Werbungs Problem , Auswertung erbeten

Likemike90 · 27.09.2015, 20:44

Hallo,

ich trete mit einer dringlichen Bitte an euch, ein Familienangehöriger hat es wieder geschafft seinen Laptop zu verseuchen.

Problem:

Es öffneten sich immer wieder Werbefenster ( in allen Browsern : Mozilla, iexplorer, Chrome ) Ich habe bereits einige Programme durchlaufen lassen, und der Zustand hat sich bereits gebessert, allerdings läuft im Mozilla einige Seiten noch immer sehr langsam bis hin zum Absturz des Browsers, in Chrome usw. funktioniert allerdings soweit ich das beurteilen kann wieder alles normalen :

Adwcleaner, JRT und MBAM( Malwarebytes) hab ich bereits gestartet und diese wurden auch fündig, nachfolgend dazu die Logfilges :

ADW Cleaner

Zitat:

# AdwCleaner v5.009 - Bericht erstellt am 27/09/2015 um 21:21:08
# Aktualisiert am 27/09/2015 von Xplode
# Datenbank : 2015-09-27.1 [Server]
# Betriebssystem : Windows 10 Home (x64)
# Benutzername : Franz - OPA-PC
# Gestartet von : C:\Users\Franz\Downloads\adwcleaner_5.009 (1).exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****

***** [ Ordner ] *****

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_acklnhgjphbhhomkneonohbjnbmkclfb_0
[-] Datei Gelöscht : C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acklnhgjphbhhomkneonohbjnbmkclfb
[-] Datei Gelöscht : C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\ey73nlwp.default\searchplugins\default.xml

***** [ Verknüpfungen ] *****

***** [ Geplante Tasks ] *****

[-] Task Gelöscht : Adobe Flash Player Updater

***** [ Registrierungsdatenbank ] *****

***** [ Internetbrowser ] *****

[-] [C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\ey73nlwp.default\prefs.js] [Preference] Gelöscht : user_pref("browser.newtab.url", "hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAcQc1oMUQEQDA1CcA4VVQsUGRgbeA4ATABCRwQXJAwIUQpERBNBNARaB0tXUUEeGGlxR1dMZlBOB0tZAw==");
[-] [C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\ey73nlwp.default\prefs.js] [Preference] Gelöscht : user_pref("browser.startup.homepage", "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggRcwpbVQlJQBgbIQkPTA1DRA0OeAEPWRRIElMSdF0NUQlCFFAFIk0FA18DB0VXfWFoKB8fHHJGLX5KAFs=");

*************************

:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1773 Bytes] ##########

JRT :

Zitat:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.3 (09.21.2015:1)
OS: Windows 10 Home x64
Ran by Franz on 27.09.2015 at 20:20:41,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully deleted: [Service] {2381c708-437b-40af-a3fc-1f3bd1d5172d}Gw64 [Reboot required]
Successfully deleted: [Service] {eaa5c94d-f832-4066-99d2-177ee28f0634}Gw64 [Reboot required]

~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Bidaily Synchronize Task[8da6]
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance
Successfully deleted: [Task] C:\WINDOWS\Tasks\Bidaily Synchronize Task[8da6].job

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_84CDBB9370B42B69F2DA889721ECC584
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_F698532DA1C4232F6884A6000B7F7AAF
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{f734cfd4-8a48-4098-be39-60e07e3cb01e}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f734cfd4-8a48-4098-be39-60e07e3cb01e}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{f734cfd4-8a48-4098-be39-60e07e3cb01e}

~~~ Files

Successfully deleted: [File] C:\Users\Franz\AppData\Roaming\appdataFr25.bin

~~~ Folders

Successfully deleted: [Folder] C:\Users\Franz\Appdata\Local\com
Successfully deleted: [Folder] C:\WINDOWS\SysWOW64\amd64
Successfully deleted: [Folder] C:\WINDOWS\SysWOW64\x86
Successfully deleted: [Folder] C:\Users\Franz\Appdata\Local\14398
Successfully deleted: [Folder] C:\Users\Franz\Appdata\Local\15968
Successfully deleted: [Folder] C:\Users\Franz\Appdata\Local\27061
Successfully deleted: [Folder] C:\Users\Franz\Appdata\Local\5113

~~~ FireFox

Successfully deleted the following from C:\Users\Franz\AppData\Roaming\mozilla\firefox\profiles\ey73nlwp.default\prefs.js

user_pref(browser.search.searchengine.alias, oursurfing);
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.iconURL, hxxp://www.oursurfing.com/favicon.ico);
user_pref(browser.search.searchengine.name, oursurfing);
user_pref(browser.search.searchengine.ptid, dig2);
user_pref(browser.search.searchengine.uid, WDCXWD7500BPVT-22HXZT3_WD-WXM1EC1FUVYAFUVYA);
user_pref(browser.search.searchengine.url, hxxp://www.oursurfing.com/web/?type=ds&ts=1437896635&z=d242ebacd6895eb9aa7686bgcz9cdmab3t6q3qecfc&from=dig2&uid=WDCXWD7500BPVT-22
Emptied folder: C:\Users\Franz\AppData\Roaming\mozilla\firefox\profiles\ey73nlwp.default\minidumps [2 files]

~~~ Chrome

[C:\Users\Franz\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Franz\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Franz\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Franz\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.09.2015 at 20:24:52,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und zuguter letzt auch Malwarebytes (mbam )

Zitat:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 27.09.2015
Suchlaufzeit: 20:31
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.09.27.04
Rootkit-Datenbank: v2015.09.22.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Franz

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 501709
Abgelaufene Zeit: 29 Min., 14 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 12
PUP.Optional.GemGrab, HKU\S-1-5-21-159860915-932780104-1365787373-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F734CFD4-8A48-4098-BE39-60E07E3CB01E}, In Quarantäne, [d010a98b0f7c02346e623baf31d120e0],
PUP.Optional.GemGrab, HKU\S-1-5-21-159860915-932780104-1365787373-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F734CFD4-8A48-4098-BE39-60E07E3CB01E}, In Quarantäne, [d010a98b0f7c02346e623baf31d120e0],
PUP.Optional.Cinema, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.9cV16.03-nv-ie, In Quarantäne, [2bb572c25f2c181ea99bd9b9f0147789],
PUP.Optional.GemGrab, HKLM\SOFTWARE\WOW6432NODE\GemGrab, In Quarantäne, [b62aa78dc4c7eb4b0508643ef21213ed],
PUP.Optional.HighStairs, HKLM\SOFTWARE\WOW6432NODE\HighStairs, In Quarantäne, [b42cd163018aaf878c65950fcb391ee2],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}, In Quarantäne, [10d0b18308832e08bfffd2df33d125db],
PUP.Optional.Cinema, HKU\S-1-5-18\SOFTWARE\CinemaP-1.9cV16.03-nv-ie, In Quarantäne, [5e82b28294f7b185f249c9c9e123a957],
PUP.Optional.Cinema, HKU\S-1-5-21-159860915-932780104-1365787373-1002\SOFTWARE\CinemaP-1.9cV16.03-nv-ie, In Quarantäne, [5f81ca6ab7d44cea0e2d771b0df7718f],
PUP.Optional.InstallCore, HKU\S-1-5-21-159860915-932780104-1365787373-1002\SOFTWARE\ICSW1.14, In Quarantäne, [ba263ef6602b1e18b7117d2a4fb5c63a],
PUP.Optional.WinYahoo, HKU\S-1-5-21-159860915-932780104-1365787373-1002\SOFTWARE\wincy, In Quarantäne, [b52b1e16b1da88aedc1896a0897a18e8],
PUP.Optional.WikiBrowser, HKU\S-1-5-21-159860915-932780104-1365787373-1002\SOFTWARE\INSTALLPATH\STATUS, In Quarantäne, [60802212cebda393889715b8f014d927],
PUP.Optional.WikiBrowser, HKU\S-1-5-21-159860915-932780104-1365787373-1002_Classes\WikiBroHTM.QYYQKXVDRDRPTMLAZI36ZTLRXU, In Quarantäne, [15cb55dff7940135da443499c73dea16],

Registrierungswerte: 1
PUP.Optional.WikiBrowser, HKU\S-1-5-21-159860915-932780104-1365787373-1002\SOFTWARE\INSTALLPATH\STATUS|WikiBrowser, Y, In Quarantäne, [60802212cebda393889715b8f014d927]

Registrierungsdaten: 1
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{b417d343-4109-44b9-904e-881bbaf69021}|NameServer, 82.163.143.172,82.163.142.174, Gut: (), Schlecht: (82.163.143.172,82.163.142.174),Ersetzt,[2cb4d65e92f9cb6b6220b9c5d43121df]

Ordner: 10
PUP.Optional.OffersWizard, C:\Program Files (x86)\Common Files\Config, In Quarantäne, [528ea193a8e3ea4cf8f7872c4aba9e62],
PUP.Optional.PlusHD, C:\Program Files (x86)\HD-V1.9, In Quarantäne, [b52b9b99aae1ad89db41be69f90a7789],
PUP.Optional.GemGrab, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap\1.0.5689.21382_0, In Quarantäne, [20c0de562f5c7eb88d59358034d1f10f],
PUP.Optional.GemGrab, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap, In Quarantäne, [20c0de562f5c7eb88d59358034d1f10f],
PUP.Optional.HighStairs, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai\1.0.5743.37294_0, In Quarantäne, [ad3335ff0e7dd85e59b62591996c9e62],
PUP.Optional.HighStairs, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai, In Quarantäne, [ad3335ff0e7dd85e59b62591996c9e62],
PUP.Optional.GemGrab, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap\1.0.5689.21382_0, In Quarantäne, [687877bda4e7a59126c0268fe1247e82],
PUP.Optional.GemGrab, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap, In Quarantäne, [687877bda4e7a59126c0268fe1247e82],
PUP.Optional.HighStairs, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai\1.0.5743.37294_0, In Quarantäne, [736d84b0fd8e1e186ba47b3b9570a65a],
PUP.Optional.HighStairs, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai, In Quarantäne, [736d84b0fd8e1e186ba47b3b9570a65a],

Dateien: 55
PUP.Optional.Nova, C:\Program Files (x86)\69dc8177-a574-4dff-8461-b3267b078dcf\40882d6a-0c6a-479b-917d-dd9bf7ea5963.dll, In Quarantäne, [d40ce74d5239ec4a0747823d768b9769],
PUP.Optional.Nova, C:\Program Files (x86)\Acer\9d5b5dfe-1daf-4852-b6fd-0ba80aa7ac4f.dll, In Quarantäne, [568ac074741793a352fcac13b94828d8],
PUP.Optional.InstallCore, C:\Users\Franz\AppData\Local\Temp\ICReinstall_setup.exe, In Quarantäne, [8957ea4a79120333162a8364c73ae51b],
PUP.Optional.Yontoo.Gen, C:\Users\Franz\AppData\Local\Temp\{5FF3B0A1-FD72-4BB1-8132-B79815959BF5}.xpi, In Quarantäne, [a83880b4e6a5d95d5764248744bd24dc],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{0248F0E0-F7B8-4F17-AE94-A41F6EC2CE9F}.dll, In Quarantäne, [07d9da5abfccd5614fed47a0d22fb947],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{25748C8C-65DE-4803-AE24-D8C65D218A42}.dll, In Quarantäne, [c7191024c8c3f64043f9569152af15eb],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{322B74D3-9EB4-4F20-B507-9E42AD52602F}.dll, In Quarantäne, [26ba21137813de58eb510ed9d9287b85],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{37C7C862-D002-44E8-A89B-35C845583084}.dll, In Quarantäne, [a23eff3557345ed88cb0757226db52ae],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{3BB1AA84-D721-44C7-AAC8-F8FC5B6F4DEF}.dll, In Quarantäne, [726eca6abfcc2c0afe3e9d4a4fb260a0],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{3F7103FB-29BD-4A7D-ACB2-615A8E92FE06}.dll, In Quarantäne, [2eb2ff35deaded49b389d6119b66c43c],
PUP.Optional.Yontoo.Gen, C:\Users\Franz\AppData\Local\Temp\{3FC6BFF9-6095-4B19-9722-136470D50DC2}.xpi, In Quarantäne, [6e7262d28b00ad896c4f5556c83938c8],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{45373999-1EC4-42BE-92F3-E1B06E8DC303}.dll, In Quarantäne, [9f418ea62d5edd59c577f3f461a0a060],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{5B4D18C1-C248-429A-A733-F2C2632A8CD9}.dll, In Quarantäne, [746ce64e5e2d22141329b334b54c9d63],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{6B095B93-DD5D-4F2C-AF6F-B0B7626EE41F}.dll, In Quarantäne, [b22e300489021d1995a726c1d031b050],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{6BCACA37-9623-4FAB-9A71-102738538B54}.dll, In Quarantäne, [c41c38fcd1ba3afcb58757902cd5718f],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{8CA0F9B5-8EA5-46A5-ACC6-F4C2F91F12C5}.dll, In Quarantäne, [ae325fd5810afa3c60dcbe29629f19e7],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{9484EB41-8147-4635-8663-7CE649808213}.dll, In Quarantäne, [29b7161e7813d95dec50e007fa07cb35],
PUP.Optional.Yontoo.Gen, C:\Users\Franz\AppData\Local\Temp\{9B44A354-C12B-473E-B615-2327B5229B40}.xpi, In Quarantäne, [eaf656de2665f73ffbc0c1eac63bc040],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{9E4BB099-5813-4E56-84D1-CB9764124AB7}.dll, In Quarantäne, [f9e7a88ca1ea2d091d1ff9ee6a9710f0],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{A8EF8180-188E-4A20-BC84-50F4737F4E8F}.dll, In Quarantäne, [d10fd95b34575fd766d616d1c938728e],
PUP.Optional.Yontoo.Gen, C:\Users\Franz\AppData\Local\Temp\{B85FCE88-A7B5-47BD-A743-248AD3038DF8}.xpi, In Quarantäne, [8c54cf6544475cda74473972fc05ea16],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{BF128548-3133-49CF-A034-07300FF4FC5D}.dll, In Quarantäne, [14cc2410dfac86b040fc24c3c73a50b0],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{CEB66ABA-4DAC-496F-BAA8-656C4EF04EE9}.dll, In Quarantäne, [b42c260e7d0ee650db61e9fe0001b54b],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{E1677003-CE5F-4622-AB53-3C8A582178C0}.dll, In Quarantäne, [578989aba9e21422b18b31b6a65b41bf],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{EEF64B6C-E4A4-4698-B61E-7E3770348AA7}.dll, In Quarantäne, [db056ec6bfcc63d39ca0499ed13056aa],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{F368E69C-888C-4BDB-82FC-A8024B000D93}.dll, In Quarantäne, [f7e9122215767fb72e0e7374fb069769],
PUP.Optional.Yontoo.Gen, C:\Users\Franz\AppData\Local\Temp\{FA83BDE2-1F50-4BD7-974A-EEFE37A5659C}.xpi, In Quarantäne, [8b551e161378f046407b4f5ce51c57a9],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Local\Temp\{FFF42357-97E9-4D63-BDB1-D03D30B4F77F}.dll, In Quarantäne, [707000347e0d57dfe05cfceb36cb54ac],
PUP.Optional.InstallCore, C:\Users\Franz\Downloads\SkypeSetup (2).exe, In Quarantäne, [3ca49b997417dd59a682a71756aba65a],
PUP.Optional.Yontoo, C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\ey73nlwp.default\extensions\{7e83bc4a-0052-4fdc-bf05-62480c2239cd}.xpi, In Quarantäne, [22be7eb6d6b5a88ee99a60d5d92ad62a],
PUP.Optional.OffersWizard, C:\Program Files (x86)\Common Files\Config\ver.xml, In Quarantäne, [528ea193a8e3ea4cf8f7872c4aba9e62],
PUP.Optional.OffersWizard, C:\Program Files (x86)\Common Files\Config\data.xml, In Quarantäne, [528ea193a8e3ea4cf8f7872c4aba9e62],
PUP.Optional.PlusHD, C:\Program Files (x86)\HD-V1.9\1293297481.mxaddon, In Quarantäne, [b52b9b99aae1ad89db41be69f90a7789],
PUP.Optional.PlusHD, C:\Program Files (x86)\HD-V1.9\674ef8b6-79fa-43ea-aad0-f0b622c8e6c3.crx, In Quarantäne, [b52b9b99aae1ad89db41be69f90a7789],
PUP.Optional.PlusHD, C:\Program Files (x86)\HD-V1.9\674ef8b6-79fa-43ea-aad0-f0b622c8e6c3.xpi, In Quarantäne, [b52b9b99aae1ad89db41be69f90a7789],
PUP.Optional.PlusHD, C:\Program Files (x86)\HD-V1.9\674ef8b6-79fa-43ea-aad0-f0b622c8e6c3_.xpi, In Quarantäne, [b52b9b99aae1ad89db41be69f90a7789],
PUP.Optional.PlusHD, C:\Program Files (x86)\HD-V1.9\background.html, In Quarantäne, [b52b9b99aae1ad89db41be69f90a7789],
PUP.Optional.PlusHD, C:\Program Files (x86)\HD-V1.9\d37ec241-265e-433f-968b-3286ca299d23.crx, In Quarantäne, [b52b9b99aae1ad89db41be69f90a7789],
PUP.Optional.PlusHD, C:\Program Files (x86)\HD-V1.9\da25ff31-81b7-4225-8aa1-9237e9f519bf.crx, In Quarantäne, [b52b9b99aae1ad89db41be69f90a7789],
PUP.Optional.GemGrab, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap\1.0.5689.21382_0\manifest.json, In Quarantäne, [20c0de562f5c7eb88d59358034d1f10f],
PUP.Optional.GemGrab, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap\1.0.5689.21382_0\background.js, In Quarantäne, [20c0de562f5c7eb88d59358034d1f10f],
PUP.Optional.GemGrab, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap\1.0.5689.21382_0\content.js, In Quarantäne, [20c0de562f5c7eb88d59358034d1f10f],
PUP.Optional.GemGrab, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap\1.0.5689.21382_0\icon.png, In Quarantäne, [20c0de562f5c7eb88d59358034d1f10f],
PUP.Optional.HighStairs, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai\1.0.5743.37294_0\manifest.json, In Quarantäne, [ad3335ff0e7dd85e59b62591996c9e62],
PUP.Optional.HighStairs, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai\1.0.5743.37294_0\background.js, In Quarantäne, [ad3335ff0e7dd85e59b62591996c9e62],
PUP.Optional.HighStairs, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai\1.0.5743.37294_0\content.js, In Quarantäne, [ad3335ff0e7dd85e59b62591996c9e62],
PUP.Optional.HighStairs, C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai\1.0.5743.37294_0\icon.png, In Quarantäne, [ad3335ff0e7dd85e59b62591996c9e62],
PUP.Optional.GemGrab, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap\1.0.5689.21382_0\manifest.json, In Quarantäne, [687877bda4e7a59126c0268fe1247e82],
PUP.Optional.GemGrab, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap\1.0.5689.21382_0\background.js, In Quarantäne, [687877bda4e7a59126c0268fe1247e82],
PUP.Optional.GemGrab, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap\1.0.5689.21382_0\content.js, In Quarantäne, [687877bda4e7a59126c0268fe1247e82],
PUP.Optional.GemGrab, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap\1.0.5689.21382_0\icon.png, In Quarantäne, [687877bda4e7a59126c0268fe1247e82],
PUP.Optional.HighStairs, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai\1.0.5743.37294_0\manifest.json, In Quarantäne, [736d84b0fd8e1e186ba47b3b9570a65a],
PUP.Optional.HighStairs, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai\1.0.5743.37294_0\background.js, In Quarantäne, [736d84b0fd8e1e186ba47b3b9570a65a],
PUP.Optional.HighStairs, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai\1.0.5743.37294_0\content.js, In Quarantäne, [736d84b0fd8e1e186ba47b3b9570a65a],
PUP.Optional.HighStairs, C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkojbhjbdohknknfpdkiadbelmklobai\1.0.5743.37294_0\icon.png, In Quarantäne, [736d84b0fd8e1e186ba47b3b9570a65a],

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)

(end)

Ich danke euch jetzt schon mal für eure Hilfe, und wäre euch auch dankbar um die Information bzw. den Tipp, woher die Schadhafte Software stammt ?

Mit aller höflichsten Gruss
Michael

schrauber · 28.09.2015, 07:19

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Likemike90 · 28.09.2015, 08:19

ok Danke

hier nachfolgend die gewünschten Logs:

FRST.txt

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01
durchgeführt von Franz (Administrator) auf OPA-PC (28-09-2015 09:11:17)
Gestartet von C:\Users\Franz\Downloads
Geladene Profile: UpdatusUser & Franz (Verfügbare Profile: UpdatusUser & Franz & Administrator)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\OneClickStarter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Dropbox, Inc.) C:\Users\Franz\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3935912 2015-08-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-04-26] (Dritek System Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-159860915-932780104-1365787373-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-159860915-932780104-1365787373-1002\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-159860915-932780104-1365787373-1002\...\Run: [Google Update] => C:\Users\Franz\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-159860915-932780104-1365787373-1002\...\Run: [Dropbox Update] => C:\Users\Franz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
HKU\S-1-5-21-159860915-932780104-1365787373-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-13] (NVIDIA Corporation)
IFEO\SppExtComObj.exe: [Debugger] C:\WINDOWS\SECOH-QAD.exe
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Franz\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Franz\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Franz\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Franz\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Franz\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Franz\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft)
Startup: C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2014-08-05]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Franz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk [2015-08-23]
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8fffb78b-f433-411a-bc3f-69501a8b8930}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{b417d343-4109-44b9-904e-881bbaf69021}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-159860915-932780104-1365787373-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-159860915-932780104-1365787373-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKU\S-1-5-21-159860915-932780104-1365787373-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=WD8&Tid=000328B0&OHP=http%3A%2F%2Facer13.msn.com&OSP=
HKU\S-1-5-21-159860915-932780104-1365787373-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.at/
HKU\S-1-5-21-159860915-932780104-1365787373-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-159860915-932780104-1365787373-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\ey73nlwp.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-159860915-932780104-1365787373-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Franz\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-159860915-932780104-1365787373-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Franz\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Extension: cheapcoup - C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\ey73nlwp.default\Extensions\woaiuohyu_qgkia_@vcjybmjlbmlcx.edu [2015-07-26]
FF Extension: Gem Grab - C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\ey73nlwp.default\Extensions\{e13c6976-6809-4991-ba2a-27f00d6175e4}.xpi [2015-08-02]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR dev: Chrome dev build erkannt! <======= ACHTUNG
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default
StartMenuInternet: Google Chrome - chrome.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [Datei ist nicht signiert]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-04-26] (Dritek System INC.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-08-21] (Synaptics Incorporated)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1353544 2009-10-30] (TuneUp Software)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-04-26] (Dritek System Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-21] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-28 09:11 - 2015-09-28 09:12 - 00021474 _____ C:\Users\Franz\Downloads\FRST.txt
2015-09-28 09:11 - 2015-09-28 09:11 - 00000000 ____D C:\FRST
2015-09-28 09:10 - 2015-09-28 09:10 - 02192384 _____ (Farbar) C:\Users\Franz\Downloads\FRST64.exe
2015-09-28 09:05 - 2015-09-28 09:05 - 00016148 _____ C:\WINDOWS\system32\OPA-PC_Franz_HistoryPrediction.bin
2015-09-28 09:05 - 2015-09-28 09:05 - 00000000 ___HD C:\OneDriveTemp
2015-09-27 21:42 - 2015-09-27 21:42 - 00001746 _____ C:\mbam2.txt
2015-09-27 21:18 - 2015-09-27 21:19 - 01670656 _____ C:\Users\Franz\Downloads\adwcleaner_5.009 (1).exe
2015-09-27 21:18 - 2015-09-27 21:18 - 01670656 _____ C:\Users\Franz\Downloads\adwcleaner_5.009.exe
2015-09-27 20:30 - 2015-09-27 21:42 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-27 20:30 - 2015-09-27 20:30 - 00001175 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-27 20:30 - 2015-09-27 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-09-27 20:30 - 2015-09-27 20:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-27 20:30 - 2015-09-27 20:30 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-09-27 20:30 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-27 20:30 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-27 20:30 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-27 20:24 - 2015-09-27 20:24 - 00003922 _____ C:\Users\Franz\Desktop\JRT.txt
2015-09-27 20:20 - 2015-09-22 19:06 - 01800512 _____ (Malwarebytes) C:\Users\Franz\Desktop\JRT.exe
2015-09-24 20:11 - 2015-09-24 20:11 - 00000000 ___HD C:\$Windows.~BT
2015-09-24 09:00 - 2015-09-27 19:57 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-23 15:06 - 2015-09-23 15:07 - 00000000 ____D C:\Users\Franz\AppData\Local\Chromium
2015-09-23 15:03 - 2015-09-23 16:04 - 00000000 ____D C:\Users\Franz\AppData\Local\{ECABDAF7-C803-B64F-A59B-93A781F36F3F}
2015-09-23 08:15 - 2015-09-23 08:15 - 00000494 _____ C:\Users\Franz\Downloads\Einzelentgeltnachweis-A1-Rechnung-20150922 (1).csv
2015-09-23 08:14 - 2015-09-23 08:14 - 00000494 _____ C:\Users\Franz\Downloads\Einzelentgeltnachweis-A1-Rechnung-20150922.csv
2015-09-20 10:35 - 2015-09-23 16:04 - 00000098 _____ C:\Users\Franz\AppData\Roaming\WB.CFG
2015-09-20 09:34 - 2015-09-20 18:15 - 00000000 ____D C:\Users\Franz\AppData\Roaming\Opera Software
2015-09-20 09:34 - 2015-09-20 18:15 - 00000000 ____D C:\Users\Franz\AppData\Local\Opera Software
2015-09-20 09:34 - 2015-09-20 09:34 - 00000000 ____D C:\Users\Franz\AppData\Roaming\Shortcut
2015-09-18 17:04 - 2015-09-18 17:04 - 00027772 _____ C:\WINDOWS\system32\ScanResults.xml
2015-09-18 17:00 - 2015-09-18 17:00 - 00000464 _____ C:\WINDOWS\system32\ScannerSettings
2015-09-18 11:16 - 2015-09-18 11:16 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-18 11:16 - 2015-09-18 11:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-16 08:30 - 2015-09-16 08:30 - 00000000 ___RD C:\Users\Franz\3D Objects
2015-09-13 17:32 - 2015-09-02 03:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-13 17:32 - 2015-09-02 02:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-13 17:32 - 2015-09-02 02:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-13 17:32 - 2015-08-27 08:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-13 17:32 - 2015-08-27 08:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-13 17:32 - 2015-08-27 08:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-13 17:32 - 2015-08-27 07:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-13 17:32 - 2015-08-27 07:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-13 17:32 - 2015-08-27 07:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-13 17:32 - 2015-08-27 07:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-13 17:32 - 2015-08-27 07:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-13 17:32 - 2015-08-27 07:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-13 17:32 - 2015-08-27 07:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-13 17:32 - 2015-08-27 07:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-13 17:32 - 2015-08-27 07:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-13 17:32 - 2015-08-27 07:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-13 17:32 - 2015-08-27 07:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-13 17:32 - 2015-08-27 07:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-13 17:32 - 2015-08-27 07:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-13 17:32 - 2015-08-27 07:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-13 17:32 - 2015-08-27 07:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-13 17:32 - 2015-08-27 07:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-13 17:32 - 2015-08-27 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-13 17:32 - 2015-08-27 07:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-13 17:32 - 2015-08-27 07:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-13 17:32 - 2015-08-27 07:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-13 17:32 - 2015-08-27 07:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-13 17:32 - 2015-08-27 07:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-13 17:32 - 2015-08-27 07:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-13 17:32 - 2015-08-27 07:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-13 17:32 - 2015-08-27 07:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-13 17:32 - 2015-08-27 07:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-11 11:54 - 2015-09-11 14:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-09-09 11:00 - 2015-09-09 11:00 - 00001537 _____ C:\Users\Franz\Downloads\Details_1508_345974858_1_066473213965 (2).csv
2015-09-09 10:59 - 2015-09-09 10:59 - 00001537 _____ C:\Users\Franz\Downloads\Details_1508_345974858_1_066473213965 (1).csv
2015-09-09 10:58 - 2015-09-09 10:58 - 00001537 _____ C:\Users\Franz\Downloads\Details_1508_345974858_1_066473213965.csv
2015-09-05 10:46 - 2015-09-05 10:46 - 00000000 ____D C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-29 17:20 - 2015-08-20 08:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-29 17:20 - 2015-08-20 08:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-29 17:20 - 2015-08-20 08:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-29 17:20 - 2015-08-20 07:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-29 17:20 - 2015-08-20 07:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-29 17:20 - 2015-08-20 07:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-29 17:20 - 2015-08-20 07:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-29 17:20 - 2015-08-18 09:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-29 17:20 - 2015-08-18 09:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-29 17:20 - 2015-08-18 09:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-29 17:20 - 2015-08-18 09:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-29 17:20 - 2015-08-18 09:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-29 17:20 - 2015-08-18 09:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-29 17:20 - 2015-08-18 09:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-29 17:20 - 2015-08-18 09:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-29 17:20 - 2015-08-18 09:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-29 17:20 - 2015-08-18 09:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-29 17:20 - 2015-08-18 09:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-29 17:20 - 2015-08-18 08:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-29 17:20 - 2015-08-18 08:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-29 17:20 - 2015-08-18 08:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-29 17:20 - 2015-08-18 08:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-29 17:20 - 2015-08-18 08:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-29 17:20 - 2015-08-18 08:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-29 17:20 - 2015-08-18 08:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-29 17:20 - 2015-08-18 08:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-29 17:20 - 2015-08-18 08:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-29 17:20 - 2015-08-18 08:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-29 17:20 - 2015-08-18 08:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-29 17:20 - 2015-08-18 08:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-29 17:20 - 2015-08-18 08:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-29 17:20 - 2015-08-18 08:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-29 17:20 - 2015-08-18 08:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-29 17:20 - 2015-08-18 08:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-29 17:20 - 2015-08-18 08:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-29 17:20 - 2015-08-18 08:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-29 17:20 - 2015-08-18 08:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-29 17:20 - 2015-08-18 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-29 17:20 - 2015-08-18 08:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-29 17:20 - 2015-08-18 08:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-29 17:20 - 2015-08-18 06:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-28 09:10 - 2015-07-10 14:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-28 09:09 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-28 09:08 - 2014-08-28 19:59 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7E725C1E-308E-4EBC-B37F-6EAD11623371}
2015-09-28 09:07 - 2014-07-30 15:40 - 00000000 ____D C:\Users\Franz\AppData\Roaming\Skype
2015-09-28 09:06 - 2015-04-07 13:37 - 00000000 ___RD C:\Users\Franz\Desktop\Dropbox
2015-09-28 09:06 - 2015-04-07 13:17 - 00000000 ____D C:\Users\Franz\AppData\Roaming\Dropbox
2015-09-28 09:06 - 2014-07-30 17:04 - 00000000 ____D C:\Users\Franz\AppData\Local\CrashDumps
2015-09-28 09:05 - 2014-08-04 16:20 - 00000000 ___DO C:\Users\Franz\OneDrive
2015-09-27 21:22 - 2015-08-21 19:30 - 00624478 _____ C:\WINDOWS\PFRO.log
2015-09-27 21:22 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-27 21:21 - 2015-07-10 11:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-27 21:21 - 2015-07-04 15:31 - 00000000 ____D C:\AdwCleaner
2015-09-27 21:04 - 2015-02-14 17:33 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-159860915-932780104-1365787373-1002UA.job
2015-09-27 21:01 - 2015-07-04 10:22 - 00000000 ____D C:\Program Files (x86)\69dc8177-a574-4dff-8461-b3267b078dcf
2015-09-27 21:01 - 2013-03-27 11:17 - 00000000 ____D C:\Program Files (x86)\Acer
2015-09-27 20:45 - 2015-06-20 15:34 - 00001238 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-159860915-932780104-1365787373-1002UA.job
2015-09-27 20:15 - 2015-08-21 19:39 - 00000000 ____D C:\Users\Franz
2015-09-27 20:15 - 2015-07-02 21:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-27 20:14 - 2015-08-21 19:55 - 01790124 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-27 20:14 - 2015-07-10 18:34 - 00772342 _____ C:\WINDOWS\system32\perfh007.dat
2015-09-27 20:14 - 2015-07-10 18:34 - 00154170 _____ C:\WINDOWS\system32\perfc007.dat
2015-09-27 13:04 - 2015-02-14 17:33 - 00001082 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-159860915-932780104-1365787373-1002Core.job
2015-09-25 14:57 - 2014-08-29 19:22 - 00020435 _____ C:\Users\Franz\Desktop\Wertp..odt
2015-09-25 11:45 - 2015-06-20 15:34 - 00001186 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-159860915-932780104-1365787373-1002Core.job
2015-09-24 20:17 - 2015-08-21 20:29 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-24 20:17 - 2014-07-29 14:10 - 00000000 _____ C:\Recovery.txt
2015-09-24 09:18 - 2014-08-05 20:35 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-23 15:20 - 2013-04-26 09:08 - 00000000 ____D C:\ProgramData\Norton
2015-09-23 15:18 - 2015-07-10 13:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-09-23 15:18 - 2015-07-10 11:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-23 15:03 - 2015-08-02 19:45 - 00001872 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-23 15:03 - 2015-07-05 15:53 - 00001515 _____ C:\Users\Franz\Desktop\iexplore.lnk
2015-09-23 15:03 - 2015-07-04 16:00 - 00001123 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-23 10:32 - 2015-08-21 20:26 - 00000000 ____D C:\Windows.old
2015-09-23 08:07 - 2014-07-29 20:19 - 00000000 ____D C:\Users\Franz\AppData\Local\Packages
2015-09-23 08:06 - 2015-08-23 19:25 - 00000000 ____D C:\Users\Franz\AppData\Local\Deployment
2015-09-21 18:31 - 2015-07-10 14:20 - 00367888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-21 18:29 - 2015-07-10 18:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-21 18:29 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-21 18:25 - 2014-08-05 15:27 - 00000000 ____D C:\Program Files\KMSpico
2015-09-18 11:16 - 2014-07-30 15:38 - 00002642 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-18 11:16 - 2014-07-30 15:38 - 00000000 ____D C:\ProgramData\Skype
2015-09-17 12:59 - 2015-02-14 17:33 - 00004248 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-159860915-932780104-1365787373-1002UA
2015-09-17 12:59 - 2015-02-14 17:33 - 00003872 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-159860915-932780104-1365787373-1002Core
2015-09-15 18:12 - 2015-07-10 13:06 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-15 18:12 - 2015-07-10 13:06 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-15 17:22 - 2015-08-21 20:16 - 00002394 _____ C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-15 11:05 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache
2015-09-13 17:38 - 2014-07-30 15:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-13 15:10 - 2014-07-30 15:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-13 15:09 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-09-08 16:47 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-05 18:16 - 2015-07-10 14:20 - 00021642 _____ C:\WINDOWS\setupact.log
2015-09-05 17:47 - 2013-05-27 16:43 - 00000000 ____D C:\Users\Franz\Documents\Outlook-Dateien

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-09-20 10:35 - 2015-09-23 16:04 - 0000098 _____ () C:\Users\Franz\AppData\Roaming\WB.CFG
2014-09-19 19:32 - 2014-10-04 12:01 - 0004608 _____ () C:\Users\Franz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-28 13:41 - 2014-08-28 13:41 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-08-21 19:36 - 2015-08-21 19:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Franz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp1xlzp.dll
C:\Users\Franz\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Franz\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-09-23 08:25

==================== Ende von FRST.txt ============================

addition.txt

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
durchgeführt von Franz (2015-09-28 09:12:49)
Gestartet von C:\Users\Franz\Downloads
Windows 10 Home (X64) (2015-08-21 18:08:32)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-159860915-932780104-1365787373-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-159860915-932780104-1365787373-503 - Limited - Disabled)
Franz (S-1-5-21-159860915-932780104-1365787373-1002 - Administrator - Enabled) => C:\Users\Franz
Gast (S-1-5-21-159860915-932780104-1365787373-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-159860915-932780104-1365787373-1008 - Limited - Enabled)
UpdatusUser (S-1-5-21-159860915-932780104-1365787373-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.96 - Broadcom Corporation)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
Chromium (HKU\S-1-5-21-159860915-932780104-1365787373-1002\...\Chromium) (Version: 46.0.2480.0 - Chromium)
Classic Shell (HKLM\...\{98BB5224-BC5D-4028-9D20-536C1C263AA9}) (Version: 4.0.2 - IvoSoft)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3729_45993 - CyberLink Corp.)
DJ3520FWUpdateAlert (x32 Version: 2.00.0000 - HP) Hidden
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
Dropbox (HKU\S-1-5-21-159860915-932780104-1365787373-1002\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Gem Grab (HKLM-x32\...\Gem Grab) (Version: 2.0.5692.715 - Gem Grab)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Photos Backup (HKU\S-1-5-21-159860915-932780104-1365787373-1002\...\Google Photos Backup) (Version: 1.1.0.248 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HP Deskjet 3520 series - Grundlegende Software für das Gerät (HKLM\...\{15B2F0E3-3FAC-4495-B0FD-398EECFA4100}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Hilfe (HKLM-x32\...\{6B953497-169C-4929-9AA9-A9F510347468}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP ePrint (HKLM-x32\...\{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}) (Version: 12.0.13351.1658 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
KeePass Password Safe 1.25 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.25 - Dominik Reichl)
KeePass Password Safe 2.27 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7134 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
Mozilla Thunderbird 31.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.1.1 (x86 de)) (Version: 31.1.1 - Mozilla)
Mozilla Thunderbird 31.1.2 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.1.2 (x86 de)) (Version: 31.1.2 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
Mozilla Thunderbird 38.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.2.0 (x86 de)) (Version: 38.2.0 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.13.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
TuneUp Utilities (HKLM-x32\...\TuneUp Utilities) (Version: 9.0.2000.15 - TuneUp Software)
TuneUp Utilities (x32 Version: 9.0.2000.15 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 9.0.2000.15 - TuneUp Software) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-159860915-932780104-1365787373-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Franz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-159860915-932780104-1365787373-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Franz\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-159860915-932780104-1365787373-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Franz\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-159860915-932780104-1365787373-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Franz\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-159860915-932780104-1365787373-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-159860915-932780104-1365787373-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Franz\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-159860915-932780104-1365787373-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Franz\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-159860915-932780104-1365787373-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Franz\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-159860915-932780104-1365787373-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-159860915-932780104-1365787373-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-159860915-932780104-1365787373-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-159860915-932780104-1365787373-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-159860915-932780104-1365787373-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-159860915-932780104-1365787373-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-159860915-932780104-1365787373-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-159860915-932780104-1365787373-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-159860915-932780104-1365787373-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-159860915-932780104-1365787373-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Wiederherstellungspunkte =========================

25-09-2015 12:16:12 Geplanter Prüfpunkt
27-09-2015 20:20:55 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {016FC903-B3A5-43E7-B565-CE60CA054BD2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {150F97F9-43BF-43BF-97DE-4699BBB5A7CE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {17324404-C3CB-4100-9453-5DAD5399849F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {1DB906E3-AE08-4DBA-B785-C4C0696AE355} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {1E2E499D-FCFF-4D84-9F63-59ED00D8BE56} - System32\Tasks\{063A61D3-596F-486C-A2F8-103A64444441} => pcalua.exe -a C:\Users\Franz\AppData\Roaming\oursurfing\UninstallManager.exe -c  -ptid=dig2
Task: {2F0E914B-19D7-48C3-BF08-594FF640A24F} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {376A5D76-6CCE-4944-9A1F-B119449895E0} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> Keine Datei <==== ACHTUNG
Task: {3A822438-D8AA-43AD-894A-305374309A7B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {4495CC21-8E00-4397-B3CD-F684FD2C0650} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {4565F36A-371B-4A0E-9364-B8FB555544B0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-159860915-932780104-1365787373-1002Core => C:\Users\Franz\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {54ADFD8C-AC96-442B-9E0E-5C5E2BF86DD1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {6C1847E1-BE8F-4F93-B726-C87FC5D7AE2B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {79BA97CA-A8E7-4986-9FD2-E5D02F5593A7} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-02-08] (CyberLink)
Task: {8151EA9F-2ADF-4E0B-A3B2-6A7F97FA28FA} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {82DAC206-9FA9-465A-A010-3D69393AB478} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-159860915-932780104-1365787373-1002UA => C:\Users\Franz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {835A2F7F-D7EC-46F8-A4EE-FDED2FD60CCE} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {87EC73B5-CA43-4C8D-A5A3-62B02B511D69} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> Keine Datei <==== ACHTUNG
Task: {8E149D30-74E5-4978-A947-C1E9FF99662D} - System32\Tasks\{688E2463-89B3-41DD-8B23-0A22D055F4E9} => pcalua.exe -a "C:\Program Files (x86)\TuneUp Utilities 2010\TUInstallHelper.exe" -c --Trigger-Uninstall
Task: {9476F21E-2F4B-4159-8391-1E16B4D66947} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {978A37A3-6728-41FA-B842-2F1B6FEEBB81} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {9DD4C951-63F8-43AE-B742-A85AE4C5F7AC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {A030AEF0-D407-4969-AF4B-E5922381399D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-159860915-932780104-1365787373-1002Core => C:\Users\Franz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {ACC67777-9BC9-4895-860F-8B64B478A68C} - System32\Tasks\{D32C170A-3C22-4315-A078-B60EA980A0CE} => pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe" -c UNINSTALLUI RERUNMODE productreleaseid O365HomePremRetail culture de-de operation uninstall_multiple productsdata O365HomePremRetail_de-de_x-none
Task: {AE240028-44B0-419E-8DCF-213ECB480C8D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {B2FD1983-7E8C-4F92-9778-139F0A7C8391} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {D10A4EBB-F4D8-40A4-BBDE-74AF7E687175} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-159860915-932780104-1365787373-1002UA => C:\Users\Franz\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {D73C13AE-1694-4402-973B-4AE24FA7EF89} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {E546628C-3C97-47BF-B705-801CAF7EF195} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {EBB2CE5C-21CE-4964-92E7-F7D376BDDC6F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {F5E946C4-B2C0-4A91-8C51-A82965591C29} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {F83BE201-8BDC-48F4-9E44-5FCA1A363767} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {FEF5E474-9026-479B-82B1-995B435DCB3D} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-159860915-932780104-1365787373-1002Core.job => C:\Users\Franz\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-159860915-932780104-1365787373-1002UA.job => C:\Users\Franz\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-159860915-932780104-1365787373-1002Core.job => C:\Users\Franz\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-159860915-932780104-1365787373-1002UA.job => C:\Users\Franz\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-08-21 20:25 - 2015-08-21 20:25 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-22 09:23 - 2015-08-11 11:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-08-05 20:35 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-07-13 20:45 - 2015-07-13 20:45 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-08-21 19:35 - 2015-07-13 19:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-29 17:20 - 2015-08-18 09:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-29 17:20 - 2015-08-18 09:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-22 09:24 - 2015-08-03 03:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 13:00 - 2015-07-10 18:45 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-22 09:23 - 2015-08-11 10:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-22 09:23 - 2015-08-03 03:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 13:00 - 2015-07-10 18:45 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2013-04-26 08:45 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-07-13 20:45 - 2015-07-13 20:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-11-20 12:55 - 2014-11-20 12:56 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-09-28 09:06 - 2015-09-28 09:06 - 00071168 _____ () c:\users\franz\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp1xlzp.dll
2015-03-04 23:45 - 2015-08-05 07:26 - 00012800 _____ () C:\Users\Franz\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-08-05 07:26 - 00779776 _____ () C:\Users\Franz\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 19:49 - 2015-08-05 07:26 - 00056320 _____ () C:\Users\Franz\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 23:45 - 2015-08-05 07:26 - 00012288 _____ () C:\Users\Franz\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2014-11-20 12:59 - 2014-11-20 12:59 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-11-20 12:55 - 2014-11-20 12:56 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2013-04-26 09:14 - 2013-02-20 22:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-07-15 14:25 - 2015-07-13 23:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-15 14:25 - 2015-07-13 23:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
2015-07-15 14:25 - 2015-07-13 23:55 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Franz\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Franz\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Franz\SkyDrive (2).old:ms-properties

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-159860915-932780104-1365787373-1001\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-159860915-932780104-1365787373-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Franz\AppData\Local\Microsoft\Windows\Themes\blau (2)\DesktopBackground\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CA0036A6-DF3E-4F0D-A1BF-4D08478C7ED0}] => (Allow) LPort=1689
FirewallRules: [{64FFE8D5-E6BE-4C80-893A-1A8700A86D76}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{509C59CA-75B4-45D0-BCE5-4F3CCCF9AE46}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E6D36151-06E7-4AB0-88EA-886A1062543F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{86689C00-7662-4FF6-A06B-DF2937A8BA21}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F1C1A1C1-C388-4E4B-BFAE-BE1A7B557A2E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{87A7F161-94F7-4AD6-9DF6-08DD200956D9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{56D98B3B-3625-4011-84CE-F965BF468C85}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{69FA9C1E-2EB6-47BF-9182-231F04ECF9EC}] => (Allow) C:\Users\Franz\AppData\Local\WikiBrowser\Application\wikibrowser.exe
FirewallRules: [{8F84C711-AC33-4621-85F5-6CFED3F2A92C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{03E646DF-1478-406A-AA87-3A073E465402}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{0EF944CE-08DD-42EA-A18D-CB707A6BF1F6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{80213DB1-8E02-4818-82E5-CE7330666327}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{569EDC5B-D106-4197-A7D2-ADEF6B808A9F}] => (Allow) C:\Users\Franz\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{48339670-6444-4286-AFAC-9AEF48CB331A}] => (Allow) C:\Users\Franz\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{517A4D4E-48A8-4004-A150-54BC96B7026F}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{8AF51817-015A-45D7-A962-59C038820DC6}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{BA15AE86-3BF5-4AD7-B128-91BC491E7033}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{34715E30-4276-4BE7-9E89-C302289130A2}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{DF4D3D65-706B-4AF4-8771-FB041AB7037C}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{7FF5D0F1-50E9-465A-952A-0906E8157FEC}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{EA44BEF9-B73C-44C1-8F74-C6FD0263AE32}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{FDBCF55A-DB2A-470D-8FF6-5216EF43F582}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{16EE2734-81D6-4560-BD15-F0A585CD17CD}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{95DF7483-D554-4A36-8A5A-B2E28EBEBA03}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{33C285FC-4656-4B4C-92EC-126FAAACF524}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{CD5FD1D4-D857-455F-A00A-A2C3B13C45F0}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{8411A9C8-BDC9-4682-BDB3-4CC18044B7D9}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{4FA5224D-3FD6-4F12-BC3D-604DC70DFA0B}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{00A3AA76-BE84-467E-A2F5-3B539B21C9AF}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe
FirewallRules: [{F51A07F3-DAAB-4B29-A990-CE234E8529AD}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{BFF3564E-2EA4-4505-A4CE-441D62E2417D}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{E10E786D-17A7-4431-B73A-4321B14C1047}] => (Allow) C:\Users\Franz\AppData\Local\Temp\KMSpico\AutoPico.exe
FirewallRules: [{38DAC054-EBEF-41DE-9F02-4E9E767F3EBE}] => (Allow) C:\Users\Franz\AppData\Local\Temp\KMSpico\AutoPico.exe
FirewallRules: [{97578BDD-6037-44FB-84E7-C62927BDE789}] => (Allow) C:\Program Files\KMSpico\KMSServer.exe
FirewallRules: [{009F7A80-84B7-4A4E-9AE9-B9D41EB45CC3}] => (Allow) C:\Program Files\KMSpico\KMSServer.exe
FirewallRules: [{3DB403C4-D87B-44C0-94D3-0BC927769052}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{94C2C6EA-8C13-4FDA-84F3-097476C7D7BA}] => (Allow) C:\Windows\System32\KMSServer.exe
FirewallRules: [{5651051A-9AB5-4148-89E4-C410C14F24FC}] => (Allow) C:\Windows\System32\KMSServer.exe
FirewallRules: [{6DBEB645-3652-48B6-9385-E3CB11FAAB61}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{0273C21E-17DF-405B-81CF-9423276B8F0B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{35FABA5C-1957-439C-A482-462EC77C5F41}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{D49BFB65-9DDF-4A01-B2FD-5924CBE5CB52}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{D71E1AE1-45C2-4966-8489-8A85168B58A4}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{E06649C3-05DF-45CC-9185-A33AB1CBA17F}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{C0AA1883-0C1C-401D-97B1-FEA6BF531DB1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B8124B0C-427A-4778-A43E-D45798C7D2BA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A83CE6FC-CA6D-4914-9E32-15315B088602}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{037726E7-5A76-4DE1-9621-6B027F02A317}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{319FB4B9-7320-48B3-BA07-5FAD0866FA24}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{AF25394D-FB48-4288-B09F-29F0C007D409}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{CC729E44-1CF3-4F11-9689-0316F538DA51}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{4E20CAAA-AB49-48C2-A02C-BDB6B00CA32D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{8E645951-B6C6-4369-91AA-1BF697BBB72E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{9B0BB8E2-3271-4FB5-8038-BD60E48B4D8F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{B3899BE8-6EAA-4250-81DC-07B42F1F7EF2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{4C08560A-C2F8-4D82-AD9B-D06F3A17F06A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{D3B26A95-DDB3-4F9D-A324-3F08EAE5656F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{D682577F-9D2C-4628-AD4D-C7EAF4601BE0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{CCA6EBAE-AC58-4108-91FE-C42FCAC4E594}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{B4E4C3E7-52CC-4B77-A34B-C127016684F1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{C8F3A06F-5416-46EE-A2BA-E338C3285C38}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{26F7D273-50D4-45D4-B253-090D3A7BAFB5}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{B1529A50-D97F-4655-B916-9AF63AB33F16}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{2D61C8B5-D1F7-4CBE-8D91-91BECDDEE41B}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{C3A7A6F7-3677-429B-B919-DB9D982E2DE1}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{8243EAEC-8D94-4174-BE93-21EA04D64081}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{7F915C3E-B3BD-4A53-A772-FA9680C78F47}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{5A678333-58FA-4940-9354-71BE2D87A791}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D75DB818-1BC5-4FD8-A91E-C7A76FC71AC1}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{179D00E1-1138-45AB-8BB0-1A672AF7A4BB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{468AD35D-88BE-4583-BEEF-C749377CB45C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{CC0754E3-8A11-40FF-A13E-4273B3566B33}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{A0380C6E-4D4A-425E-9147-CADAA8E147E0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{99FADF2C-04D4-450E-AE58-103E102AE408}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CB304076-A008-4910-9B2A-5EB77104AFFC}] => (Allow) C:\Users\Franz\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E200B45D-57BB-4D05-8063-A405835348B2}] => (Allow) C:\Users\Franz\AppData\Local\Temp\7zS296D\HPDiagnosticCoreUI.exe
FirewallRules: [{D3D8C3A5-720F-452C-87D4-916AEAA38B84}] => (Allow) C:\Users\Franz\AppData\Local\Temp\7zS296D\HPDiagnosticCoreUI.exe
FirewallRules: [{02E6CAA7-FBFF-4CAD-876E-51D55BC157A5}] => (Allow) LPort=1688
FirewallRules: [{BF3687E9-6BF9-4135-9F5F-070048E2E951}] => (Allow) C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe
FirewallRules: [{91C30A5A-0780-4468-A35E-866BE8468C5B}] => (Allow) C:\Users\Franz\AppData\Local\Chromium\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/28/2015 09:05:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KeePass.exe, Version: 2.27.0.0, Zeitstempel: 0x53b8fc97
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c3
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000002a1c8
ID des fehlerhaften Prozesses: 0x428
Startzeit der fehlerhaften Anwendung: 0xKeePass.exe0
Pfad der fehlerhaften Anwendung: KeePass.exe1
Pfad des fehlerhaften Moduls: KeePass.exe2
Berichtskennung: KeePass.exe3
Vollständiger Name des fehlerhaften Pakets: KeePass.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: KeePass.exe5

Error: (09/28/2015 09:05:52 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: KeePass.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileNotFoundException
Stapel:
   bei KeePass.Program.Main(System.String[])

Error: (09/27/2015 09:44:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OPA-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (09/27/2015 09:38:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: updater.exe, Version: 2.0.3010.0, Zeitstempel: 0x513fcd49
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c3
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000002a1c8
ID des fehlerhaften Prozesses: 0x1c98
Startzeit der fehlerhaften Anwendung: 0xupdater.exe0
Pfad der fehlerhaften Anwendung: updater.exe1
Pfad des fehlerhaften Moduls: updater.exe2
Berichtskennung: updater.exe3
Vollständiger Name des fehlerhaften Pakets: updater.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: updater.exe5

Error: (09/27/2015 09:38:31 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: updater.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileNotFoundException
Stapel:
   bei System.ModuleHandle.ResolveType(System.Reflection.RuntimeModule, Int32, IntPtr*, Int32, IntPtr*, Int32, System.Runtime.CompilerServices.ObjectHandleOnStack)
   bei System.ModuleHandle.ResolveType(System.Reflection.RuntimeModule, Int32, IntPtr*, Int32, IntPtr*, Int32, System.Runtime.CompilerServices.ObjectHandleOnStack)
   bei System.ModuleHandle.ResolveTypeHandleInternal(System.Reflection.RuntimeModule, Int32, System.RuntimeTypeHandle[], System.RuntimeTypeHandle[])
   bei System.Reflection.RuntimeModule.ResolveType(Int32, System.Type[], System.Type[])
   bei System.Reflection.CustomAttribute.FilterCustomAttributeRecord(System.Reflection.CustomAttributeRecord, System.Reflection.MetadataImport, System.Reflection.Assembly ByRef, System.Reflection.RuntimeModule, System.Reflection.MetadataToken, System.RuntimeType, Boolean, System.Object[], System.Collections.IList, System.RuntimeType ByRef, System.IRuntimeMethodInfo ByRef, Boolean ByRef, Boolean ByRef)
   bei System.Reflection.CustomAttribute.GetCustomAttributes(System.Reflection.RuntimeModule, Int32, Int32, System.RuntimeType, Boolean, System.Collections.IList, Boolean)
   bei System.Reflection.CustomAttribute.GetCustomAttributes(System.Reflection.RuntimeAssembly, System.RuntimeType)
   bei System.Attribute.GetCustomAttributes(System.Reflection.Assembly, System.Type, Boolean)
   bei System.AppDomain.GetTargetFrameworkName()

Error: (09/27/2015 09:26:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SearchUI.exe, Version 10.0.10240.16431 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: bbc

Startzeit: 01d0f95a01ba66bc

Beendigungszeit: 4294967295

Anwendungspfad: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Berichts-ID: b0fb1298-654d-11e5-beab-2089847324b8

Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy

Auf das fehlerhafte Paket bezogene Anwendungs-ID: CortanaUI

Error: (09/27/2015 09:26:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: OPA-PC)
Description: Das Paket „Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (09/27/2015 09:24:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KeePass.exe, Version: 2.27.0.0, Zeitstempel: 0x53b8fc97
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c3
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000002a1c8
ID des fehlerhaften Prozesses: 0x1014
Startzeit der fehlerhaften Anwendung: 0xKeePass.exe0
Pfad der fehlerhaften Anwendung: KeePass.exe1
Pfad des fehlerhaften Moduls: KeePass.exe2
Berichtskennung: KeePass.exe3
Vollständiger Name des fehlerhaften Pakets: KeePass.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: KeePass.exe5

Error: (09/27/2015 09:24:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: KeePass.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileNotFoundException
Stapel:
   bei KeePass.Program.Main(System.String[])

Error: (09/27/2015 09:21:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SystemSettings.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f39ae
Name des fehlerhaften Moduls: CoreUIComponents.dll, Version: 0.0.0.0, Zeitstempel: 0x55d2cdf8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000062937
ID des fehlerhaften Prozesses: 0x2364
Startzeit der fehlerhaften Anwendung: 0xSystemSettings.exe0
Pfad der fehlerhaften Anwendung: SystemSettings.exe1
Pfad des fehlerhaften Moduls: SystemSettings.exe2
Berichtskennung: SystemSettings.exe3
Vollständiger Name des fehlerhaften Pakets: SystemSettings.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SystemSettings.exe5


Systemfehler:
=============
Error: (09/27/2015 09:44:51 PM) (Source: DCOM) (EventID: 10010) (User: OPA-PC)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca

Error: (09/27/2015 09:44:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/27/2015 09:44:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/27/2015 09:44:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/27/2015 09:44:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/27/2015 09:26:59 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (09/27/2015 09:22:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TuneUpUtilitiesDrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/27/2015 09:22:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Service KMSELDI" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/27/2015 09:21:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (09/27/2015 09:21:37 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


CodeIntegrity:
===================================
  Date: 2015-09-25 15:05:35.107
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-25 15:05:35.093
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-24 16:30:43.247
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-24 16:30:43.239
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-24 16:30:43.230
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-24 16:30:43.219
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-24 16:30:43.211
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-24 16:30:43.202
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-24 16:30:36.323
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-24 16:30:36.314
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 30%
Installierter physikalischer RAM: 8007.27 MB
Verfügbarer physikalischer RAM: 5604.88 MB
Summe virtueller Speicher: 9287.27 MB
Verfügbarer virtueller Speicher: 6793.08 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:681.41 GB) (Free:638.15 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 43F4038C)

Partition: GPT.

==================== Ende von Addition.txt ============================

schrauber · 28.09.2015, 20:13

MBAM updaten, scannen, Funde löschen.

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de

Frisches FRST log bitte.

Werbungs Problem , Auswertung erbeten

Log-Analyse und Auswertung: Werbungs Problem , Auswertung erbeten