme - 23.09.2013 (4)
  9. Antivirenprogramme lassen sich nicht installieren/updaten und LyriXeeker
    Log-Analyse und Auswertung - 18.09.2013 (5)
  10. Virenprogramme lassen sich nicht installieren
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (3)
  11. Virenprogramme lassen sich nicht mehr installieren
    Log-Analyse und Auswertung - 06.11.2012 (7)
  12. schwacher kryptografischer schlüssel// antivir und avast lassen sich nicht installieren
    Log-Analyse und Auswertung - 18.09.2012 (1)
  13. Antivieren-,Programme und Spiele lassen sich nicht Installieren
    Log-Analyse und Auswertung - 14.03.2011 (4)
  14. IE7 und Service Pack 3 lassen sich nicht installieren :(
    Alles rund um Windows - 01.12.2008 (10)
  15. Antivirenprog. lassen sich nicht installieren!
    Log-Analyse und Auswertung - 04.12.2007 (6)
  16. pdf-plug-ins lassen sich nicht installieren
    Alles rund um Windows - 14.09.2006 (2)
  17. Foren lassen sich nicht öffnen, Anti Viren Progs nicht installieren..
    Plagegeister aller Art und deren Bekämpfung - 02.07.2006 (1)

Zum Thema Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht - Hallo, heute fiel mir auf, dass AntiVir nicht mehr in der Taskleiste war. Manuell war es auch nicht zu starten. Ich habe mir dann die aktuellste Version herunter geladen, konnte - Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht...
Archiv
Du betrachtest: Antivir und AVG lassen sich nicht installieren, Malwarebytes startet nicht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.