Bösartiger Code in Datei C:\Windows\Temp\WAX3AC2.tmp gefunden Infektion:Gen:Trojan.Heur.FU.UuZ@aCpc0Se

cosinus · 04.07.2016, 09:41

Okay, dann Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte:

1. Schritt: MBAM

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

2. Schritt: ESET

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

3. Schritt: SecurityCheck

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

hzmo · 04.07.2016, 16:52

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 04.07.2016
Suchlaufzeit: 14:31
Protokolldatei: mbam040716.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.07.04.04
Rootkit-Datenbank: v2016.05.27.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Heinz

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 527800
Abgelaufene Zeit: 5 Min., 24 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=cc4345c47d959540b643dc2dea359563
# engine=19590
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-10 09:01:28
# local_time=2014-08-10 11:01:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7548653 42138919 0 0
# scanned=309264
# found=14
# cleaned=0
# scan_time=2218
sh=34622C0C9B0F72AB2F67AE3BD7CF94EF76B2B54D ft=1 fh=422f90d5b5335443 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaApp.dll"
sh=80C8F13A1918FAEEAB9673C1CCF96E52325EE695 ft=1 fh=0aefb751d92be997 vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaEng.dll"
sh=4400797578E17E511E6164469770A80E828DDA3A ft=1 fh=56dbbea16253a143 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Delta\delta\1.8.24.6\deltasrv.exe"
sh=610CDC3A03DA21A83EB90193BACF1347AAA39A0F ft=1 fh=6544723ffe1f3f66 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll"
sh=AFD5B25F86CFD3045CCFF940A249A1DA89DEDE5D ft=1 fh=c55a3c08e5709f9a vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Delta\delta\1.8.24.6\uninstall.exe"
sh=66AE7973E507FF0471DECFFF3BF7FFD40EA4D00D ft=1 fh=1b697967a44eb4e0 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\DSearchLink\DSearchLink.exe"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\DSearchLink\DSearchLink.exe"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Heinz\AppData\Roaming\BabSolution\Shared\BabMaint.exe"
sh=F66F477B53B39DF2C2C561D4AF1C7C8F87C89046 ft=1 fh=d0f38e5e390c9502 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\extensions\ffxtlbr@delta.com\uninstall.exe"
sh=37CCAD86409E08816A4C00F1DBEA4604BA36D3A1 ft=1 fh=919a9505016e0e1e vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Heinz\AppData\Roaming\OpenCandy\3FEB7C6230A749F3B1891F366C688384\DeltaTB.exe"
sh=CC41CADBBD6BA6ED0BFDD17798B4C9F94D7955E0 ft=1 fh=e26a6656a404b558 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Heinz\AppData\Roaming\OpenCandy\EA0A10B083D645E7ACAAA0368297B66C\DeltaTB.exe"
sh=AA7AC77728AD8DB1B59C9D3543C728691B719B22 ft=1 fh=c8f785a380b1d276 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Heinz\Documents\Documents\Documents\Downloads\Brennen Brunaware\ashampoo_burning_studio_9_9.21_sm.exe"
sh=1400D2E91150079223DF1CE32D22B0DBC2BBD00E ft=1 fh=3621733426af8516 vn="Variante von Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Heinz\Documents\Documents\Documents\Downloads\Video und Foto Converter\vdownloader11_setup.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=cc4345c47d959540b643dc2dea359563
# end=init
# utc_time=2016-07-04 12:45:43
# local_time=2016-07-04 02:45:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 30001
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=cc4345c47d959540b643dc2dea359563
# end=updated
# utc_time=2016-07-04 12:47:47
# local_time=2016-07-04 02:47:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=cc4345c47d959540b643dc2dea359563
# engine=30001
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-07-04 02:56:08
# local_time=2016-07-04 04:56:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 28232553 102078599 0 0
# scanned=658811
# found=20
# cleaned=0
# scan_time=7700
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3496421778-4022263089-3498141264-1002\$RQCHMSS\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=689EBC4EE926C306EB24A3468C4A01580A841FE6 ft=1 fh=db75ae31a9d45218 vn="Variante von Win32/Toolbar.Linkury.P evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3496421778-4022263089-3498141264-1002\$RQCHMSS\C\Users\Heinz\AppData\Local\Smartbar\Application\Resources\crdli.dll.vir"
sh=EAF9B6AF6EE08C3423628F6F671F37C4987F88F8 ft=1 fh=64c92acdc02a7e57 vn="Variante von Win64/Toolbar.Linkury.B evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3496421778-4022263089-3498141264-1002\$RQCHMSS\C\Users\Heinz\AppData\Local\Smartbar\Application\Resources\crdli64.dll.vir"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3496421778-4022263089-3498141264-1002\$RQCHMSS\C\Users\Heinz\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=671E3E4E9E4C9A039D9AD1479A0C91E670AF18E3 ft=1 fh=d643e79c9fb8f862 vn="Win32/Toolbar.Babylon.AE evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3496421778-4022263089-3498141264-1002\$RQCHMSS\C\Users\Heinz\AppData\Roaming\BabSolution\Shared\BUSolution.dll.vir"
sh=37CCAD86409E08816A4C00F1DBEA4604BA36D3A1 ft=1 fh=919a9505016e0e1e vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3496421778-4022263089-3498141264-1002\$RQCHMSS\C\Users\Heinz\AppData\Roaming\OpenCandy\3FEB7C6230A749F3B1891F366C688384\DeltaTB.exe.vir"
sh=CC41CADBBD6BA6ED0BFDD17798B4C9F94D7955E0 ft=1 fh=e26a6656a404b558 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3496421778-4022263089-3498141264-1002\$RQCHMSS\C\Users\Heinz\AppData\Roaming\OpenCandy\EA0A10B083D645E7ACAAA0368297B66C\DeltaTB.exe.vir"
sh=1905409992CEFC8BB700696E2382E7F62F674581 ft=1 fh=342945a7a7f6fb6b vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Dennis\Downloads\Demo Stronghold Legends - CHIP-Installer.exe"
sh=DCA133AAE17FEFF273C9A63F52AD2E7FD8E6F7A2 ft=1 fh=da5865a5c2ed3fb4 vn="Variante von Win32/Downloader.Agent.AV evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Heinz\AppData\Roaming\StPrsSW\stprss.exe"
sh=15E8006CAA5AD7DB11FEDC2D59631250494845F0 ft=1 fh=667503fd0e3c8e51 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Heinz\Downloads\Audacity - CHIP-Installer.exe"
sh=73748111465C81322E7C9E5A90D929E63F07B961 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.ADON evtl. unerwÃ¼nschte Anwendung" ac=I fn="D:\FileHistory\Heinz\HZMOPC\Data\C\Users\Heinz\Documents\Documents\Documents\Downloads\Free Commander\fc_setup0806c (2013_11_21 12_59_46 UTC).zip"
sh=B7EB942EE0B20F414173D3ADE26893D119D2F47C ft=1 fh=3ad6b9c82f478fb2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="D:\Minecraft\Demo Minecraft PC Gamer Edition - CHIP-Installer.exe"
sh=A36F83884D19581858E24815628E9BADB832181B ft=1 fh=ff50c6ca66f306fa vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="D:\Minecraft\Minecraft - CHIP-Installer.exe"
sh=73748111465C81322E7C9E5A90D929E63F07B961 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.ADON evtl. unerwÃ¼nschte Anwendung" ac=I fn="D:\SSM_Backup\Users\Heinz\Documents\Documents\Documents\Downloads\Free Commander\fc_setup0806c.zip"
sh=AA7AC77728AD8DB1B59C9D3543C728691B719B22 ft=1 fh=c8f785a380b1d276 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwÃ¼nschte Anwendung" ac=I fn="D:\Steg Datensicherung\Documents\Documents\Documents\Downloads\Brennen Brunaware\ashampoo_burning_studio_9_9.21_sm.exe"
sh=73748111465C81322E7C9E5A90D929E63F07B961 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.ADON evtl. unerwÃ¼nschte Anwendung" ac=I fn="D:\Steg Datensicherung\Documents\Documents\Documents\Downloads\Free Commander\fc_setup0806c.zip"
sh=1400D2E91150079223DF1CE32D22B0DBC2BBD00E ft=1 fh=3621733426af8516 vn="Variante von Win32/Adware.ADON evtl. unerwÃ¼nschte Anwendung" ac=I fn="D:\Steg Datensicherung\Documents\Documents\Documents\Downloads\Video und Foto Converter\vdownloader11_setup.exe"
sh=AA7AC77728AD8DB1B59C9D3543C728691B719B22 ft=1 fh=c8f785a380b1d276 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwÃ¼nschte Anwendung" ac=I fn="E:\Transfer\Documents\Documents\Downloads\Brennen Brunaware\ashampoo_burning_studio_9_9.21_sm.exe"
sh=73748111465C81322E7C9E5A90D929E63F07B961 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.ADON evtl. unerwÃ¼nschte Anwendung" ac=I fn="E:\Transfer\Documents\Documents\Downloads\Free Commander\fc_setup0806c.zip"
sh=1400D2E91150079223DF1CE32D22B0DBC2BBD00E ft=1 fh=3621733426af8516 vn="Variante von Win32/Adware.ADON evtl. unerwÃ¼nschte Anwendung" ac=I fn="E:\Transfer\Documents\Documents\Downloads\Video und Foto Converter\vdownloader11_setup.exe"

Code:

ATTFilter

 Results of screen317's Security Check version 1.009  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Antivirus          
Windows Defender   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities 2014   
 TuneUp Utilities 2014 (de-DE)  
 TuneUp Utilities Language Pack (de-DE) 
 TuneUp Utilities 2014   
 Java 8 Update 40  
 Java version 32-bit out of Date! 
 Adobe Flash Player 	22.0.0.192  
 Mozilla Firefox (47.0) 
 Mozilla Thunderbird (45.1.1) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 F-Secure apps ComputerSecurity Anti-Virus\FSGK32.EXE 
 F-Secure apps ComputerSecurity Anti-Virus\fssm32.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

cosinus · 04.07.2016, 21:26

Zitat:

C:\Users\Heinz\Downloads\Audacity - CHIP-Installer.exe
D:\Minecraft\Demo Minecraft PC Gamer Edition - CHIP-Installer.exe
D:\Minecraft\Minecraft - CHIP-Installer.exe

Von chip lädst du in Zukunft besser nix mehr. Die verarschen ihre Kunden aus reiner Profitgier. Siehe auch http://www.trojaner-board.de/168364-...mpfehlung.html und CHIP-Installer - was ist das? - Anleitungen

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Program Files (x86)\Delta
C:\ProgramData\DSearchLink
C:\Users\All Users\DSearchLink
C:\Users\Heinz\AppData\Roaming\BabSolution
C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\extensions\ffxtlbr@delta.com
C:\Users\Heinz\AppData\Roaming\OpenCandy
C:\Users\Heinz\Documents\Documents\Documents\Downloads\Brennen Brunaware\ashampoo_burning_studio_9_9.21_sm.exe
C:\Users\Heinz\Documents\Documents\Documents\Downloads\Video und Foto Converter\vdownloader11_setup.exe
C:\Users\Dennis\Downloads\Demo Stronghold Legends - CHIP-Installer.exe
C:\Users\Heinz\AppData\Roaming\StPrsSW
C:\Users\Heinz\Downloads\Audacity - CHIP-Installer.exe
D:\FileHistory\Heinz\HZMOPC\Data\C\Users\Heinz\Documents\Documents\Documents\Downloads\Free Commander\fc_setup0806c (2013_11_21 12_59_46 UTC).zip
D:\Minecraft\Demo Minecraft PC Gamer Edition - CHIP-Installer.exe
D:\Minecraft\Minecraft - CHIP-Installer.exe
D:\SSM_Backup\Users\Heinz\Documents\Documents\Documents\Downloads\Free Commander\fc_setup0806c.zip
D:\Steg Datensicherung\Documents\Documents\Documents\Downloads\Brennen Brunaware\ashampoo_burning_studio_9_9.21_sm.exe
D:\Steg Datensicherung\Documents\Documents\Documents\Downloads\Free Commander\fc_setup0806c.zip
D:\Steg Datensicherung\Documents\Documents\Documents\Downloads\Video und Foto Converter\vdownloader11_setup.exe
E:\Transfer\Documents\Documents\Downloads\Brennen Brunaware\ashampoo_burning_studio_9_9.21_sm.exe
E:\Transfer\Documents\Documents\Downloads\Free Commander\fc_setup0806c.zip
E:\Transfer\Documents\Documents\Downloads\Video und Foto Converter\vdownloader11_setup.exe
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

hzmo · 05.07.2016, 15:37

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
durchgeführt von Heinz (Administrator) auf HZMOPC (05-07-2016 16:35:34)
Gestartet von C:\Users\Heinz\Downloads
Geladene Profile: Heinz (Verfügbare Profile: Heinz & Dennis & _ashbackup_)
Platform: Windows 8.1 Pro (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fslauncher.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fslauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Ashampoo Uninstaller 6 Guard] => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 6\UI6Guard.exe [2369384 2016-01-20] (Ashampoo Development GmbH & Co. KG)
HKLM\...\Run: [Ashampoo Backup] => D:\Ashampoo\Neuer Ordner\Ashampoo Backup 2016\bin\backupClient-ab.exe [323392 2016-04-21] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [306216 2015-05-26] (F-Secure Corporation)
HKLM-x32\...\Run: [My Swisscom Assistant] => C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe [12028512 2015-06-03] (Swisscom (Schweiz) AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [F-Secure Hoster (666)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [193064 2015-06-10] (F-Secure Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [TomTomHOME.exe] => D:\tomtommazda\\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [Steam] => D:\Program Files (x86)\Steam\Steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [EADM] => D:\Origin\Origin.exe [3632112 2015-07-25] (Electronic Arts)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [882872 2016-05-27] (Adobe Systems Incorporated)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [Amazon Cloud Drive] => C:\Users\Heinz\AppData\Local\Amazon Cloud Drive\AmazonCloudDrive.exe [2057912 2016-04-20] (Amazon.com Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [Amazon Music] => C:\Users\Heinz\AppData\Local\Amazon Music\Amazon Music Helper.exe [5907944 2016-03-04] ()
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-04-18] (Siber Systems)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\backupclient-ab.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\driveclone.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\h5_game.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\hamachi-2-ui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\hmpalert.exe: [Debugger] 
IFEO\hp officejet 6700.exe: [Debugger] 
IFEO\hpcustpartic.exe: [Debugger] 
IFEO\hpqdtss.exe: [Debugger] 
IFEO\hpwucli.exe: [Debugger] 
IFEO\lcore.exe: [Debugger] 
IFEO\photoproduct.exe: [Debugger] 
IFEO\pmbbrowser.exe: [Debugger] 
IFEO\pmbinit.exe: [Debugger] 
IFEO\powersuitestart.exe: [Debugger] 
IFEO\registrationreminder.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\simplicheck.exe: [Debugger] 
IFEO\tomtomhome.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] 
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-20] (Microsoft Corporation)
Startup: C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-07-04]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2016-07-04]
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1F42AC83-657C-4455-BFB5-ADEB03FE13E9}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.steg-electronics.ch
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {8E62A01D-BA7B-48D5-B636-0DF419EFEDBF} URL = 
SearchScopes: HKU\S-1-5-21-3496421778-4022263089-3498141264-1002 -> DefaultScope {8E62A01D-BA7B-48D5-B636-0DF419EFEDBF} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2013-05-30] (Microsoft Corporation)
BHO: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2015-06-15] (F-Secure Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-04-18] (Siber Systems Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-02-21] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2013-05-30] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2013-05-30] (Microsoft Corporation)
BHO-x32: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2015-06-15] (F-Secure Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-04-18] (Siber Systems Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-10] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-02-21] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2013-05-30] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-04-18] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-04-18] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
Toolbar: HKU\.DEFAULT -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
Toolbar: HKU\S-1-5-21-3496421778-4022263089-3498141264-1002 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
Toolbar: HKU\S-1-5-21-3496421778-4022263089-3498141264-1002 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-04-18] (Siber Systems Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-05-30] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default
FF Homepage: hxxps://www.google.ch/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=2.0.8 -> D:\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> D:\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Users\Heinz\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-05-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @myriad-online.com/x-myriad-music -> C:\Program Files (x86)\Mozilla Firefox\Plugins\npMyrMus.dll [2013-10-03] (Myriad Software.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2013-09-17] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3496421778-4022263089-3498141264-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-04-18] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPMyrMus.dll [2013-10-03] (Myriad Software.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: Cliqz - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\cliqz@cliqz.com.xpi [2015-12-22]
FF Extension: iCloud Bookmarks - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\firefoxdav@icloud.com [2015-05-29]
FF Extension: Trusted Shops Add-On für Firefox - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\jid1-PBNne26X1Kn6hQ@jetpack.xpi [2015-10-28]
FF Extension: F_Secure Search - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\{46CD8256-0A40-41da-ACB6-795587A6ED34}.xpi [2015-12-27]
FF Extension: My Swisscom Assistant - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\{6A6114A5-EEF5-45F4-BCD1-B00A7B33E04B} [2016-04-08] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-07-15] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-04-18]
FF HKLM-x32\...\Firefox\Extensions: [{02733573-64aa-45f2-8596-f3ae4420b676}] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Browsing Protection - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2016-07-02] [ist nicht signiert]
FF HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Firefox\Extensions: [safesearch@f-secure.com] - C:\Users\Heinz\AppData\Roaming\F-Secure\SafeSearch\FFPlugIn
FF Extension: F-Secure Search - C:\Users\Heinz\AppData\Roaming\F-Secure\SafeSearch\FFPlugIn [2014-02-25] [ist nicht signiert]
FF HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\extensions\cliqz@cliqz.com => nicht gefunden
FF HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi

Chrome: 
=======
CHR Profile: C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-16]
CHR Extension: (Google Docs) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-16]
CHR Extension: (Google Drive) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-16]
CHR Extension: (YouTube) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-16]
CHR Extension: (Google-Suche) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-16]
CHR Extension: (Logitech SetPoint) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2015-05-16]
CHR Extension: (Google Tabellen) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-16]
CHR Extension: (Bookmark Manager) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-16]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2015-05-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-16]
CHR Extension: (Google Wallet) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-16]
CHR Extension: (Google Mail) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-16]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-07-15]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-11-27]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S4 ashbackup; d:\Ashampoo\Neuer Ordner\Ashampoo Backup 2016\bin\backupService-ab.exe [32064 2016-04-21] ()
S4 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
S4 FSDcSvc; C:\Program Files (x86)\FarStone DriveClone\Files\FsSvcExe.exe [338944 2013-06-20] (FarStone Inc.) [Datei ist nicht signiert]
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [193064 2015-06-10] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2015-05-26] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60456 2015-03-09] (F-Secure Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
S4 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-08-10] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation)
S3 m2UpdateService_{F8F85656-87B0-43BD-B2BA-3B7982C22B5E}; C:\Program Files (x86)\Swisscom\My Swisscom Assistant\m2UpdateService.exe [12022368 2015-06-03] (Swisscom (Schweiz) AG)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1872568 2013-04-19] (Microsoft Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2007048 2015-07-25] (Electronic Arts)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.)
S4 TomTomHOMEService; D:\tomtommazda\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-06-05] (TomTom)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2015-06-25] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 asahci64; C:\Windows\System32\drivers\asahci64.sys [47512 2013-01-10] (Asmedia Technology)
R0 asstor64; C:\Windows\System32\drivers\asstor64.sys [82232 2013-11-25] (Asmedia Technology)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468240 2013-08-21] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [203304 2015-07-10] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71080 2015-07-07] (F-Secure Corporation)
S3 FARMNTIO; c:\windows\system32\drivers\farmntio.sys [25144 2013-04-11] () [Datei ist nicht signiert]
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [55336 2015-07-10] ()
R0 fsbts; C:\Windows\SysWOW64\Drivers\fsbts.sys [42248 2013-06-25] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [95784 2015-06-15] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2014-06-24] ()
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-08-10] ()
S3 IAMTVE; C:\Windows\System32\drivers\IAMTVE.sys [43416 2007-04-12] (Intel Corporation)
S3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34424 2015-02-09] (Microsoft Corporation)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S3 MarvinBus; C:\Windows\System32\drivers\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [Datei ist nicht signiert]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-05] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [31144 2015-06-04] (TuneUp Software)
R2 UI5IFS; C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 6\IFS64.sys [31320 2016-01-20] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-07-05 16:29 - 2016-07-05 16:29 - 00000000 ___DC C:\Device
2016-07-04 14:44 - 2016-07-04 14:44 - 00001191 _____ C:\Users\Heinz\Desktop\mbam040716.txt
2016-07-04 14:29 - 2016-07-04 14:40 - 00001119 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-07-04 14:29 - 2016-07-04 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-07-04 14:29 - 2016-07-04 14:29 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-07-04 14:29 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-04 14:29 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-04 14:16 - 2016-07-04 14:16 - 00852720 _____ C:\Users\Heinz\Downloads\SecurityCheck.exe
2016-07-04 14:15 - 2016-07-04 14:15 - 02870984 _____ (ESET) C:\Users\Heinz\Downloads\esetsmartinstaller_deu(1).exe
2016-07-04 14:14 - 2016-07-04 14:14 - 22851472 _____ (Malwarebytes ) C:\Users\Heinz\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-01 07:31 - 2016-07-01 07:31 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-07-01 07:31 - 2016-04-14 07:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-07-01 07:31 - 2016-04-14 07:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-07-01 07:31 - 2016-04-14 07:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-06-29 09:13 - 2016-06-29 09:13 - 00002770 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2016-06-29 08:15 - 2016-07-05 16:35 - 00035943 _____ C:\Users\Heinz\Downloads\FRST.txt
2016-06-29 08:14 - 2016-07-05 16:31 - 00000000 ____D C:\Users\Heinz\Downloads\FRST-OlderVersion
2016-06-28 17:37 - 2016-06-28 17:37 - 00001893 _____ C:\Users\Heinz\Desktop\JRT.txt
2016-06-28 17:33 - 2016-06-28 17:33 - 01610816 _____ (Malwarebytes) C:\Users\Heinz\Downloads\JRT.exe
2016-06-28 17:20 - 2016-06-28 17:20 - 03703360 _____ C:\Users\Heinz\Downloads\AdwCleaner_5.200.exe
2016-06-27 12:54 - 2016-07-05 16:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-27 12:54 - 2016-07-04 14:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-27 12:54 - 2016-06-27 17:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-06-27 12:53 - 2016-06-27 16:55 - 00000000 ____D C:\Users\Heinz\Desktop\mbar
2016-06-27 12:53 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-27 12:52 - 2016-06-27 12:52 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Heinz\Downloads\mbar-1.09.3.1001.exe
2016-06-27 07:50 - 2016-06-27 07:50 - 00053880 _____ C:\Users\Heinz\Desktop\FRST.txt
2016-06-27 07:49 - 2016-07-05 06:26 - 00000000 ____D C:\Users\Heinz\Desktop\PC Untersuchung
2016-06-27 07:37 - 2016-06-29 08:16 - 00065314 _____ C:\Users\Heinz\Downloads\Addition.txt
2016-06-27 07:36 - 2016-07-05 16:31 - 00000000 ___DC C:\FRST
2016-06-27 07:35 - 2016-07-05 16:31 - 02390016 ____C (Farbar) C:\Users\Heinz\Downloads\FRST64.exe
2016-06-26 09:41 - 2016-07-02 11:54 - 00000000 ____D C:\Users\Heinz\AppData\Local\FSDART
2016-06-20 18:02 - 2016-06-20 18:02 - 00152173 _____ C:\Users\Heinz\Downloads\Vorlage_Finanzplan.xlsx
2016-06-15 23:09 - 2016-05-12 20:38 - 00135336 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 23:09 - 2016-05-12 19:43 - 00115704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 23:09 - 2016-05-12 18:24 - 00678912 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-15 23:09 - 2016-05-12 18:17 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 23:09 - 2016-05-12 18:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-15 23:09 - 2016-05-12 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 23:09 - 2016-05-12 18:07 - 01360896 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 23:09 - 2016-05-12 17:59 - 00398848 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 23:09 - 2016-05-12 17:48 - 00580096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-15 23:09 - 2016-05-12 17:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 23:09 - 2016-05-12 17:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-15 23:09 - 2016-05-12 17:37 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 23:09 - 2016-05-06 17:45 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 23:09 - 2016-05-06 17:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 23:08 - 2016-06-03 19:11 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-06-15 23:08 - 2016-06-03 15:38 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-15 23:08 - 2016-06-02 19:51 - 00050352 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-15 23:08 - 2016-05-29 17:04 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-15 23:08 - 2016-05-29 17:04 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-15 23:08 - 2016-05-29 17:04 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-15 23:08 - 2016-05-29 17:04 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-15 23:08 - 2016-05-29 17:04 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-15 23:08 - 2016-05-29 17:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-15 23:08 - 2016-05-21 19:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 23:08 - 2016-05-21 18:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 23:08 - 2016-05-21 00:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 23:08 - 2016-05-21 00:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 23:08 - 2016-05-21 00:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 23:08 - 2016-05-20 23:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 23:08 - 2016-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-15 23:08 - 2016-05-20 23:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 23:08 - 2016-05-20 23:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 23:08 - 2016-05-20 23:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-15 23:08 - 2016-05-20 23:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 23:08 - 2016-05-20 23:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 23:08 - 2016-05-20 23:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 23:08 - 2016-05-20 23:25 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-06-15 23:08 - 2016-05-20 23:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-15 23:08 - 2016-05-20 23:21 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-06-15 23:08 - 2016-05-20 23:19 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-06-15 23:08 - 2016-05-20 23:16 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-06-15 23:08 - 2016-05-20 23:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 23:08 - 2016-05-20 23:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-15 23:08 - 2016-05-20 23:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 23:08 - 2016-05-20 23:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 23:08 - 2016-05-20 23:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 23:08 - 2016-05-20 23:09 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 23:08 - 2016-05-20 23:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 23:08 - 2016-05-20 23:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 23:08 - 2016-05-20 23:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 23:08 - 2016-05-20 22:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 23:08 - 2016-05-20 22:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 23:08 - 2016-05-20 22:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 23:08 - 2016-05-20 22:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-15 23:08 - 2016-05-20 22:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 23:08 - 2016-05-20 22:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 23:08 - 2016-05-19 01:15 - 01379040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 23:08 - 2016-05-18 22:35 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 23:08 - 2016-05-18 07:31 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 23:08 - 2016-05-18 07:31 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 23:08 - 2016-05-16 23:13 - 00563016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 23:08 - 2016-05-16 23:13 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 23:08 - 2016-05-16 23:13 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 23:08 - 2016-05-16 23:13 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 23:08 - 2016-05-14 22:01 - 00363104 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 23:08 - 2016-05-14 22:01 - 00320720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 23:08 - 2016-05-14 01:09 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 23:08 - 2016-05-14 01:07 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 23:08 - 2016-05-14 01:07 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 23:08 - 2016-05-14 01:07 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 23:08 - 2016-05-14 01:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 23:08 - 2016-05-14 01:04 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 23:08 - 2016-05-14 00:34 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-15 23:08 - 2016-05-14 00:19 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 23:08 - 2016-05-13 23:58 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 23:08 - 2016-05-13 23:58 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-15 23:08 - 2016-05-13 23:45 - 00802816 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 23:08 - 2016-05-13 23:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 23:08 - 2016-05-13 23:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 23:08 - 2016-05-09 23:35 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-06-15 23:08 - 2016-05-09 22:56 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-06-15 23:08 - 2016-05-09 22:45 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-15 23:08 - 2016-05-09 22:23 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 23:08 - 2016-04-14 17:25 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-15 23:08 - 2016-04-14 17:11 - 02464768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-15 23:08 - 2016-04-12 17:46 - 14467584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-06-15 23:08 - 2016-04-12 17:30 - 12879872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-06-15 23:08 - 2016-01-31 21:17 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-15 23:08 - 2016-01-31 20:07 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-15 23:08 - 2016-01-31 19:42 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-15 23:08 - 2016-01-31 19:14 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-13 17:11 - 2016-06-28 17:27 - 00000000 ___DC C:\AdwCleaner
2016-06-12 09:18 - 2016-06-12 09:19 - 34810488 _____ (Mozilla) C:\Users\Heinz\Downloads\Thunderbird Setup 45.1.1(1).exe
2016-06-08 08:39 - 2016-06-08 08:39 - 34950056 _____ (Mozilla) C:\Users\Heinz\Downloads\Thunderbird Setup 45.1.1.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-07-05 16:27 - 2014-08-10 23:14 - 00000000 ____D C:\Windows\CryptoGuard
2016-07-05 16:25 - 2013-09-30 06:14 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-05 16:25 - 2013-09-30 05:56 - 00765378 _____ C:\Windows\system32\perfh007.dat
2016-07-05 16:25 - 2013-09-30 05:56 - 00159696 _____ C:\Windows\system32\perfc007.dat
2016-07-05 16:25 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-07-05 16:22 - 2013-11-23 10:21 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{50690F22-4F3F-458D-88CA-21FDB97DDD78}
2016-07-05 16:19 - 2015-11-01 18:09 - 00005130 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for HZMOPC-Heinz hzmopc
2016-07-05 16:19 - 2013-11-19 10:49 - 00000000 ____D C:\Users\Heinz
2016-07-05 16:19 - 2013-11-19 10:48 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-05 16:19 - 2013-09-09 15:14 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-05 16:19 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-05 16:19 - 2013-05-30 14:34 - 00000000 ___DO C:\Users\Heinz\SkyDrive
2016-07-05 16:16 - 2013-06-03 07:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-05 16:12 - 2016-04-05 00:41 - 00000346 _____ C:\Windows\Tasks\HPCeeScheduleForHeinz.job
2016-07-05 06:30 - 2013-08-22 15:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-07-05 06:22 - 2016-04-05 00:41 - 00003160 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHeinz
2016-07-04 17:48 - 2013-09-09 15:14 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-04 16:27 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-07-04 14:52 - 2013-05-30 11:31 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3496421778-4022263089-3498141264-1002
2016-07-04 14:41 - 2015-09-16 16:17 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-04 14:41 - 2015-09-13 11:44 - 00000976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2016-07-04 14:41 - 2015-06-13 09:11 - 00002171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-07-04 14:41 - 2013-06-20 21:01 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-07-04 14:41 - 2013-05-30 12:08 - 00001158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-04 14:41 - 2013-04-23 14:29 - 00001299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-07-04 14:40 - 2016-04-06 20:50 - 00001000 _____ C:\Users\Public\Desktop\Ashampoo Backup 2016.lnk
2016-07-04 14:40 - 2016-03-06 14:56 - 00002066 _____ C:\Users\Public\Desktop\EasyTax 2015 BL.lnk
2016-07-04 14:40 - 2016-03-06 09:38 - 00000886 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2016-07-04 14:40 - 2016-02-29 22:07 - 00001362 _____ C:\Users\Public\Desktop\Ashampoo Photo Commander 14.lnk
2016-07-04 14:40 - 2016-01-28 18:27 - 00002154 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2016-07-04 14:40 - 2016-01-13 16:02 - 00001226 _____ C:\Users\Public\Desktop\Ashampoo UnInstaller 6.lnk
2016-07-04 14:40 - 2015-12-19 09:09 - 00002193 _____ C:\Users\Public\Desktop\MAGIX Music Maker Movie Score Edition.lnk
2016-07-04 14:40 - 2015-09-16 16:17 - 00002068 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-07-04 14:40 - 2015-07-25 18:24 - 00000537 _____ C:\Users\Public\Desktop\Origin.lnk
2016-07-04 14:40 - 2015-07-11 13:30 - 00000733 _____ C:\Users\Public\Desktop\Steam.lnk
2016-07-04 14:40 - 2015-03-28 19:28 - 00001061 _____ C:\Users\Public\Desktop\MAGIX Video Pro X7.lnk
2016-07-04 14:40 - 2015-02-27 20:04 - 00001128 _____ C:\Users\Public\Desktop\MAGIX MP3 deluxe MX Download-Version.lnk
2016-07-04 14:40 - 2015-01-12 11:03 - 00000829 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 2015.lnk
2016-07-04 14:40 - 2015-01-11 18:42 - 00000637 _____ C:\Users\Public\Desktop\Video Converter 3.lnk
2016-07-04 14:40 - 2015-01-09 19:17 - 00000533 _____ C:\Users\Public\Desktop\CDex.lnk
2016-07-04 14:40 - 2014-12-12 10:43 - 00001120 _____ C:\Users\Public\Desktop\Samsung Magician.lnk
2016-07-04 14:40 - 2014-11-21 21:33 - 00000815 _____ C:\Users\Public\Desktop\ifolor Designer.lnk
2016-07-04 14:40 - 2014-11-19 21:19 - 00001183 _____ C:\Users\Public\Desktop\Intel(R) Driver Update Utility 2.0.lnk
2016-07-04 14:40 - 2014-10-10 11:06 - 00001070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-07-04 14:40 - 2014-10-10 11:04 - 00002226 _____ C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
2016-07-04 14:40 - 2014-10-08 18:40 - 00001228 _____ C:\Users\Public\Desktop\CleverReach.com.lnk
2016-07-04 14:40 - 2014-09-16 21:21 - 00001453 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-07-04 14:40 - 2014-08-25 13:07 - 00000834 _____ C:\Users\Public\Desktop\MAGIX Video deluxe 2015 Premium.lnk
2016-07-04 14:40 - 2014-08-13 19:09 - 00001108 _____ C:\Users\Public\Desktop\VideoCompressor.lnk
2016-07-04 14:40 - 2014-07-22 15:09 - 00001316 _____ C:\Users\Public\Desktop\Far Cry.lnk
2016-07-04 14:40 - 2014-06-04 08:43 - 00001416 _____ C:\Users\Public\Desktop\My Swisscom Assistant.lnk
2016-07-04 14:40 - 2014-04-29 21:12 - 00001159 _____ C:\Users\Public\Desktop\Swisscom PC Care.lnk
2016-07-04 14:40 - 2013-12-19 22:47 - 00001398 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-07-04 14:40 - 2013-11-19 10:51 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-04 14:40 - 2013-10-17 22:09 - 00000505 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-07-04 14:40 - 2013-06-25 14:18 - 00001956 _____ C:\Users\Public\Desktop\F-Secure.lnk
2016-07-04 14:40 - 2013-05-30 12:08 - 00001152 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-07-04 14:40 - 2013-05-30 12:00 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2016-07-04 14:40 - 2013-05-30 12:00 - 00001214 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2016-07-04 14:40 - 2013-04-23 14:29 - 00001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-07-04 14:40 - 2013-04-23 14:29 - 00001380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-07-04 14:40 - 2013-04-23 14:29 - 00000998 _____ C:\Users\Public\Desktop\STEG System Info.lnk
2016-07-04 14:40 - 2013-04-23 14:29 - 00000994 _____ C:\Users\Public\Desktop\STEG Recovery Manager.lnk
2016-07-04 14:39 - 2016-05-01 20:58 - 00001248 _____ C:\Users\Heinz\Desktop\TreeSize Free.lnk
2016-07-04 14:39 - 2016-04-24 10:18 - 00002366 _____ C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-07-04 14:39 - 2016-02-25 22:00 - 00002094 _____ C:\Users\Heinz\Desktop\cnlabSpeedTest.lnk
2016-07-04 14:39 - 2016-02-06 18:29 - 00001859 _____ C:\Users\Heinz\Desktop\HP Officejet 6700 - Verknüpfung.lnk
2016-07-04 14:39 - 2016-01-03 21:15 - 00001156 _____ C:\Users\Heinz\Desktop\Amazon Music.lnk
2016-07-04 14:39 - 2016-01-03 21:01 - 00001264 _____ C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Drive.lnk
2016-07-04 14:39 - 2015-11-28 19:57 - 00001312 _____ C:\Users\Heinz\Desktop\Any Video Converter Professional.lnk
2016-07-04 14:39 - 2015-09-14 13:14 - 00001252 _____ C:\Users\Heinz\Desktop\Amazon Cloud Drive.lnk
2016-07-04 14:39 - 2015-09-13 11:37 - 00002254 _____ C:\Users\Heinz\Desktop\HP Support Assistant.lnk
2016-07-04 14:39 - 2014-10-07 10:31 - 00000995 _____ C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft(1).lnk
2016-07-04 14:39 - 2014-07-22 15:11 - 00002264 _____ C:\Users\Heinz\Desktop\Ubisoft Product Registration.lnk
2016-07-04 14:39 - 2014-07-22 13:51 - 00001228 _____ C:\Users\Heinz\Desktop\Uplay.lnk
2016-07-04 14:39 - 2014-06-04 08:43 - 00001442 _____ C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\My Swisscom Assistant.lnk
2016-07-04 14:39 - 2013-11-19 11:24 - 00001461 _____ C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-04 14:39 - 2013-10-17 07:46 - 00000549 _____ C:\Users\Heinz\Desktop\AudioCon.lnk
2016-07-04 14:39 - 2013-09-17 18:28 - 00000529 _____ C:\Users\Heinz\Desktop\SoulseekQt - Verknüpfung.lnk
2016-07-04 14:39 - 2013-09-15 13:02 - 00000999 _____ C:\Users\Heinz\Desktop\Tastaturschreiben Version 4.01.lnk
2016-07-03 07:58 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-01 11:44 - 2015-04-27 18:45 - 00000000 ____D C:\Users\Heinz\Desktop\Verein
2016-07-01 11:37 - 2013-05-30 11:24 - 00000000 ____D C:\Users\Heinz\AppData\Local\Packages
2016-07-01 07:32 - 2014-01-04 12:57 - 00000000 ____D C:\Users\Heinz\AppData\Local\NVIDIA Corporation
2016-07-01 07:32 - 2014-01-04 12:57 - 00000000 ____D C:\Users\Heinz\AppData\Local\NVIDIA
2016-07-01 07:28 - 2013-06-24 08:00 - 00003416 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2016-06-28 17:39 - 2013-06-06 12:44 - 00000000 ____D C:\Users\Heinz\AppData\Local\CrashDumps
2016-06-28 17:32 - 2015-12-04 19:54 - 00003556 _____ C:\Windows\System32\Tasks\Delta Updater
2016-06-27 13:53 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2016-06-26 09:41 - 2013-08-05 21:08 - 00000000 ____D C:\Users\Heinz\AppData\Local\F-Secure
2016-06-26 09:41 - 2013-06-25 14:17 - 00000000 ____D C:\ProgramData\F-Secure
2016-06-25 11:47 - 2016-03-03 17:56 - 00000000 ____D C:\Users\Heinz\iTunes
2016-06-24 14:59 - 2013-10-01 14:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-24 14:59 - 2013-10-01 14:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-23 16:35 - 2013-10-01 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-17 18:29 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp
2016-06-17 07:16 - 2013-06-03 07:59 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-16 09:11 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-06-15 23:22 - 2016-01-23 19:16 - 00573472 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 23:21 - 2014-12-12 09:42 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-15 23:21 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2016-06-15 23:18 - 2013-08-15 15:10 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 23:16 - 2013-04-23 15:31 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 22:01 - 2016-01-28 18:14 - 00112216 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-06-14 22:01 - 2014-07-30 17:54 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-06-14 22:01 - 2014-07-30 17:54 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-06-14 22:01 - 2014-01-04 12:57 - 01767944 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-06-14 22:01 - 2014-01-04 12:57 - 01377800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-06-14 19:13 - 2013-08-22 17:38 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 19:13 - 2013-08-22 17:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-13 08:24 - 2013-12-29 14:31 - 00000000 ____D C:\Users\Heinz\AppData\Local\Microsoft Help
2016-06-13 07:18 - 2016-05-08 09:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-13 07:18 - 2013-05-30 12:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-12 09:19 - 2016-04-18 10:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-06-09 17:38 - 2013-11-09 13:48 - 00000000 ____D C:\Users\Heinz\Documents\vortrag
2016-06-07 22:01 - 2014-09-16 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-07 22:01 - 2013-06-20 21:01 - 00000000 ___DC C:\Program Files\Common Files\Apple

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-06-02 10:51 - 2013-11-14 22:49 - 0004198 _____ () C:\Users\Heinz\AppData\Roaming\HZMOPC.MTBF.txt
2013-11-26 15:01 - 2013-11-26 15:01 - 0001099 _____ () C:\Users\Heinz\AppData\Roaming\ShiftN.ini
2013-06-02 10:51 - 2013-11-14 22:52 - 0000902 _____ () C:\Users\Heinz\AppData\Roaming\__AvidCloudManager.log
2013-06-02 10:51 - 2013-10-02 21:24 - 0000902 _____ () C:\Users\Heinz\AppData\Roaming\__AvidCloudManagerPrevious.log
2013-06-02 12:18 - 2016-05-12 20:48 - 0059392 _____ () C:\Users\Heinz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-04 20:35 - 2014-10-04 20:35 - 0000858 _____ () C:\Users\Heinz\AppData\Local\recently-used.xbel
2014-10-22 21:29 - 2014-10-22 21:29 - 0007027 _____ () C:\Users\Heinz\AppData\Local\soulseek-client.dat.1414006152383
2015-01-20 22:01 - 2015-01-20 22:01 - 0007027 _____ () C:\Users\Heinz\AppData\Local\soulseek-client.dat.1421784116922
2015-11-27 20:08 - 2015-11-27 20:08 - 0007027 _____ () C:\Users\Heinz\AppData\Local\soulseek-client.dat.1448647737866
2013-06-10 16:15 - 2013-06-10 16:15 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-06-25 20:59 - 2015-05-06 15:38 - 95609776 _____ (mquadr.at software engineering & consulting GmbH) C:\ProgramData\MSASetup.exe

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\MSASetup.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-07-04 14:59

==================== Ende von FRST.txt ============================

hzmo · 05.07.2016, 17:00

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 02-07-2016
durchgeführt von Heinz (2016-07-05 17:59:36)
Gestartet von C:\Users\Heinz\Downloads\FRST-OlderVersion
Windows 8.1 Pro (Update) (X64) (2013-11-19 09:24:02)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3496421778-4022263089-3498141264-500 - Administrator - Disabled)
Dennis (S-1-5-21-3496421778-4022263089-3498141264-1008 - Limited - Enabled) => C:\Users\Dennis
Gast (S-1-5-21-3496421778-4022263089-3498141264-501 - Limited - Disabled)
Heinz (S-1-5-21-3496421778-4022263089-3498141264-1002 - Administrator - Enabled) => C:\Users\Heinz
HomeGroupUser$ (S-1-5-21-3496421778-4022263089-3498141264-1006 - Limited - Enabled)
_ashbackup_ (S-1-5-21-3496421778-4022263089-3498141264-1010 - Administrator - Enabled) => C:\Users\_ashbackup_

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Antivirus (Disabled - Up to date) {0F70A6C4-76E4-6A3B-2695-519F428B1C20}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Antivirus (Disabled - Up to date) {B4114720-50DE-65B5-1C25-6AED390C569D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Amazon Cloud Drive) (Version: 3.4.0.36 - Amazon.com, Inc.)
Amazon Music (HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Amazon Amazon Music) (Version: 4.2.0.1281 - Amazon Services LLC)
Anno 2205 (HKLM-x32\...\Uplay Install 1253) (Version:  - Ubisoft)
Any Video Converter Professional 5.8.4 (HKLM-x32\...\Any Video Converter Professional_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-Bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ashampoo Backup 2016 (HKLM\...\{FDAE1FAD-57F8-6DCD-940E-885B7FB1CE43}_is1) (Version: 10.01 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 2015 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.3 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 14 (HKLM-x32\...\{C92AB6F1-616B-A905-B3D2-3B7C238851DC}_is1) (Version: 14.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo UnInstaller 6 (HKLM-x32\...\{4209F371-7DE5-9DF2-5DEF-91667EBBBBC5}_is1) (Version: 6.00.14 - Ashampoo GmbH & Co. KG)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.4.0000 - Asmedia Technology)
AudioCon (HKLM-x32\...\AudioCon) (Version: 1.0 - Basement Softworks)
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.76.0.2015 - Georgy Berdyshev)
cnlabSpeedTest (HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\{fxApplication}}_is1) (Version: 1.3.0 - cnlab AG)
Computer Security 14.139.100.0 (release) (x32 Version: 14.139.100.0 - F-Secure Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriveClone 10 (HKLM-x32\...\{A1290B93-AB90-408C-A456-9AF508E7E345}) (Version: 10.0.0 - FarStone Technology Inc.)
EasyTax 2014 BL 1.1 (HKLM-x32\...\3597-1189-7869-6330) (Version: 1.1 - HWI Solutions AG)
EasyTax 2015 BL 1.0 (HKLM-x32\...\6608-8277-7051-6704) (Version: 1.0 - HWI Solutions AG)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Far Cry (OEM) (HKLM-x32\...\InstallShield_{F400BA3B-B134-4701-8536-68A99CD44F5A}) (Version: 1.00.0000 - Ihr Firmenname)
Far Cry (OEM) (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
Far Cry 3 Blood Dragon (HKLM-x32\...\{A071F478-73E0-4143-AE55-4DD6BABD74F5}) (Version: 1.00 - Ubisoft)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 2.39.273.0 - F-Secure Corporation)
F-Secure (x32 Version: 2.39.273.0 - F-Secure Corporation) Hidden
F-Secure CCF Reputation (x32 Version: 2.0.1337.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.66.103.568 (release) (x32 Version: 1.66.103.568 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.03.139 (x32 Version: 1.03.139 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.05.143.0 (release) (x32 Version: 1.05.143.0 - F-Secure Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{9086D601-50B7-491D-A143-28193DADE36B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM-x32\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Hilfe (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{8F1A441E-AD6D-4732-BD6A-F38D5F1D1E47}) (Version: 12.4.18.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version:  - Ifolor AG)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1550 - Intel Corporation)
Intel(R) Network Connections 19.0.27.0 (HKLM\...\PROSetDX) (Version: 19.0.27.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Logitech Gaming Software 8.46 (HKLM\...\Logitech Gaming Software) (Version: 8.46.27 - Logitech Inc.)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Foto Designer 7 (HKLM-x32\...\MAGIX_{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}) (Version: 7.0.1.1 - MAGIX AG)
MAGIX Goya burnR (MSI) (HKLM-x32\...\MX.{EC410BDA-E943-453F-ABF5-DDEDA1D12D3B}) (Version: 4.3.2.0 - MAGIX Software GmbH)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX Software GmbH) Hidden
MAGIX MP3 deluxe MX Download-Version (HKLM-x32\...\MX.{CFC811BB-5AC4-4F00-A88B-6DED596C2B36}) (Version: 18.0.3.115 - MAGIX Software GmbH)
MAGIX MP3 deluxe MX Download-Version (Version: 18.0.3.115 - MAGIX Software GmbH) Hidden
MAGIX Music Maker 2015 Movie Score Edition Update (Version: 21.0.4.50 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Movie Score Edition (HKLM-x32\...\MX.{692A8B82-1189-4DBF-B4C4-A285F4970E20}) (Version: 21.0.3.47 - MAGIX Software GmbH)
MAGIX Music Maker Movie Score Edition (Version: 21.0.3.47 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Movie Score Edition Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Screenshare (HKLM-x32\...\{4696FD4A-A0DF-4F84-BC9D-12D73E1D95D3}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Slideshow Maker 2 (HKLM-x32\...\MAGIX_{48897B17-3DD2-4BAA-A81D-4E4EA8E9FD51}) (Version: 2.0.1.9 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{B6B4D918-A667-48D2-9AB6-FAF34FB25223}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{FBE6F998-E9A0-4A15-974B-6592DCEEE7AC}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2014 Premium (HKLM-x32\...\MX.{FBCA50BE-C022-45DA-9261-10230EC1012E}) (Version: 13.0.0.30 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (NewBlueFX ColorFast) (HKLM-x32\...\MX.{D9D24F5F-1E36-48BE-9419-CF97B34AB063}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (proDAD Heroglyph 4.0) (HKLM-x32\...\MX.{CFD52E6D-2AF5-495C-87E3-4D243FE202E7}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (Version: 13.0.0.30 - MAGIX AG) Hidden
MAGIX Video deluxe 2015 Premium (HKLM\...\MX.{EAC79752-A0A4-45DB-9F99-9F6445920F77}) (Version: 14.0.0.140 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 Premium (Version: 14.0.0.140 - MAGIX Software GmbH) Hidden
MAGIX Video easy TERRATEC Edition (HKLM-x32\...\MAGIX_{2FA06473-23F0-4372-8DD5-1EAE42503D93}) (Version: 3.0.1.50 - MAGIX AG)
MAGIX Video easy TERRATEC Edition (Version: 3.0.1.50 - MAGIX AG) Hidden
MAGIX Video Pro X7 (Designelemente) (HKLM\...\MX.{10FF2952-0E0E-48B3-A536-BB112AF2CB51}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Designelemente) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Filmvorlagen) (HKLM\...\MX.{515110FD-B44B-460B-AC42-63EBF05B6082}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Filmvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Fotoshow Maker-Stile) (HKLM\...\MX.{AD8221A0-591D-4CBE-AA2A-FE0B705D148B}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Fotoshow Maker-Stile) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (HKLM\...\MX.{317B58FE-6117-4601-913A-9BA64BCA6535}) (Version: 14.0.0.96 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Individuelle Menüvorlagen) (HKLM\...\MX.{B174182A-7D02-4D1D-9AAE-F210FAF0692D}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Individuelle Menüvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Menüvorlagen) (HKLM\...\MX.{585CA335-503C-4237-A4B2-F25F58A83D98}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Menüvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (proDAD Mercalli V4) (HKLM\...\MX.{5941BA8B-E170-4F1F-B42F-90F49E1C07F7}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (proDAD Mercalli V4) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Soundtrack Maker-Stile) (HKLM\...\MX.{7B739F29-AB56-4898-92F7-F62816308A19}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Soundtrack Maker-Stile) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Titeleffekte) (HKLM\...\MX.{7384156B-EA84-4910-B4E1-611A83CF1B6E}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Titeleffekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Überblendeffekte) (HKLM\...\MX.{FACEE989-3F19-486A-AD92-D905EF0B790A}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Überblendeffekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Version: 14.0.0.96 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Video deluxe - Designelemente) (HKLM\...\MX.{0F8A6506-BF6B-4876-9A75-B42628EC8A21}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Video deluxe - Designelemente) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Video deluxe - Fotoshow Maker-Stile) (HKLM\...\MX.{77E73225-F4FA-45EB-8A6E-63C956600BE2}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Video deluxe - Fotoshow Maker-Stile) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Video deluxe - Individuelle Menüvorlagen) (HKLM\...\MX.{76F5F102-A3E4-4A75-B692-5C98397B213E}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Video deluxe - Individuelle Menüvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Video deluxe - Menüvorlagen) (HKLM\...\MX.{F8204A38-51E3-4C1C-A3F1-859D31ADC303}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Video deluxe - Menüvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Video deluxe - Titeleffekte) (HKLM\...\MX.{C3D96884-356D-4CEE-B2EB-79D91DBC7BB5}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Video deluxe - Titeleffekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX VPX7 Update (Version: 14.0.0.143 - MAGIX Software GmbH) Hidden
MAGIX VPX7 Update (Version: 14.0.0.144 - MAGIX Software GmbH) Hidden
MAGIX VPX7 Update (Version: 14.0.0.145 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{8EC9E7BB-2443-49B1-8476-490EBF932C2E}) (Version: 4.25.512.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4505.1006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{E4A1FDA3-689D-44DA-9B39-86BD2270F522}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Motion Graphics Toolkit for Studio (HKLM-x32\...\InstallShield_{178D71F4-DFB1-40EC-9D95-326FD8A3E7A0}) (Version: 1.00.0000 - Red Giant)
Motion Graphics Toolkit for Studio (x32 Version: 1.00.0000 - Red Giant) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 de)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Mozilla Thunderbird 45.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.1.1 (x86 de)) (Version: 45.1.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NewBlue Titler EX for MAGIX (HKLM-x32\...\NewBlue Titler EX for MAGIX) (Version: 1.0 - NewBlue)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 361.75 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4505.1006 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4505.1006 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4505.1006 - Microsoft Corporation) Hidden
Online Safety 2.139.3446.2391 (x32 Version: 2.139.3446.2391 - F-Secure Corporation) Hidden
Opera Stable 25.0.1614.68 (HKLM-x32\...\Opera 25.0.1614.68) (Version: 25.0.1614.68 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.5.20.5318 - Electronic Arts, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
proDAD Mercalli NLE 4.0 (64bit) (HKLM\...\proDAD-MercalliPlugins-4.0) (Version: 4.0.446.1 - proDAD GmbH)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
RoboForm 7-9-18-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-18-5 - Siber Systems)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Studie zur Verbesserung von HP Officejet 6700 Produkten (HKLM\...\{4EE2A4CB-47B0-4412-808C-D556E3940598}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SuperEasy Video Converter 3 v.3.0.4355 (HKLM-x32\...\{039BC111-1514-CA51-10AA-5A3FFD6FC015}_is1) (Version: 3.0.4355 - SuperEasy Software GmbH & Co. KG)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Tastaturschreiben (HKLM-x32\...\Tastaturschreiben) (Version:  - )
TERRATEC GRABBY (64 Bit) (HKLM-x32\...\{17CC47BB-ADA7-4EB3-B3D0-FFE461E0CEBE}) (Version: 5.201.1823.0 - TERRATEC)
TERRATEC GRABBY (HKLM-x32\...\{BD1F3804-4AB5-42A7-AF41-EACDB3498E21}) (Version: 5.201.1823.0 - )
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.245 - TuneUp Software) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft)
VideoCompressor (HKLM-x32\...\VideoCompressor_is1) (Version: 1.1 - Abelssoft)
Vita Soundtrack Percussion (Version: 2.4.0.78 - MAGIX Software GmbH) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows-Treiberpaket - TERRATEC  (USB28xxBGA) Media  (05/16/2013 5.2011.823.0) (HKLM\...\2752F9F448205AF04D07DBF6BD4573D7F4AC1CC6) (Version: 05/16/2013 5.2011.823.0 - TERRATEC )

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3496421778-4022263089-3498141264-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3496421778-4022263089-3498141264-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {040985C7-8EB9-44E3-9FC3-8201DCC45C00} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {14D8BEF3-3A78-40F5-A0C5-BF08440437B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {176D0E19-18C8-44BF-AD70-21B15311EAD0} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {19906C00-7BB0-4697-85F0-A5241156DDE0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {1B858D32-47AF-4346-9A48-FC707A8CAD02} - System32\Tasks\HP AR Program Upload - 71d09557f49845c4819c1f1125bced9aa9e9282175a340ca9707e67305f5d30e => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {2B884A2F-14B7-45E2-BC89-BA5840D3BFE1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {2FF8340B-257F-4E57-A7A6-6A9754DC86A6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HZMOPC-Heinz hzmopc => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2013-05-30] (Microsoft Corporation)
Task: {3980ECEB-51CB-4337-93DA-07CA9A739F8D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {3F56D08D-A914-4636-A00B-239C2C98BEC0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {461E85AD-5314-4F98-AFDB-2617E0CA0110} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-04-19] (Microsoft Corporation)
Task: {4DC83849-E106-4596-912A-945B1EBF41C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {555A9D48-E102-44E3-A4DA-D0E2A99420BC} - System32\Tasks\StPrsSW => C:\Users\Heinz\AppData\Roaming\StPrsSW\stprss.exe [2015-02-02] ()
Task: {5B242F86-2A0B-4F87-8166-29A3BFDAC914} - System32\Tasks\HP AR Program Upload - 39a8f325ba564aa490f517569e8e2227c54af47f02b24205963f347921dcee77 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {5C1E91EF-9313-47CD-A7DC-529756C34C53} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2015-06-25] (TuneUp Software)
Task: {62BD0FFC-57AD-4881-9230-0D03346E94E2} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-04-22] (Apple Inc.)
Task: {69BE4B4A-C7D8-4120-9C0E-CDEF1E2688A4} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJPMMJPMLJJJNMNMCNJJJJMJGMCNLMGMKMJMCNHMMMGMLJCNJMJMLJNMJMLJJJOJNJKJMMLMJNJICMIMCNGMCNOMHMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMOMFMEKMICNJJCKFMOMPMKMOMJNHICMMJBJKJLIMJJNBJCMHLKJGJBJFIPNCLAJMIKJNIJNKJCMJNNICMJNDJCM (Der Dateneintrag hat 59 mehr Zeichen).
Task: {84CEF426-1F77-48C1-B319-BDB78082B9B4} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-02-10] (Oracle Corporation)
Task: {8A6AEB72-3826-458C-8EFD-F1372C0FC34D} - System32\Tasks\HP AR Program Upload - 29ebc60cbff34f7dae210c0b8ee10017bbfcfeb19eb04dad925d15bd34f4e261 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {9114F1E6-E63B-4D88-8900-94B5068570D1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {996AB060-FB71-4ED2-B0D2-80B61DFB5DF5} - System32\Tasks\HP AR Program Upload - ff17f8f96ae04645b5eec2676c8d0cdd6aca98bc86aa4d3f8ff481017bb2c28f => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {A95E9785-E2A7-4793-9FCB-90056171DFCE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {B1E40D56-90B1-4391-979C-6F89531D31AB} - System32\Tasks\HPCeeScheduleForHeinz => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {B94ECC76-A2D4-455D-9F2A-783BD8A7BEB6} - System32\Tasks\HP AR Program Upload - 32a98d52cb614c84b7b3e7140479d6e21c13a210e7a9410fa08236c9d2af1014 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {B992F1F6-2B03-4213-A69E-BDC773B410FF} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3496421778-4022263089-3498141264-1002 => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-05-20] (Microsoft Corporation)
Task: {BCBDCFBB-5A0F-4F38-8FAD-2C4D83FC2E5A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {BCF6FDCF-5226-4860-95FE-4B937FE65C5A} - System32\Tasks\HP AR Program Upload - ebba9a28e43440c189a411c4f132ff0ce3a8e1c0468845c98518daf9c19c45c0 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {C77DBD2E-EA93-4D17-895F-3E42E0B0DDBB} - System32\Tasks\Opera scheduled Autoupdate 1412931964 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-29] (Opera Software)
Task: {D8665B13-A8C3-454B-96BB-D396B773CB2F} - System32\Tasks\Delta Updater => Wscript.exe //B "C:\Users\Heinz\AppData\Local\delta\delta\1.4.5.10\..\updt.js"
Task: {D8AEEC6D-7C86-4DCE-A7EF-0389B4D78AD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {DD7C50F7-FF05-4868-88E7-ED3EB0388616} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-06-15] (Microsoft Corporation)
Task: {EB2F459A-2652-466F-8A7A-603472EF0F78} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {EEA5BC7C-7B22-414E-881A-3AFEBAA5691B} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-04-18] (Siber Systems)
Task: {F686723D-69C8-4312-B58E-52342FC8302D} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {FB9D831C-C0FC-4C93-9F46-43E3B6362922} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHeinz.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Public\Desktop\CleverReach.com.lnk -> hxxp://swc.ashampoo.com/ikot/r.php?id=65 (Keine Datei)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-11-19 10:48 - 2016-01-23 03:04 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-01 07:31 - 2016-06-14 22:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-01-28 18:14 - 2016-06-14 22:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-07-01 07:31 - 2016-06-14 22:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-07-01 07:31 - 2016-06-14 22:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2013-05-30 14:33 - 2013-02-23 16:46 - 00382608 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-05-30 14:33 - 2013-03-16 12:53 - 00515752 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-05-30 14:33 - 2013-03-16 12:53 - 00608424 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2015-06-25 07:53 - 2015-06-25 07:53 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2016-07-01 07:31 - 2016-06-14 22:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-07-01 07:31 - 2016-06-14 22:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-28 18:14 - 2016-06-14 22:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-07-01 07:31 - 2016-06-14 22:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-07-01 07:31 - 2016-06-14 22:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-07-01 07:31 - 2016-06-14 22:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-10 14:21 - 2015-06-10 14:21 - 00248872 _____ () C:\Program Files (x86)\F-Secure\daas2.dll
2015-07-30 22:18 - 2016-06-14 22:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-06-25 14:27 - 2015-05-26 16:47 - 00056360 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\fsavures.eng
2013-05-30 14:41 - 2013-05-30 14:43 - 00312976 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2013-05-30 14:41 - 2013-05-30 14:43 - 00356008 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll
2013-06-25 14:32 - 2013-06-25 14:32 - 00030888 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2013-06-25 14:27 - 2015-05-26 16:47 - 00949288 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fm4av.dll
2013-06-25 14:27 - 2015-07-10 21:55 - 00212008 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Spam Control\fsas.dll
2013-06-25 14:27 - 2015-05-26 16:47 - 00045608 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\FSAVHRES.eng
2016-05-27 21:19 - 2016-05-27 21:19 - 22345912 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2016-05-03 16:41 - 2016-05-03 16:41 - 00322232 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2016-05-03 16:41 - 2016-05-03 16:41 - 46476472 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:FCA8C9CD [274]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Heinz\AppData\Local\Ashampoo\Ashampoo Photo Commander 12\APCWallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\StartupFolder: => "simplicheck.lnk"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "SamsungRapidApp"
HKLM\...\StartupApproved\Run: => "Ashampoo Uninstaller 6 Guard"
HKLM\...\StartupApproved\Run: => "Ashampoo Backup"
HKLM\...\StartupApproved\Run32: => "LifeCam"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "My Swisscom Assistant"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\StartupFolder: => "Logitech . Produktregistrierung.lnk"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\StartupFolder: => "Registration Heroes of Might & Magic 5.LNK"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "RoboForm"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "HP Officejet 6700 (NET)"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "Amazon Cloud Drive"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "Amazon Music"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{555572DD-AC43-4DC5-A46D-808A2FE4C020}D:\soulseekqt\soulseekqt.exe] => (Allow) D:\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{9DD1B296-1F6C-4070-B63A-88675873C618}D:\soulseekqt\soulseekqt.exe] => (Allow) D:\soulseekqt\soulseekqt.exe
FirewallRules: [{19BD9E30-E5E5-48B5-A4F6-AFB653813F36}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5764869A-2D24-4FE9-AAB6-6692F26D74C6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D4651E7C-EC02-439C-9D6D-C48632C7D923}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1173C915-09C4-45FC-8F62-34BD91090817}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{85190660-E051-4E09-897E-CC81B0EB4A00}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{25B2A8C6-E80B-43C2-BB35-4F6536B9752A}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{34DAD037-8A62-4C41-8D91-956163B2ED16}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{14AEB8D7-903F-4D06-ACB3-AB3991FBB3F5}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{543C245C-91EF-41BE-937A-2D885C739E3B}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{435BC9CC-59BB-4614-B9FB-546BE0BECB63}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{C9A66DCC-E007-4B04-A313-69AE3EEB533F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BDDD3C6D-5944-48E5-A771-02BB28494D20}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2746371A-013F-4C6E-AB40-D0607D32CD9A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9E128876-13BA-4431-A8DB-61D8AFF0361D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{943B67C8-E0FF-46D7-B61C-9C2957001266}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{779A00ED-B949-48E7-A3EB-5139C0D41620}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{99589787-3729-4E33-974A-E27234648B71}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\WLAN\SwisscomWLAN.exe
FirewallRules: [{42826AA8-6546-4E07-A6F9-A6DA76687DF5}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\WLAN\SwisscomWLAN.exe
FirewallRules: [{1EBD45E0-E6A9-4D58-8DA3-83224EBB5811}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{C5974FBF-A255-4191-8039-CDDAE4E3D650}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{E880337B-E878-4D2C-A7F6-7BE6E7E8D4C5}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{B5AA6594-2BC9-4595-A5E1-24F538754C0F}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{4F0CA273-CC49-4B82-9459-4CA1FFB5655C}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{5984457C-1614-469D-AF34-1EA1C69CC3C9}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{7CC9300C-0C6C-4953-A5B2-A39E656152D1}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\FC3BDUpdater.exe
FirewallRules: [{C9E90CE0-5A26-431D-91D7-F2B439AC2D55}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\FC3BDUpdater.exe
FirewallRules: [TCP Query User{89DC18CD-2F2E-4ECB-8BB1-87626793DFCA}D:\magix\video deluxe 2015 premium\videodeluxe.exe] => (Allow) D:\magix\video deluxe 2015 premium\videodeluxe.exe
FirewallRules: [UDP Query User{A6ABD8A0-4630-43E0-BFCB-AC5FC1BF1539}D:\magix\video deluxe 2015 premium\videodeluxe.exe] => (Allow) D:\magix\video deluxe 2015 premium\videodeluxe.exe
FirewallRules: [{64582C45-9FB2-4BD4-80F5-5ED6E289D691}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E279ECBE-6143-494D-A23A-6C32738CF3F6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7B308AD9-132E-4066-A8B1-EF9C3FA03901}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{15513709-C780-43EE-A2BB-AC04392486C5}] => (Allow) LPort=2869
FirewallRules: [{65B71408-ECBE-4248-9BA3-8A1C6D2B916C}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{DF21489F-AFF0-4B2A-A51F-4D0EF2DBEFE1}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{9012038C-60D9-4967-85BC-AF576CE920EE}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{95D740C8-297C-4EC4-A8E4-BBC0BA9EAC08}] => (Allow) C:\Program Files\MAGIX\Video Pro X7\Video_Pro_X.exe
FirewallRules: [{BF22D6C7-7D6B-4F03-92FE-29687C885325}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe
FirewallRules: [{FBA03AB6-D35F-4892-8CCB-94A80A9F5619}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe
FirewallRules: [{614963A4-2B64-4D13-A0E0-1F7AB3FE8DDA}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Repair.exe
FirewallRules: [{80C4566C-CE6E-4304-A2CC-74E6D79D97D2}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Repair.exe
FirewallRules: [{610CD5B8-E5D0-41FB-BC42-0BE2C252DBA3}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant.exe
FirewallRules: [{8896B807-3DEE-4CBA-9CAB-0E626F9ACAC8}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant.exe
FirewallRules: [{00E5389D-3D6E-405E-8496-A4B241A6F9AA}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\Update\M2Updater.exe
FirewallRules: [{D065AEB6-5EC2-4C49-9E7C-EC167EEA8DE5}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\Update\M2Updater.exe
FirewallRules: [{5CE334AC-99C0-49F2-96A4-0F32ECA25329}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\PDF_Viewer\m2PDFViewer.exe
FirewallRules: [{D6B15A89-3B77-40BC-8CD0-4033A4910610}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\PDF_Viewer\m2PDFViewer.exe
FirewallRules: [{97A554D0-CAF6-4694-AB43-780B09EF117D}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8C1CF21C-F486-409F-950D-156D56C8F2F8}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{03539951-8AAB-49FD-9CF2-0C0327F53D6D}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2AF41C0E-B9B2-44EF-9D6F-9478F61B74D4}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{61145F1B-631B-466C-8841-9A50195E0B3C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{64F1C429-7D8D-4A06-BA16-147076ECB9DE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{DACF7298-E62B-408A-AED3-679D1B983046}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CDFACA66-0D67-43E3-A32B-CA4D61B262D6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5DC989AE-D992-4640-96F5-CA286E0C5F49}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4FA24DA1-3FDF-4DED-AC33-69C824221D06}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C8125BE1-B8A2-4E8B-A117-39682AECD826}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A2FE8AFD-BD7A-446D-A8F5-BAA1AF1CF717}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{093C8530-EE11-418C-949D-4A600C33C107}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E1F81141-B9D3-41BC-AC50-94A663BA95F1}] => (Allow) D:\ANNO\Anno 2205\Bin\Win64\Anno2205.exe
FirewallRules: [{E9245BAA-D73B-4B9C-BF25-6024743FD273}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{C43A6786-8351-4156-ADC0-BB37848F3943}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{73064C57-800E-44E8-92F5-554112E4B360}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{C11FF067-B0A3-4F40-80F1-55D1FF0AD0C2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{711671C1-8F2F-4AB0-8990-9DFD5CCB5E24}] => (Allow) D:\iTunes\iTunes.exe

==================== Wiederherstellungspunkte =========================

05-07-2016 16:54:45 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (07/05/2016 05:39:51 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 2  2016-07-05  17:39:51+02:00  HZMOPC  SYSTEM  F-Secure Anti-Virus
 Databases are old: the latest database file is 361 days old.

Error: (07/05/2016 04:54:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (07/05/2016 04:19:53 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1  2016-07-05  16:19:53+02:00  HZMOPC  HZMOPC\Heinz  F-Secure Anti-Virus
 Malicious code found in file C:\Windows\Temp\WAXDC17.tmp.
 Infection: Gen:Trojan.Heur.JP.UuZ@a4o113m

Error: (07/05/2016 04:19:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 12.5.0.1066, Zeitstempel: 0x5147a50c
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x04b04c0d
ID des fehlerhaften Prozesses: 0xb10
Startzeit der fehlerhaften Anwendung: 0xIAStorDataMgrSvc.exe0
Pfad der fehlerhaften Anwendung: IAStorDataMgrSvc.exe1
Pfad des fehlerhaften Moduls: IAStorDataMgrSvc.exe2
Berichtskennung: IAStorDataMgrSvc.exe3
Vollständiger Name des fehlerhaften Pakets: IAStorDataMgrSvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IAStorDataMgrSvc.exe5

Error: (07/05/2016 04:19:52 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: IAStorDataMgrSvc.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   bei IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   bei IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (07/05/2016 04:19:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fshoster32.exe, Version: 1.6.214.0, Zeitstempel: 0x55631674
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18264, Zeitstempel: 0x56e1b34d
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0x16ac
Startzeit der fehlerhaften Anwendung: 0xfshoster32.exe0
Pfad der fehlerhaften Anwendung: fshoster32.exe1
Pfad des fehlerhaften Moduls: fshoster32.exe2
Berichtskennung: fshoster32.exe3
Vollständiger Name des fehlerhaften Pakets: fshoster32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: fshoster32.exe5

Error: (07/05/2016 04:19:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fshoster32.exe, Version: 1.6.214.0, Zeitstempel: 0x55631674
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18264, Zeitstempel: 0x56e1b34d
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0x16f0
Startzeit der fehlerhaften Anwendung: 0xfshoster32.exe0
Pfad der fehlerhaften Anwendung: fshoster32.exe1
Pfad des fehlerhaften Moduls: fshoster32.exe2
Berichtskennung: fshoster32.exe3
Vollständiger Name des fehlerhaften Pakets: fshoster32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: fshoster32.exe5

Error: (07/05/2016 04:19:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fshoster32.exe, Version: 1.6.214.0, Zeitstempel: 0x55631674
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18264, Zeitstempel: 0x56e1b34d
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0x708
Startzeit der fehlerhaften Anwendung: 0xfshoster32.exe0
Pfad der fehlerhaften Anwendung: fshoster32.exe1
Pfad des fehlerhaften Moduls: fshoster32.exe2
Berichtskennung: fshoster32.exe3
Vollständiger Name des fehlerhaften Pakets: fshoster32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: fshoster32.exe5

Error: (07/05/2016 04:13:17 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1  2016-07-05  16:13:17+02:00  HZMOPC  SYSTEM  F-Secure Anti-Virus
 Malicious code found in file C:\Windows\Temp\WAXEB2B.tmp.
 Infection: Gen:Trojan.Heur.JP.UuZ@aafeaUj

Error: (07/05/2016 04:13:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fshoster32.exe, Version: 1.6.214.0, Zeitstempel: 0x55631674
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18264, Zeitstempel: 0x56e1b34d
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0xbd4
Startzeit der fehlerhaften Anwendung: 0xfshoster32.exe0
Pfad der fehlerhaften Anwendung: fshoster32.exe1
Pfad des fehlerhaften Moduls: fshoster32.exe2
Berichtskennung: fshoster32.exe3
Vollständiger Name des fehlerhaften Pakets: fshoster32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: fshoster32.exe5


Systemfehler:
=============
Error: (07/05/2016 04:29:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro, Version 1511, 10586

Error: (07/05/2016 04:19:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/05/2016 04:19:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "F-Secure Dll Hoster" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/05/2016 04:19:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "F-Secure Dll Hoster" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/05/2016 04:19:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎05.‎07.‎2016 um 16:17:25 unerwartet heruntergefahren.

Error: (07/05/2016 04:13:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/05/2016 04:13:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "F-Secure Dll Hoster" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/05/2016 04:12:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "F-Secure Dll Hoster" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/05/2016 06:25:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro, Version 1511, 10586

Error: (07/05/2016 06:15:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "F-Secure Dll Hoster" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2016-07-05 17:51:46.495
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-05 17:51:41.799
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-05 16:42:24.544
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2016-07-05 16:42:24.089
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\SysWOW64\hmpalert.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-07-05 16:42:23.814
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-07-05 16:42:23.632
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-07-05 16:42:21.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-05 16:29:33.994
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-05 16:29:20.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.

  Date: 2016-07-05 16:29:10.145
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 16328.39 MB
Verfügbarer physikalischer RAM: 12080.59 MB
Summe virtueller Speicher: 18760.39 MB
Verfügbarer virtueller Speicher: 13791.36 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:232.78 GB) (Free:53.43 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (DATEN) (Fixed) (Total:1838.6 GB) (Free:749.43 GB) NTFS
Drive e: (INTENSO) (Fixed) (Total:1862.55 GB) (Free:1561.53 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 7683B724)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: FCB5DEFE)
Partition 1: (Not Active) - (Size=24.4 GB) - (Type=27)
Partition 2: (Not Active) - (Size=1838.6 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: 6D86302A)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=0C)

==================== Ende von Addition.txt ============================

cosinus · 06.07.2016, 09:11

Bitte lies doch die Anleitung richtig....! Du solltest einen Fix machen und das Fixlog dazu posten, keine neuen FRST-Logs...

hzmo · 06.07.2016, 14:50

Ich bin nicht in der Lage diesen "Fix" zu machen. Weiss einfach nicht wie. Kannst Du mir auf die Sprünge helfen?

cosinus · 06.07.2016, 14:59

Ja: Anleitung richtig lesen

hzmo · 06.07.2016, 17:01

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 02-07-2016
durchgeführt von Heinz (2016-07-06 17:55:35) Run:1
Gestartet von C:\FRST
Geladene Profile: Heinz (Verfügbare Profile: Heinz & Dennis & _ashbackup_)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
C:\Program Files (x86)\Delta
C:\ProgramData\DSearchLink
C:\Users\All Users\DSearchLink
C:\Users\Heinz\AppData\Roaming\BabSolution
C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\extensions\ffxtlbr@delta.com
C:\Users\Heinz\AppData\Roaming\OpenCandy
C:\Users\Heinz\Documents\Documents\Documents\Downloads\Brennen Brunaware\ashampoo_burning_studio_9_9.21_sm.exe
C:\Users\Heinz\Documents\Documents\Documents\Downloads\Video und Foto Converter\vdownloader11_setup.exe
C:\Users\Dennis\Downloads\Demo Stronghold Legends - CHIP-Installer.exe
C:\Users\Heinz\AppData\Roaming\StPrsSW
C:\Users\Heinz\Downloads\Audacity - CHIP-Installer.exe
D:\FileHistory\Heinz\HZMOPC\Data\C\Users\Heinz\Documents\Documents\Documents\Downloads\Free Commander\fc_setup0806c (2013_11_21 12_59_46 UTC).zip
D:\Minecraft\Demo Minecraft PC Gamer Edition - CHIP-Installer.exe
D:\Minecraft\Minecraft - CHIP-Installer.exe
D:\SSM_Backup\Users\Heinz\Documents\Documents\Documents\Downloads\Free Commander\fc_setup0806c.zip
D:\Steg Datensicherung\Documents\Documents\Documents\Downloads\Brennen Brunaware\ashampoo_burning_studio_9_9.21_sm.exe
D:\Steg Datensicherung\Documents\Documents\Documents\Downloads\Free Commander\fc_setup0806c.zip
D:\Steg Datensicherung\Documents\Documents\Documents\Downloads\Video und Foto Converter\vdownloader11_setup.exe
E:\Transfer\Documents\Documents\Downloads\Brennen Brunaware\ashampoo_burning_studio_9_9.21_sm.exe
E:\Transfer\Documents\Documents\Downloads\Free Commander\fc_setup0806c.zip
E:\Transfer\Documents\Documents\Downloads\Video und Foto Converter\vdownloader11_setup.exe
emptytemp:
         
*****************

"C:\Program Files (x86)\Delta" => nicht gefunden.
"C:\ProgramData\DSearchLink" => nicht gefunden.
"C:\Users\All Users\DSearchLink" => nicht gefunden.
"C:\Users\Heinz\AppData\Roaming\BabSolution" => nicht gefunden.
"C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\extensions\ffxtlbr@delta.com" => nicht gefunden.
"C:\Users\Heinz\AppData\Roaming\OpenCandy" => nicht gefunden.
"C:\Users\Heinz\Documents\Documents\Documents\Downloads\Brennen Brunaware\ashampoo_burning_studio_9_9.21_sm.exe" => nicht gefunden.
"C:\Users\Heinz\Documents\Documents\Documents\Downloads\Video und Foto Converter\vdownloader11_setup.exe" => nicht gefunden.
C:\Users\Dennis\Downloads\Demo Stronghold Legends - CHIP-Installer.exe => erfolgreich verschoben
C:\Users\Heinz\AppData\Roaming\StPrsSW => erfolgreich verschoben
C:\Users\Heinz\Downloads\Audacity - CHIP-Installer.exe => erfolgreich verschoben
D:\FileHistory\Heinz\HZMOPC\Data\C\Users\Heinz\Documents\Documents\Documents\Downloads\Free Commander\fc_setup0806c (2013_11_21 12_59_46 UTC).zip => erfolgreich verschoben
D:\Minecraft\Demo Minecraft PC Gamer Edition - CHIP-Installer.exe => erfolgreich verschoben
D:\Minecraft\Minecraft - CHIP-Installer.exe => erfolgreich verschoben
D:\SSM_Backup\Users\Heinz\Documents\Documents\Documents\Downloads\Free Commander\fc_setup0806c.zip => erfolgreich verschoben
D:\Steg Datensicherung\Documents\Documents\Documents\Downloads\Brennen Brunaware\ashampoo_burning_studio_9_9.21_sm.exe => erfolgreich verschoben
D:\Steg Datensicherung\Documents\Documents\Documents\Downloads\Free Commander\fc_setup0806c.zip => erfolgreich verschoben
D:\Steg Datensicherung\Documents\Documents\Documents\Downloads\Video und Foto Converter\vdownloader11_setup.exe => erfolgreich verschoben
E:\Transfer\Documents\Documents\Downloads\Brennen Brunaware\ashampoo_burning_studio_9_9.21_sm.exe => erfolgreich verschoben
E:\Transfer\Documents\Documents\Downloads\Free Commander\fc_setup0806c.zip => erfolgreich verschoben
E:\Transfer\Documents\Documents\Downloads\Video und Foto Converter\vdownloader11_setup.exe => erfolgreich verschoben

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14835713 B
Java, Flash, Steam htmlcache => 36166673 B
Windows/system/drivers => 671517 B
Edge => 0 B
Chrome => 601544 B
Firefox => 379307137 B
Opera => 417694111 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 253706 B
systemprofile32 => 24590 B
LocalService => 839270 B
NetworkService => 0 B
UpdatusUser => 0 B
Heinz => 27680972 B
UpdatusUser.hzmopc => 0 B
Dennis => 189714330 B
_ashbackup_ => 1492 B

RecycleBin => 0 B
EmptyTemp: => 1 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 17:55:52 ====

cosinus · 06.07.2016, 21:41

Zitat:

TuneUp Utilities 2014
TuneUp Utilities 2014 (de-DE)
TuneUp Utilities Language Pack (de-DE)
TuneUp Utilities 2014

Astreines Schlangenöl. Also der letzte Scheiß. Umgehend deinstallieren und nie nie nie wieder verwenden/installieren.

Zitat:

Java 8 Update 40
Java version 32-bit out of Date!
Adobe Flash Player 22.0.0.192

Bitte Java und wenn es geht den Flash Player umgehend deinstallieren

Java spielt kaum noch eine Rolle. Fast nirgendwo werden mehr Java-Applets eingesetzt. Und was Adobe mit seinem Flash Player veranstaltet, ist irgendwo zwischen Frechheit und Inkompetenz einzustufen. In dem Teil werden ständig neue dicke Sicherheitslücken gefunden => Der Liebling aller Cyber-Kriminellen: Flash | heise Security

hzmo · 07.07.2016, 13:52

TuneUp Utilities 2014
TuneUp Utilities 2014 (de-DE)
TuneUp Utilities Language Pack (de-DE)
TuneUp Utilities 2014
Java 8 Update 40
Java version 32-bit out of Date!
Adobe Flash Player 22.0.0.192
deinstaliert.

cosinus · 07.07.2016, 14:50

Bitte neues Log mit SC machen

hzmo · 07.07.2016, 15:27

Code:

ATTFilter

 Results of screen317's Security Check version 1.009  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Antivirus          
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities Language Pack (de-DE) 
 Mozilla Firefox (47.0) 
 Mozilla Thunderbird (45.2.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 F-Secure apps ComputerSecurity Anti-Virus\FSGK32.EXE 
 F-Secure apps ComputerSecurity Anti-Virus\fssm32.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

cosinus · 07.07.2016, 16:00

Sieht soweit ok aus

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

hzmo · 08.07.2016, 10:09

Nachdem Du mich gefragt hast:

"Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?"

habe ich dem PC zweimal neu gestartet und die "Meldung "bösartiger Code in D...... " nochmals erhalten. Heute nun am 08.07.2016 ist die Meldung bei div. PC Starts nicht mehr gekommen. Mein PC startet jetzt viel schneller und sonst habe ich keine weiteren Anliegen. Besten Dank für Deine Hilfe. Werde eine fette Speden machen.

Gruss hzmo

06.07.2016, 14:59	#23
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$Bösartiger Code in Datei C:\Windows\Temp\WAX3AC2.tmp gefunden Infektion:Gen:Trojan.Heur.FU.UuZ@aCpc0Se - Standard$ Bösartiger Code in Datei C:\Windows\Temp\WAX3AC2.tmp gefunden Infektion:Gen:Trojan.Heur.FU.UuZ@aCpc0Se Ja: Anleitung richtig lesen __________________ Logfiles bitte immer in CODE-Tags posten

07.07.2016, 14:50	#27
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$Bösartiger Code in Datei C:\Windows\Temp\WAX3AC2.tmp gefunden Infektion:Gen:Trojan.Heur.FU.UuZ@aCpc0Se - Standard$ Bösartiger Code in Datei C:\Windows\Temp\WAX3AC2.tmp gefunden Infektion:Gen:Trojan.Heur.FU.UuZ@aCpc0Se Bitte neues Log mit SC machen __________________ Logfiles bitte immer in CODE-Tags posten

07.07.2016, 16:00	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	$Bösartiger Code in Datei C:\Windows\Temp\WAX3AC2.tmp gefunden Infektion:Gen:Trojan.Heur.FU.UuZ@aCpc0Se - Standard$ Bösartiger Code in Datei C:\Windows\Temp\WAX3AC2.tmp gefunden Infektion:Gen:Trojan.Heur.FU.UuZ@aCpc0Se Sieht soweit ok aus Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme? __________________ Logfiles bitte immer in CODE-Tags posten

Bösartiger Code in Datei C:\Windows\Temp\WAX3AC2.tmp gefunden Infektion:Gen:Trojan.Heur.FU.UuZ@aCpc0Se

Log-Analyse und Auswertung: Bösartiger Code in Datei C:\Windows\Temp\WAX3AC2.tmp gefunden Infektion:Gen:Trojan.Heur.FU.UuZ@aCpc0Se