Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden

Martin.9008 · 27.08.2016, 16:16

Hallo!

Mein Anti-Vir-Programm (Avast) hat eine "schwere" Bedrohung festgestellt (Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden), woraufhin ich eine Startzeitüberprüfung gemacht habe. Das Programm konnte die Viren nicht entfernen, da sie sich "diese Aktion nicht unterstützt wird". Ich habe auch versucht den Ordner manuell zu löschen, was aber leider auch nicht möglich war. Nach kurzer Suche, habe ich herausgefunden, dass es sich um einen Trojaner handeln könnte.

Mein PC hat Windows 10 und läuft sonst ganz normal. Ich hoffe ihr könnte mir weiterhelfen!

Gruß Martin

M-K-D-B · 28.08.2016, 09:18

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!
Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Sieht nach Adware aus ... keine "schwere Infektion"...

eine "schwere Infektion" knippst dir dein Avast aus, so dass es nicht mehr läuft...

Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

Martin.9008 · 28.08.2016, 16:01

Hallo Mathias,

Vielen Dank, dass du mir hilfst! Hier die Scans:

FRST.txt

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 27-08-2016
durchgeführt von Martin (Administrator) auf LAPTOP-MARTIN (28-08-2016 16:33:10)
Gestartet von C:\Users\Martin\Desktop
Geladene Profile: Martin (Verfügbare Profile: Martin)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\CLIQZ\CLIQZ.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Winziper Pvt Ltd.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Qksee Pvt Ltd.) C:\Program Files (x86)\qksee\qkseeSvc.exe
(evangel technology (hk) limited) C:\Program Files (x86)\Uncheckit\UncheckitSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(EVANGEL TECHNOLOGY (HK) LIMITED) C:\Program Files (x86)\Uncheckit\cktSvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
() C:\ProgramData\Legpat\Legpat.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(EVANGEL TECHNOLOGY (HK) LIMITED) C:\Program Files (x86)\Uncheckit\UncheckitBsn.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Martin\AppData\Roaming\Browser-Security\safe_url__2.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Christoph Bünger Software) C:\Program Files (x86)\Wecker6\Wecker.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
(Memeo Inc.) C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Cliqz GmbH) C:\Program Files (x86)\CLIQZ\CLIQZ.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-08] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-09-16] (Memeo Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-28] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23889496 2016-08-24] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [safe_url__2] => C:\Users\Martin\AppData\Roaming\Browser-Security\safe_url__2.exe [2957520 2016-02-12] ()
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1409296 2015-12-04] (Lavasoft)
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.)
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\RunOnce: [Uninstall C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64"
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [150528 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-28] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [Symbol-Overlay-Steuerprogramm für AutoCAD Digitale Signaturen] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-05-12]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2016-02-24]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wecker für Windows 6.lnk [2014-06-11]
ShortcutTarget: Wecker für Windows 6.lnk -> C:\Program Files (x86)\Wecker6\Wecker.exe (Christoph Bünger Software)
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-04] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-04] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-04] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-04] (Lavasoft Limited)
Winsock: Catalog9-x64 05 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-12-04] (Lavasoft Limited)
Hosts: 0x2320436F707972696768742028632920313939332D32303039204D6963726F736F667420436F72702E0D0A230D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E2054686520495020616464726573732073686F756C640D0A2320626520706C6163656420696E2074686520666972737420636F6C756D6E20666F6C6C6F7765642062792074686520636F72726573706F6E64696E6720686F7374206E616D652E0D0A2320546865204950206164647265737320616E642074686520686F7374206E616D652073686F756C6420626520736570617261746564206279206174206C65617374206F6E650D0A232073706163652E0D0A230D0A23204164646974696F6E616C6C792C20636F6D6D656E747320287375636820617320746865736529206D617920626520696E736572746564206F6E20696E646976696475616C0D0A23206C696E6573206F7220666F6C6C6F77696E6720746865206D616368696E65206E616D652064656E6F7465642062792061202723272073796D626F6C2E0D0A230D0A2320466F72206578616D706C653A0D0A230D0A232020202020203130322E35342E39342E393720202020207268696E6F2E61636D652E636F6D202020202020202020202320736F75726365207365727665720D0A232020202020202033382E32352E36332E31302020202020782E61636D652E636F6D202020202020202020202020202023207820636C69656E7420686F73740D0A0D0A23206C6F63616C686F7374206E616D65207265736F6C7574696F6E2069732068616E646C65642077697468696E20444E5320697473656C662E0D0A23093132372E302E302E31202020202020206C6F63616C686F73740D0A23093A3A31202020202020202020202020206C6F63616C686F73740D0A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0A2320756E636865636B69745F626567696E0A232054686573652072756C657320776572652061646465642062792074686520556E636865636B697470726F6772616D20696E206F7264657220746F20626C6F636B206164766572746973696E6720736F667477617265206D6F64756C65730D0A302E302E302E3020302E302E302E3020232066697820666F72207472616365726F75746520616E64206E65747374617420646973706C617920616E6F6D616C790D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D2E73332E616D617A6F6E6177732E636F6D0D0A302E302E302E30206D656469612E6F70656E63616E64792E636F6D0D0A302E302E302E302063646E2E6F70656E63616E64792E636F6D0D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E7265636F6D6D656E64656473772E636F6D0D0A302E302E302E3020696E7374616C6C65722E626574746572696E7374616C6C65722E636F6D0D0A302E302E302E3020696E7374616C6C65722E66696C6562756C6C646F672E636F6D0D0A302E302E302E302064336F78746E31783362386437692E636C6F756466726F6E742E6E65740D0A302E302E302E3020696E6E6F2E62697372762E636F6D0D0A302E302E302E30206E7369732E62697372762E636F6D0D0A302E302E302E302063646E2E66696C65326465736B746F702E636F6D0D0A302E302E302E302063646E2E676F617465617374636163682E75730D0A302E302E302E302063646E2E677574746173746174646B2E75730D0A302E302E302E302063646E2E696E736B696E6D656469612E636F6D0D0A302E302E302E302063646E2E696E7374612E6F6962756E646C6573322E636F6D0D0A302E302E302E302063646E2E696E7374612E706C617962727974652E636F6D0D0A302E302E302E302063646E2E6C6C6F67657466617374636163682E75730D0A302E302E302E302063646E2E6D6F6E74696572612E636F6D0D0A302E302E302E302063646E2E6D7364776E6C642E636F6D0D0A302E302E302E302063646E2E6D7970636261636B75702E636F6D0D0A302E302E302E302063646E2E7070646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E72696365617465617374636163682E75730D0A302E302E302E302063646E2E73687961706F7461746F2E75730D0A302E302E302E302063646E2E736F6C696D62612E636F6D0D0A302E302E302E302063646E2E7475746F3470632E636F6D0D0A302E302E302E302063646E2E617070726F756E642E62697A0D0A302E302E302E302063646E2E626967737065656470726F2E636F6D0D0A302E302E302E302063646E2E62697370642E636F6D0D0A302E302E302E302063646E2E62697372762E636F6D0D0A302E302E302E302063646E2E63646E64702E636F6D0D0A302E302E302E302063646E2E646F776E6C6F61642E73776565747061636B732E636F6D0D0A302E302E302E302063646E2E6470646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E76697375616C6265652E6E65740D0A2320756E636865636B69745F656E640A
Tcpip\Parameters: [DhcpNameServer] 10.156.33.53 129.187.5.1
Tcpip\..\Interfaces\{150b5080-ac93-4272-ac4a-bffe13d172bd}: [DhcpNameServer] 0.0.0.0
Tcpip\..\Interfaces\{2c2232f8-8dd7-42dd-88e1-2d818924d50a}: [DhcpNameServer] 10.156.33.53 129.187.5.1
Tcpip\..\Interfaces\{66c1b00a-7100-4e92-ac46-811fd2d50492}: [DhcpNameServer] 192.168.34.3 129.187.5.1
Tcpip\..\Interfaces\{83fbec75-ff09-4692-a92d-4201c2743b42}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nuesearch.com/?type=hp&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nuesearch.com/?type=hp&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms}
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nuesearch.com/?type=hp&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?PC=AV01
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT13/4
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms}
SearchScopes: HKLM -> OldSearch URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1429767349&from=cor&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms}
SearchScopes: HKLM -> {470BE3E6-2099-4F7E-84F1-F3DA4739DF9A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms}
SearchScopes: HKLM-x32 -> {470BE3E6-2099-4F7E-84F1-F3DA4739DF9A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D120415-A6B219395BABB4E59ADF&form=CONBDF&conlogo=CT3332005&q={searchTerms}
SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {470BE3E6-2099-4F7E-84F1-F3DA4739DF9A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-is__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-21] (Oracle Corporation)
BHO: DealbeaverBHO Class -> {A5C87FD0-85EF-45B6-AF57-BE74A5FF1768} -> C:\Program Files (x86)\Dealbeaver\Dealbeaver64.dll [2016-05-18] (Dealbeaver)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-21] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Kein Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Keine Datei
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Kein Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> Keine Datei
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: DealbeaverBHO Class -> {A5C87FD0-85EF-45B6-AF57-BE74A5FF1768} -> C:\Program Files (x86)\Dealbeaver\Dealbeaver.dll [2016-05-18] (Dealbeaver)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Kein Name -> {dc727a8c-7582-483c-a1c2-2b885f099bb5} -> Keine Datei
BHO-x32: Kein Name -> {E6E66045-E911-4C01-961D-32387BF12768} -> C:\Users\Martin\AppData\LocalLow\Browser-Security\safe_url.dll [2015-09-11] ()
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-12-20] (Hewlett-Packard Company)
BHO-x32: Kein Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Keine Datei
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Keine Datei
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nuesearch.com/?type=sc&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668

Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> hxxp://www.nuesearch.com/?type=hp&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Profiles\zocbhc16.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-11-27] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-205815100-794779995-1947703700-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-03-17] (Ubisoft)
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\searchplugins\avast-search.xml [2016-05-31]
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\searchplugins\bing-lavasoft.xml [2015-12-04]
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\searchplugins\nuesearch.xml [2016-07-12]
FF Extension: (Cliqz) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\Extensions\cliqz@cliqz.com.xpi [2015-11-28] [ist nicht signiert]
FF Extension: (Browser-Security) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\Extensions\firefox@browser-security.de.xpi [2015-12-04] [ist nicht signiert]
FF Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-28]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-28]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\extensions\quick_searchff@gmail.com => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\extensions\sweetsearch@gmail.com => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\extensions\cliqz@cliqz.com => nicht gefunden
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nuesearch.com/?type=sc&ts=1471937979&z=32ae82565e8943bb0a12258g3z6mdg2teceb1e7gcb&from=eve0822se&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668

Chrome: 
=======
CHR HomePage: ChromeDefaultData -> hxxp://www.nicesearches.com?type=hp&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z
CHR RestoreOnStartup: ChromeDefaultData -> "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bcr-is__alt__ddc_dsssyc_bd_com"
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.nicesearches.com?type=hp&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z" 
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> nice
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => Keine Datei
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
CHR Extension: (Dealbeaver) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bhldmkghjkldhclddpjebfjpaijaajmm [2016-05-20]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-11]
CHR Extension: (Google-Suche) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-11]
CHR Extension: (Avast Online Security) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-12]
CHR Extension: (Skype) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-22]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12]
CHR Extension: (Google Mail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-28]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.nuesearch.com/?type=sc&ts=1471937979&z=32ae82565e8943bb0a12258g3z6mdg2teceb1e7gcb&from=eve0822se&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [Datei ist nicht signiert]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-28] (AVAST Software)
R2 cktSvc; C:\Program Files (x86)\Uncheckit\cktSvc.exe [274176 2016-07-05] (EVANGEL TECHNOLOGY (HK) LIMITED)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-24] (Dropbox, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-12-04] (Lavasoft Limited)
R2 LegpatP; C:\ProgramData\Legpat\Legpat.exe [399768 2016-05-26] ()
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2015-10-30] (HP Inc.) [Datei ist nicht signiert]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2015-10-30] (HP Inc.) [Datei ist nicht signiert]
R2 qkseeService; C:\Program Files (x86)\qksee\qkseeSvc.exe [761344 2016-05-20] (Qksee Pvt Ltd.) [Datei ist nicht signiert]
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2015-12-04] ()
S2 ThnAdpsrv; C:\Program Files (x86)\Thunshprerusp\ThnAdpsrv.exe [986264 2016-05-19] ()
R2 UncheckitSvc; C:\Program Files (x86)\Uncheckit\UncheckitSvc.exe [247552 2016-07-05] (evangel technology (hk) limited)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [1141400 2016-06-21] (Winziper Pvt Ltd.) <==== ACHTUNG
S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [82664 2015-12-16] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-28] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2014-07-14] ()
S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [111616 2015-10-30] (ASIX Electronics Corp.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Windows (R) Win 7 DDK provider)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2014-07-14] ()
R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2504192 2015-10-30] (MediaTek Inc.)
R3 pelmouse; C:\Windows\system32\DRIVERS\pelmouse.sys [23040 2015-12-17] (TPMX Electronics Ltd.)
R3 pelusblf; C:\Windows\system32\DRIVERS\pelusblf.sys [35328 2015-12-22] (TPMX Electronics Ltd.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S3 SKYNETU2C; C:\Windows\System32\drivers\SkyNetU2C_AMD64.SYS [270424 2010-05-10] (TechniSat Digital, S.A.)
S3 SkyNetU2CBDA_AMD64; C:\Windows\system32\DRIVERS\SkyNetU2CBDA_AMD64.sys [346200 2011-05-10] (TechniSat Digital, S.A.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-28] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S4 iSafeKrnl; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [X]
S1 iSafeKrnlKit; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-28 16:33 - 2016-08-28 16:34 - 00050996 _____ C:\Users\Martin\Desktop\FRST.txt
2016-08-28 16:32 - 2016-08-28 16:33 - 00000000 ____D C:\FRST
2016-08-28 16:32 - 2016-08-28 16:32 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Martin\Desktop\tdsskiller.exe
2016-08-28 16:31 - 2016-08-28 16:31 - 02396672 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2016-08-26 01:49 - 2016-08-26 01:49 - 00000004 ____H C:\ProgramData\cm-lock
2016-08-24 09:03 - 2016-08-24 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-23 22:12 - 2016-08-23 22:12 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_429687859.html
2016-08-23 22:12 - 2016-08-23 22:12 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_429687562.html
2016-08-23 13:58 - 2016-08-23 13:58 - 00003342 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-23 09:39 - 2016-08-25 23:40 - 00000000 ____D C:\Program Files (x86)\_SSpm
2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_384540046.html
2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_384539921.html
2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_384533328.html
2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\de_384533078.html
2016-08-15 10:34 - 2016-08-22 10:42 - 00000000 ____D C:\Users\Martin\AppData\Roaming\setup1
2016-08-10 10:51 - 2016-08-03 12:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 10:51 - 2016-08-03 12:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 10:51 - 2016-08-03 12:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 10:51 - 2016-08-03 12:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 10:51 - 2016-08-03 11:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 10:51 - 2016-08-03 11:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 10:51 - 2016-08-03 11:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 10:51 - 2016-08-03 11:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 10:51 - 2016-08-03 11:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 10:51 - 2016-08-03 11:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 10:51 - 2016-08-03 11:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 10:51 - 2016-08-03 11:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 10:51 - 2016-08-03 11:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 10:51 - 2016-08-03 11:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 10:51 - 2016-08-03 11:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 10:51 - 2016-08-03 11:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 10:51 - 2016-08-03 11:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 10:51 - 2016-08-03 07:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 10:51 - 2016-08-03 07:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 10:51 - 2016-08-03 07:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 10:51 - 2016-08-03 07:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 10:51 - 2016-08-03 06:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 10:51 - 2016-08-03 06:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 10:51 - 2016-08-03 06:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 10:51 - 2016-08-03 06:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 10:51 - 2016-08-03 06:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 10:51 - 2016-08-03 06:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-10 10:50 - 2016-08-03 13:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 10:50 - 2016-08-03 13:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 10:50 - 2016-08-03 13:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 10:50 - 2016-08-03 12:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 10:50 - 2016-08-03 12:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 10:50 - 2016-08-03 12:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 10:50 - 2016-08-03 12:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 10:50 - 2016-08-03 12:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 10:50 - 2016-08-03 12:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 10:50 - 2016-08-03 12:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 10:50 - 2016-08-03 12:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 10:50 - 2016-08-03 12:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 10:50 - 2016-08-03 12:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 10:50 - 2016-08-03 12:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 10:50 - 2016-08-03 12:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 10:50 - 2016-08-03 12:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 10:50 - 2016-08-03 12:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 10:50 - 2016-08-03 12:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 10:50 - 2016-08-03 12:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 10:50 - 2016-08-03 12:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 10:50 - 2016-08-03 12:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 10:50 - 2016-08-03 12:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 10:50 - 2016-08-03 11:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 10:50 - 2016-08-03 11:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 10:50 - 2016-08-03 11:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 10:50 - 2016-08-03 11:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 10:50 - 2016-08-03 11:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 10:50 - 2016-08-03 11:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 10:50 - 2016-08-03 11:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 10:50 - 2016-08-03 11:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 10:50 - 2016-08-03 11:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 10:50 - 2016-08-03 11:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 10:50 - 2016-08-03 11:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 10:50 - 2016-08-03 11:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 10:50 - 2016-08-03 11:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 10:50 - 2016-08-03 11:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 10:50 - 2016-08-03 11:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 10:50 - 2016-08-03 11:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 10:50 - 2016-08-03 11:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 10:50 - 2016-08-03 11:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 10:50 - 2016-08-03 11:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 10:50 - 2016-08-03 11:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 10:50 - 2016-08-03 11:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 10:50 - 2016-08-03 11:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 10:50 - 2016-08-03 11:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 10:50 - 2016-08-03 11:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 10:50 - 2016-08-03 11:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 10:50 - 2016-08-03 11:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 10:50 - 2016-08-03 11:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 10:50 - 2016-08-03 11:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 10:50 - 2016-08-03 11:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 10:50 - 2016-08-03 11:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 10:50 - 2016-08-03 11:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 10:50 - 2016-08-03 11:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 10:50 - 2016-08-03 11:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 10:50 - 2016-08-03 11:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 10:50 - 2016-08-03 11:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 10:50 - 2016-08-03 11:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 10:50 - 2016-08-03 11:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 10:50 - 2016-08-03 11:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 10:50 - 2016-08-03 11:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 10:50 - 2016-08-03 11:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 10:50 - 2016-08-03 11:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 10:50 - 2016-08-03 11:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 10:50 - 2016-08-03 11:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 10:50 - 2016-08-03 11:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 10:50 - 2016-08-03 11:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 10:50 - 2016-08-03 11:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 10:50 - 2016-08-03 11:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 10:50 - 2016-08-03 07:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 10:50 - 2016-08-03 07:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 10:50 - 2016-08-03 07:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 10:50 - 2016-08-03 07:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 10:50 - 2016-08-03 07:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 10:50 - 2016-08-03 07:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 10:50 - 2016-08-03 06:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 10:50 - 2016-08-03 06:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 10:50 - 2016-08-03 06:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 10:50 - 2016-08-03 06:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 10:50 - 2016-08-03 06:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 10:50 - 2016-08-03 06:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 10:50 - 2016-08-03 06:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 10:50 - 2016-08-03 06:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 10:50 - 2016-08-03 06:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 10:50 - 2016-08-03 06:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 10:50 - 2016-08-03 06:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 10:50 - 2016-08-03 06:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 10:50 - 2016-08-03 06:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 10:50 - 2016-08-03 06:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 10:50 - 2016-08-03 06:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 10:50 - 2016-08-03 06:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 10:50 - 2016-08-03 06:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 10:50 - 2016-08-03 06:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 10:50 - 2016-08-03 06:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 10:50 - 2016-08-03 06:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 10:50 - 2016-08-03 06:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 10:50 - 2016-08-03 06:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 10:50 - 2016-08-03 06:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 10:50 - 2016-08-03 06:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 10:50 - 2016-08-03 06:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 10:50 - 2016-08-03 06:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 10:50 - 2016-08-03 06:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-09 15:54 - 2016-08-26 08:43 - 00000000 ____D C:\Program Files (x86)\CLIQZ
2016-08-09 15:54 - 2016-08-09 16:02 - 00000000 ____D C:\Users\Martin\AppData\Local\CLIQZ
2016-08-09 15:54 - 2016-08-09 15:54 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLIQZ.lnk
2016-08-09 15:54 - 2016-08-09 15:54 - 00001130 _____ C:\Users\Public\Desktop\CLIQZ.lnk
2016-08-09 15:54 - 2016-08-09 15:54 - 00000000 ____D C:\Users\Martin\AppData\Roaming\CLIQZ
2016-08-09 15:53 - 2016-08-09 15:53 - 01474568 _____ C:\Users\Martin\Downloads\CLIQZ14.de.win32.installer - CHIP-Installer.exe
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224665812.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224665187.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224665062.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224664343.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224664203.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224663390.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224663281.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224659500.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224659375.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224647796.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224647640.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224646203.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224646078.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224640531.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\de_224640156.html
2016-08-08 10:42 - 2016-08-24 00:51 - 00000000 ____D C:\Program Files (x86)\SoEasySvc
2016-08-08 10:42 - 2016-08-23 09:39 - 00000000 ____D C:\ProgramData\KwinpK
2016-08-07 11:50 - 2016-08-07 11:50 - 00000000 ____D C:\Users\Martin\AppData\LocalLow\Temp
2016-08-05 18:50 - 2016-08-05 18:50 - 00003726 _____ C:\WINDOWS\System32\Tasks\UpdaterTask
2016-08-03 18:43 - 2015-12-22 11:33 - 00035328 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\pelusblf.sys
2016-08-03 18:43 - 2015-12-17 13:48 - 00023040 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\PELMOUSE.SYS
2016-08-03 18:43 - 2009-11-02 16:36 - 00011776 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\PELVENDR.SYS
2016-08-03 16:31 - 2016-08-03 16:31 - 00410983 _____ C:\Users\Martin\Downloads\259912_PFEIFER_Lastbock-Gewinde-LBP_M48_20_0t.zip
2016-08-03 13:21 - 2016-08-03 13:21 - 00049492 _____ C:\Users\Martin\Downloads\neukollner_entwicklung_zusammenfassung_2008.pdf
2016-08-01 22:31 - 2016-08-01 22:31 - 00128000 _____ C:\Users\Martin\Documents\Inhaltsverzeichnisv-Aktuell 06.2016.xls
2016-08-01 14:03 - 2016-08-01 14:03 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659675625.html
2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659640875.html
2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659610734.html
2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659610531.html
2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659606812.html
2016-08-01 14:01 - 2016-08-23 09:39 - 05842516 _____ (Update) C:\Program Files (x86)\SSFK.exe
2016-08-01 14:01 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659606671.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659591546.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659591343.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659590296.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659590171.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659582390.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\de_1659582203.html
2016-08-01 10:42 - 2016-08-01 10:42 - 00000000 ____D C:\ProgramData\JwinpJ
2016-08-01 10:42 - 2016-08-01 10:42 - 00000000 ____D C:\ProgramData\fwinpf
2016-08-01 10:42 - 2016-08-01 10:42 - 00000000 ____D C:\Program Files (x86)\zffvjegf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-28 16:35 - 2013-01-19 12:27 - 00000000 ____D C:\Users\Martin\Documents\Outlook-Dateien
2016-08-28 16:16 - 2014-12-04 17:02 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-28 16:15 - 2016-04-19 14:51 - 00000068 __RSH C:\WINDOWS\system32\Drivers\WSDPrint.winsecurity
2016-08-28 16:15 - 2016-04-18 17:34 - 00000068 __RSH C:\WINDOWS\system32\Drivers\winverbs.winsecurity
2016-08-28 16:15 - 2016-04-18 12:45 - 00000068 __RSH C:\WINDOWS\system32\Drivers\xinputhid.winsecurity
2016-08-28 16:06 - 2016-05-24 10:01 - 00001242 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-28 15:41 - 2016-04-19 14:51 - 00000068 __RSH C:\WINDOWS\system32\Drivers\WdiWiFi.winsecurity
2016-08-28 15:41 - 2016-04-18 17:34 - 00000068 __RSH C:\WINDOWS\system32\Drivers\wfplwfs.winsecurity
2016-08-28 15:41 - 2016-04-18 12:45 - 00000068 __RSH C:\WINDOWS\system32\Drivers\wof.winsecurity
2016-08-28 14:11 - 2013-10-21 17:30 - 00000000 ____D C:\Users\Martin\AppData\Local\Akamai
2016-08-28 10:06 - 2016-05-24 10:01 - 00001238 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-28 09:33 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-28 08:38 - 2014-01-23 23:57 - 00000576 _____ C:\WINDOWS\Tasks\MATLAB R2013b Startup Accelerator.job
2016-08-28 08:35 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-28 08:34 - 2013-12-23 17:35 - 00000000 ___RD C:\Users\Martin\Dropbox
2016-08-28 08:31 - 2016-03-26 18:04 - 00000000 __SHD C:\Users\Martin\IntelGraphicsProfiles
2016-08-28 08:31 - 2013-05-04 15:33 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-27 23:21 - 2016-03-26 13:19 - 00000000 ____D C:\Users\Martin
2016-08-27 18:00 - 2015-12-05 18:26 - 00000498 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job
2016-08-26 18:36 - 2016-05-26 13:59 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-08-26 18:28 - 2016-05-23 10:42 - 00000000 ____D C:\Program Files (x86)\qksee
2016-08-26 18:27 - 2016-02-13 19:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-26 16:19 - 2016-06-16 12:44 - 00000000 ____D C:\Program Files (x86)\WinZipper
2016-08-25 21:14 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-25 08:21 - 2013-09-15 12:56 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-08-25 07:26 - 2016-07-12 10:53 - 00000000 ____D C:\WINDOWS\SysWOW64\_SSpm
2016-08-24 09:03 - 2016-05-24 10:01 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-24 01:13 - 2016-07-12 10:53 - 00000000 ____D C:\ProgramData\AwinpA
2016-08-24 01:06 - 2016-07-12 10:53 - 00000000 ____D C:\Program Files (x86)\WinSaber
2016-08-24 00:34 - 2016-05-20 22:40 - 00000000 ____D C:\Program Files (x86)\Drecuied
2016-08-23 22:13 - 2016-07-19 12:42 - 00000000 ____D C:\ProgramData\ChelfNotify
2016-08-23 13:58 - 2016-03-26 15:26 - 00002386 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-23 13:58 - 2016-03-26 15:26 - 00000000 ___RD C:\Users\Martin\OneDrive
2016-08-23 09:39 - 2016-07-12 10:53 - 00000000 ____D C:\Program Files (x86)\SFK
2016-08-22 22:50 - 2016-05-20 22:49 - 00003782 _____ C:\WINDOWS\System32\Tasks\SoftUpgrade
2016-08-22 22:50 - 2016-05-20 22:49 - 00000000 ____D C:\Program Files (x86)\SoftUpgrade
2016-08-22 16:21 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-22 10:42 - 2016-07-19 12:42 - 00003538 _____ C:\WINDOWS\System32\Tasks\ChelfNotify Task
2016-08-20 08:46 - 2013-05-04 15:33 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-19 08:39 - 2013-11-28 19:04 - 00000000 ____D C:\Users\Martin\Documents\Uni
2016-08-13 11:13 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-10 18:40 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-10 17:21 - 2016-02-13 19:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-10 17:11 - 2016-02-13 19:12 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-10 17:11 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 17:11 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-10 11:49 - 2016-03-26 19:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 11:49 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 11:49 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 11:37 - 2013-01-24 16:53 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 23:40 - 2013-05-04 15:39 - 00002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 23:40 - 2013-05-04 15:39 - 00002490 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-08 14:51 - 2015-12-06 19:30 - 00000000 ____D C:\Users\Martin\AppData\Local\Risen2
2016-08-08 09:47 - 2016-03-26 13:18 - 02011910 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-08 09:47 - 2016-02-13 18:59 - 00857262 _____ C:\WINDOWS\system32\perfh007.dat
2016-08-08 09:47 - 2016-02-13 18:59 - 00188952 _____ C:\WINDOWS\system32\perfc007.dat
2016-08-05 12:00 - 2013-09-15 12:56 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-08-03 08:37 - 2016-01-16 21:48 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-30 22:50 - 2013-05-04 15:33 - 00004204 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-30 22:50 - 2013-05-04 15:33 - 00003972 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-30 22:50 - 2013-05-04 15:33 - 00001146 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-08-13 10:29 - 2014-08-13 10:29 - 154565521 _____ () C:\Program Files (x86)\openoffice1.cab
2014-08-13 10:27 - 2014-08-13 10:27 - 2314240 _____ () C:\Program Files (x86)\openoffice411.msi
2014-08-13 10:27 - 2014-08-13 10:27 - 0478720 _____ () C:\Program Files (x86)\setup.exe
2014-08-13 10:27 - 2014-08-13 10:27 - 0000279 _____ () C:\Program Files (x86)\setup.ini
2016-08-01 14:01 - 2016-08-23 09:39 - 5842516 _____ (Update) C:\Program Files (x86)\SSFK.exe
2015-04-03 16:31 - 2015-04-03 16:31 - 0385602 _____ () C:\Users\Martin\AppData\Local\5D515C96_stp.CIS
2015-04-03 16:31 - 2015-04-03 16:31 - 0000220 _____ () C:\Users\Martin\AppData\Local\5D515C96_stp.CIS.part
2015-04-03 16:32 - 2015-04-03 16:32 - 1509462 _____ () C:\Users\Martin\AppData\Local\69DD7379_stp.CIS
2015-04-03 16:32 - 2015-04-03 16:32 - 0000295 _____ () C:\Users\Martin\AppData\Local\69DD7379_stp.CIS.part
2015-04-03 16:32 - 2015-04-03 16:32 - 0192979 _____ () C:\Users\Martin\AppData\Local\741E72B5_stp.CIS
2015-04-03 16:32 - 2015-04-03 16:32 - 0000290 _____ () C:\Users\Martin\AppData\Local\741E72B5_stp.CIS.part
2015-11-21 00:56 - 2015-11-21 01:01 - 0007680 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-26 01:49 - 2016-08-26 01:49 - 0000004 ____H () C:\ProgramData\cm-lock
ZeroAccess:
C:\Users\Martin\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Einige Dateien in TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\9fQIA1hk-prog.exe
C:\Users\Martin\AppData\Local\Temp\9fQIA1hk-upd.exe
C:\Users\Martin\AppData\Local\Temp\AcDeltree.exe
C:\Users\Martin\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Martin\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Martin\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Martin\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Martin\AppData\Local\Temp\SettingUpdate.exe
C:\Users\Martin\AppData\Local\Temp\sphpsa.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-08-24 09:30

==================== Ende von FRST.txt ============================

Martin.9008 · 28.08.2016, 16:03

Addition.txt

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-08-2016
durchgeführt von Martin (28-08-2016 16:35:31)
Gestartet von C:\Users\Martin\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-26 13:14:15)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-205815100-794779995-1947703700-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-205815100-794779995-1947703700-503 - Limited - Disabled)
Gast (S-1-5-21-205815100-794779995-1947703700-501 - Limited - Disabled)
Martin (S-1-5-21-205815100-794779995-1947703700-1001 - Administrator - Enabled) => C:\Users\Martin

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (Version: 20.2.1 - HP Inc.) Hidden
Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{588B7DD2-3480-4A89-A8F6-C6781CBFAD56}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.8 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Age of Mythology - The Titans Expansion (HKLM-x32\...\Age of Mythology Expansion Pack 1.0) (Version:  - )
Age of Mythology (HKLM-x32\...\Age of Mythology 1.0) (Version:  - )
Akamai NetSession Interface (HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{5977D04D-1D6A-952C-97AF-04D9D4C0AE56}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
ANALYSIS_30_Common (x32 Version: 14.1 - SOFiSTiK AG) Hidden
ANALYSIS_30_x64_Common (x32 Version: 14.1 - SOFiSTiK AG) Hidden
ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft)
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.04 - Sunflowers)
AutoCAD Architecture 2014 - Deutsch (German) (Version: 7.5.106.0 - Autodesk) Hidden
AutoCAD Architecture 2014 - Deutsch (German) (Version: 7.5.17.0 - Autodesk) Hidden
AutoCAD Architecture 2014 - Deutsch (German) SP 1 (HKLM\...\AutoCAD Architecture 2014 - Deutsch (German) SP 1) (Version: 1 - Autodesk)
AutoCAD Architecture 2014 Language Pack - Deutsch (Version: 7.5.17.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.2.3.1000 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD Architecture 2014 - Deutsch (German) (HKLM\...\AutoCAD Architecture 2014 - Deutsch (German)) (Version: 7.5.17.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2016 (HKLM-x32\...\{FA5DF4D1-CD59-4183-B3D4-779A56498786}) (Version: 6.3.0.18 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk Revit 2016 (HKLM\...\Autodesk Revit 2016) (Version: 16.0.490.0 - Autodesk)
Autodesk Workflows 2016 (HKLM\...\{535CDED0-D690-4738-83EE-09056A365BAC}) (Version: 6.3.0.18 - Autodesk, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software)
AX88772C (HKLM-x32\...\{48C1584F-E022-4C21-9072-0BA886976B4F}) (Version: 1.01 - )
BandwidthStat (HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\BandwidthStat) (Version: 1.0 - BandwidthStat)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser-Security (HKLM-x32\...\Browser-Security) (Version: 1.0.7.0 - Vondos Media GmbH) <==== ACHTUNG
Bullzip PDF Printer 10.6.0.2267 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.6.0.2267 - Bullzip)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
CLIQZ 1.6.1 (x86 de) (HKLM-x32\...\CLIQZ 1.6.1 (x86 de)) (Version: 1.6.1 - Cliqz GmbH)
cloudfront - Uninstall (HKLM-x32\...\{54C3021D-55CA-44E8-899F-C102D92DD517}) (Version:  - ) <==== ACHTUNG
CodeMeter Runtime Kit v6.10a (HKLM\...\{4FF3EB53-5576-4B11-A08F-605C1938176A}) (Version: 6.10.2018.501 - WIBU-SYSTEMS AG)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DIE SIEDLER - Aufstieg eines Königreichs (HKLM-x32\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft)
Die Siedler 7 (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
Die Siedler II - Die nächste Generation (HKLM-x32\...\S2TNG) (Version:  - )
Die Siedler IV (HKLM-x32\...\S4Uninst) (Version:  - )
Dot4 (HKLM\...\{DD411225-A527-4C56-91BE-15D888B3CCDE}) (Version: 1.0.0.0 - HP)
Dropbox (HKLM-x32\...\Dropbox) (Version: 8.4.21 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.41.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.12.57.324 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.57.324 - DVDVideoSoft Ltd.)
G2-Classic-Mod (HKLM-x32\...\G2-Classic-Mod) (Version: 1.1 - Sargon)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Gothic (HKLM-x32\...\{BBF10B37-4ED3-11D5-A818-00500435FC18}) (Version:  - )
Gothic 2 Gold (HKLM-x32\...\{40FE74B5-71A1-4393-A0AB-21D6E1DA5A66}) (Version: 1.0.0 - JoWood)
GOTHIC2 - Die Nacht des Raben - 'System-Paket' (HKLM-x32\...\GOTHIC2 - Die Nacht des Raben - 'System-Paket') (Version: 1.1 - World of Gothic RU © 2014)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{A38E954F-9043-42BD-9DE9-246ED183791D}) (Version: 12.5.26.37 - HP)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
MainConcept DTV Decoder Pro (HKLM-x32\...\{793FCE60-DE5E-4977-A942-A7B69A45B17D}) (Version: 1.5.0.2 - MainConcept GmbH)
MATLAB R2013b (HKLM\...\Matlab R2013b) (Version: 8.2 - The MathWorks, Inc.)
MEDION NAS TOOL (HKLM-x32\...\MEDION NAS TOOL) (Version:  - MEDION)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7939 - Memeo Inc.)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{A047101C-A3AE-4FAD-802F-01C965079F66}) (Version: 11.1.3010.3 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Nero 2015 (HKLM-x32\...\{F9592BA0-AA0D-454C-95AA-9782DF00CB4B}) (Version: 16.0.04000 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
ParetoLogic PC Health Advisor (HKLM-x32\...\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}) (Version: 3.1.7.0 - ParetoLogic, Inc.)
Pontifex Demo 10.19.01 (HKLM-x32\...\Pontifex Demo_is1) (Version:  - Chronic Logic LLC)
Prerequisite installer (x32 Version: 16.0.0003 - Nero AG) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
qksee (HKLM-x32\...\qksee) (Version:  - Taiwan Shui Mu Chih Ching Technology Limited) <==== ACHTUNG
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Revit 2016 (Version: 16.0.490.0 - Autodesk) Hidden
Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)
Risen 2 - Dark Waters (HKLM-x32\...\{CC4473E6-AB7D-406B-ADAE-BF9C61CEC5FE}) (Version: 1.00 - Deep Silver)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SimCity 4 Deluxe (HKLM-x32\...\{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}) (Version:  - )
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
SOFiCAD-OEM 2014 (HKLM-x32\...\SOFiCADOEM 2014) (Version: 20.14.0.0 - SOFiSTiK AG)
SOFiCAD-OEM 2014 (Version: 19.1.18.0 - SOFiSTiK) Hidden
SOFiCAD-OEM 2014 (x32 Version: 19.1.0 - SOFiSTiK AG) Hidden
SOFiSTiK 2014 19.1 64Bit Object Enabler (HKLM\...\{50F1571C-50FD-2014-3064-191000000000}) (Version: 19.1.1.0 - SOFiSTiK AG)
SOFiSTiK 2014 Documenation SOFiCAD (x32 Version: 1.00.0000 - Your Company Name) Hidden
SOFiSTiK Reinforcement Detailing 2016 (HKLM\...\{50F1571C-50F6-2016-3364-201600201405}) (Version: 5.0.0 - SOFiSTiK AG)
SOFiSTiK Sonar (HKLM-x32\...\{50F1571C-50F1-2014-3032-000000150000}) (Version: 15.00 - SOFiSTiK AG)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uncheckit (HKLM-x32\...\Uncheckit) (Version: 2.1.5 - EVANGEL TECHNOLOGY (HK) LIMITED) <==== ACHTUNG
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.3 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Wajam (HKLM-x32\...\WaNetworkEnhance) (Version: 2.29.2.17 (i2.6) - WaNetworkEnhance) <==== ACHTUNG
Web Companion (HKLM-x32\...\{d35d79f6-850b-4d3b-b3df-f052f842b2da}) (Version: 2.1.1199.2443 - Lavasoft)
Wecker für Windows 6.5 (HKLM-x32\...\{FFDC4005-E968-498D-93C8-CC148742167D}}_is1) (Version: 6.5 - Christoph Bünger Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinZip (HKLM-x32\...\WinZip) (Version: 2.2.25 - Winzipper Pvt Ltd.) <==== ACHTUNG
Worms 4 Mayhem (HKLM-x32\...\{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}) (Version: 1.00.0000 - Codemasters)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ACHTUNG

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E100-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E101-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E102-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7F8-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7F9-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FA-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FB-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FC-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FD-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FE-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FF-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\de-DE\sofc191ficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{5D8A052B-FFEE-4B2D-ADD8-EDCDA13C0763}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofiaxis_com.dll (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{5D8A052C-FFEE-4B2D-ADD8-EDCDA13C0763}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofiaxis_com.dll (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofc191.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{6AC79303-DBF3-4BE2-9F8E-0349FDC88E19}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofidc.arx (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{8258CC73-933A-4A76-88B1-43A5468A09F7}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\SOF_BAMTEC191_x64.DBX (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{9874959D-2021-4F77-AA2E-7E787954ADD7}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBFE_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176366-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176367-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176368-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176369-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B517636A-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B517636B-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\de-DE\acadficn.dll (Autodesk, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {1E041551-E3E9-4775-945B-473FF6FE41BD} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3383E5C5-2D9A-4B13-9190-937420612144} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3C33CD03-7609-44AF-9710-CAA445D6BF10} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {55FB011F-2C02-4183-A225-2A34A62683CC} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {5D31EF85-8E68-45F5-9535-7258083FD944} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {5E2D557B-0A4F-42B1-83FD-9CD0D6FE32D0} - System32\Tasks\SoftUpgrade => C:\Program Files (x86)\SoftUpgrade\softup.exe [2016-08-22] ()
Task: {5F42836E-AE85-4CA2-86A3-A313F614B55F} - System32\Tasks\ChelfNotify Task => C:\ProgramData\ChelfNotify\BrowserUpdate.exe [2016-06-30] (Tencent) <==== ACHTUNG
Task: {713A80B6-4080-406C-A767-1FB30E7CD27C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-24] (Dropbox, Inc.)
Task: {82ABDCB9-8CDD-4730-AD92-AC4E496A1760} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {85140850-A9DD-4BB4-B7DC-06C1A3F6F29F} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\TXQQBrowser\Update\FFF2A3639BEFA36CCEA18F04A7668C60\Update\BrowserUpdate.exe [2016-04-25] (Tencent) <==== ACHTUNG
Task: {8B04DA55-1A17-4E84-B509-C6F091D62841} - System32\Tasks\UncheckitUpdateTaskDB => C:\Program Files (x86)\Uncheckit\UncheckitUpdate.exe [2016-07-05] (EVANGEL TECHNOLOGY (HK) LIMITED) <==== ACHTUNG
Task: {92C847DC-B226-4C5A-A8AB-184E4A601340} - System32\Tasks\UpdaterTask => C:\Users\Martin\AppData\Local\Temp\avdrhxythrag [Argument = /p=27 /i=1] <==== ACHTUNG
Task: {95EEB00E-6D66-4872-8E1E-CCBCD0748013} - System32\Tasks\{C8599BEC-8541-4730-9C00-8B636C6E2D46} => pcalua.exe -a "C:\Program Files (x86)\Star Wars Battlefront II\LaunchBFII.exe" -d "C:\Program Files (x86)\Star Wars Battlefront II"
Task: {96FB385F-013A-4BAF-8A22-44C9CB47F9E0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {A8C2E264-6122-426B-B842-15D6E9E9638C} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {AB1ADFC6-1114-4C46-8132-A482BD53D16A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-23] (Microsoft Corporation)
Task: {AB96C6F0-FEBE-4160-9998-E59661C9B7A6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-28] (AVAST Software)
Task: {AB9AA26C-745D-477B-9D28-44FF4E0063F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {B751D1AA-9672-4CF1-9F9F-C640883ADE15} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-24] (Dropbox, Inc.)
Task: {C07DD9EA-28FF-49F5-AE6E-0DE21DBC55A6} - System32\Tasks\SafeZone scheduled Autoupdate 1458044218 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {CE92AEDC-30F0-47B5-89E5-7D4DE9C3EBC7} - System32\Tasks\MATLAB R2013b Startup Accelerator => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe [2013-08-05] ()
Task: {CF8427F3-4A25-4915-A21D-887A076A1E74} - System32\Tasks\UncheckitUpdateTaskC => C:\Program Files (x86)\Uncheckit\UncheckitUpdate.exe [2016-07-05] (EVANGEL TECHNOLOGY (HK) LIMITED) <==== ACHTUNG
Task: {D3A7A3E2-2E6F-45A2-9448-8CC9BBA0EE78} - System32\Tasks\UncheckitTaskMN => C:\Program Files (x86)\Uncheckit\cktSvc.exe [2016-07-05] (EVANGEL TECHNOLOGY (HK) LIMITED) <==== ACHTUNG
Task: {D4179342-5F5B-4002-BE34-CB835DFE5811} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {D7374E94-A9BA-4100-977D-F0B34BED0BDA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {D8589126-C141-4109-A143-BFDE0446BE7C} - System32\Tasks\Thunshprerusp Adapter => C:\Program Files (x86)\Thunshprerusp\ThnAdptsk.exe [2016-05-19] () <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2013b Startup Accelerator.job => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => rundll32.exe  C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{E642CB23-6186-418C-9B97-D12D8B681FC4}\SupportTasks\1\Support.lnk -> hxxp://www.microsoft.com/support/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{E642CB23-6186-418C-9B97-D12D8B681FC4}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.ensemblestudios.com/aom/index.html/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{CE4F9AA0-B50E-4509-87B3-312B473AA74C}\SupportTasks\1\Support.lnk -> hxxp://www.piranha-bytes.com/gothic1/gothic1_faq_english.html/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{CE4F9AA0-B50E-4509-87B3-312B473AA74C}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.piranha-bytes.com/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{B86065B3-F461-46B3-A9F7-397F53DAC8C2}\SupportTasks\1\Support.lnk -> hxxp://support.lucasarts.com/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{B86065B3-F461-46B3-A9F7-397F53DAC8C2}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.swbattlefront2.com/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{42BB19A3-BB52-4B1C-8A47-566A70503079}\SupportTasks\1\Support.lnk -> hxxp://support.microsoft.com/directory/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{42BB19A3-BB52-4B1C-8A47-566A70503079}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.microsoft.com/games/age2/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{296AA790-7BF8-4BC9-8766-432ECEAD9ACB}\SupportTasks\1\Support.lnk -> hxxp://www.atarisupport.com/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{296AA790-7BF8-4BC9-8766-432ECEAD9ACB}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.piranha-bytes.com/gothic2/content_english/news_press.php/

ShortcutWithArgument: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668
ShortcutWithArgument: C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Legpat\Application\chrome.exe (Google Inc.) -> d391tbweljugwk.cloudfront.net/?ts=AHEqAnQrBXUmAk..&v=20160518&uid=FFF2A3639BEFA36CCEA18F04A7668C60&ptid=cos1&mode=scrp
ShortcutWithArgument: C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668
ShortcutWithArgument: C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Legpat\Application\chrome.exe (Google Inc.) -> d391tbweljugwk.cloudfront.net/?ts=AHEqAnQrBXUmAk..&v=20160518&uid=FFF2A3639BEFA36CCEA18F04A7668C60&ptid=cos1&mode=scrp
ShortcutWithArgument: C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4df8ad51f300749a\Legpat.lnk -> C:\Program Files (x86)\Legpat\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> hxxp://www.nuesearch.com/?type=sc&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> d391tbweljugwk.cloudfront.net/?ts=AHEqAnQrBXUmAk..&v=20160518&uid=FFF2A3639BEFA36CCEA18F04A7668C60&ptid=cos1&mode=scrp
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668
ShortcutWithArgument: C:\Users\Public\Desktop\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> hxxp://www.nuesearch.com/?type=sc&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668
ShortcutWithArgument: C:\Users\Public\Desktop\Facebook.lnk -> C:\Program Files (x86)\Legpat\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> d391tbweljugwk.cloudfront.net/?ts=AHEqAnQrBXUmAk..&v=20160518&uid=FFF2A3639BEFA36CCEA18F04A7668C60&ptid=cos1&mode=scrp
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-05-28 15:10 - 2016-05-28 15:10 - 00137920 _____ () C:\Program Files\AVAST Software\Avast\x64\log.dll
2015-12-04 12:36 - 2015-12-04 12:36 - 00017168 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-12-04 12:36 - 2015-12-04 12:36 - 00008976 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-12-04 12:36 - 2015-12-04 12:36 - 00023824 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2016-05-26 14:00 - 2016-05-26 09:14 - 00399768 _____ () C:\ProgramData\Legpat\Legpat.exe
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-12 20:54 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 20:54 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-23 13:57 - 2016-08-23 13:57 - 01864384 _____ () C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-02-13 19:02 - 2016-02-13 19:02 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 20:56 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 20:54 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 20:54 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 20:54 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 20:54 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-04 12:36 - 2016-02-12 21:56 - 02957520 _____ () C:\Users\Martin\AppData\Roaming\Browser-Security\safe_url__2.exe
2014-08-28 06:09 - 2014-08-28 06:09 - 00232328 _____ () C:\Program Files\Autodesk\Autodesk Sync\qjson_Ad_0.dll
2014-08-28 06:09 - 2014-08-28 06:09 - 00048520 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2014-08-28 06:09 - 2014-08-28 06:09 - 00059784 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2014-08-28 06:09 - 2014-08-28 06:09 - 00922504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2011-09-16 01:16 - 2011-09-16 01:16 - 00322784 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
2016-08-16 07:41 - 2016-08-16 07:42 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-08-16 07:41 - 2016-08-16 07:42 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-04 08:45 - 2016-06-04 08:45 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-03-27 22:18 - 2016-03-27 22:19 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-04-19 08:18 - 2016-04-19 08:19 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-05-28 15:10 - 2016-05-28 15:10 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-28 15:10 - 2016-05-28 15:10 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-26 16:00 - 2016-08-26 16:00 - 03016192 _____ () C:\Program Files\AVAST Software\Avast\defs\16082601\algo.dll
2016-05-28 15:10 - 2016-05-28 15:10 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-05-28 15:10 - 2016-05-28 15:10 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-08-27 14:31 - 2016-08-27 14:31 - 03016192 _____ () C:\Program Files\AVAST Software\Avast\defs\16082700\algo.dll
2016-06-16 12:44 - 2015-12-30 07:34 - 00582144 _____ () C:\Program Files (x86)\WinZipper\curlpp.dll
2016-06-16 12:44 - 2016-01-26 10:27 - 00066560 _____ () C:\Program Files (x86)\WinZipper\zlib1.dll
2016-05-23 10:42 - 2016-02-15 04:21 - 00582144 _____ () C:\Program Files (x86)\qksee\curlpp.dll
2016-05-23 10:42 - 2015-11-16 14:54 - 00065696 _____ () C:\Program Files (x86)\qksee\zlib1.dll
2016-05-26 14:05 - 2016-07-05 08:54 - 00068432 _____ () C:\Program Files (x86)\Uncheckit\zlib1.dll
2012-11-15 02:53 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2016-05-26 14:05 - 2016-05-25 12:28 - 00179200 _____ () C:\Program Files (x86)\Uncheckit\libpng.dll
2013-08-18 20:22 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-08-18 20:22 - 2013-01-27 16:13 - 00806664 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2013-08-18 20:22 - 2012-09-25 10:32 - 01351792 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\DEU\P2GRC.dll
2013-08-18 20:22 - 2013-01-27 16:13 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2016-08-23 13:57 - 2016-08-23 13:57 - 01383616 _____ () C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-23 13:57 - 2016-08-23 13:57 - 00118976 _____ () C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-03-15 14:12 - 2016-03-15 14:12 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-08-24 09:02 - 2016-07-12 04:07 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-08-24 09:02 - 2016-07-12 04:07 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-08-24 09:02 - 2016-07-12 04:09 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00144848 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-08-24 09:02 - 2016-07-12 04:08 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-08-24 09:02 - 2016-08-24 01:17 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-08-24 09:02 - 2016-08-24 01:02 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-08-24 09:02 - 2016-08-24 01:17 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-08-24 09:02 - 2016-08-24 01:17 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 03929392 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 01972016 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00168248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2011-09-16 01:17 - 2011-09-16 01:17 - 02888416 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
2011-09-16 01:17 - 2011-09-16 01:17 - 00025824 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
2011-09-16 01:18 - 2011-09-16 01:18 - 00028672 _____ () C:\Program Files (x86)\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll
2010-04-05 20:52 - 2010-04-05 20:52 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL
2010-04-05 20:52 - 2010-04-05 20:52 - 00053248 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Mono.Nat.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-11-11 02:42 - 2015-11-11 02:42 - 01045672 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2016-04-19 08:18 - 2016-04-19 08:19 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 08:18 - 2016-04-19 08:19 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-07-28 21:46 - 2016-07-28 21:46 - 22393528 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2016-05-03 16:41 - 2016-05-03 16:41 - 00322232 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2016-06-30 13:55 - 2016-06-30 13:55 - 46476472 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows:CM_07bdf4a8c4c490ca7919611231e13eb670e4a0ad29869dd8f2e869bc87f6c3a8 [74]
AlternateDataStreams: C:\Windows:CM_25c0d7379373529ead846cb4332cac331743f799884338c630de8d6bc5a9ad77 [74]
AlternateDataStreams: C:\Windows:CM_2fbc7cacfd828b791562c9690c61bb830aeeeae72f86bd829562576f9fc1fe83 [74]
AlternateDataStreams: C:\Windows:CM_9015d22b2a6b3f6bdfbfec9cc8a460230758574f203752df19168f533c7fb302 [74]
AlternateDataStreams: C:\Windows:CM_cdfdf49505024624d2decf3e9557d51162be6aba9545d69de4a936f7ba6139f4 [74]
AlternateDataStreams: C:\Windows:CM_d1cca5b43b23e7a102fa897d892102fdacb2faaf6f5875efce3bd0a2c56874f8 [74]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Classes\.scr: SOFiCAD-OEMScriptFile => C:\WINDOWS\system32\notepad.exe "%1" <===== ACHTUNG

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2012-07-26 07:26 - 2016-08-26 18:28 - 00003224 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0x2320436F707972696768742028632920313939332D32303039204D6963726F736F667420436F72702E0D0A230D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E2054686520495020616464726573732073686F756C640D0A2320626520706C6163656420696E2074686520666972737420636F6C756D6E20666F6C6C6F7765642062792074686520636F72726573706F6E64696E6720686F7374206E616D652E0D0A2320546865204950206164647265737320616E642074686520686F7374206E616D652073686F756C6420626520736570617261746564206279206174206C65617374206F6E650D0A232073706163652E0D0A230D0A23204164646974696F6E616C6C792C20636F6D6D656E747320287375636820617320746865736529206D617920626520696E736572746564206F6E20696E646976696475616C0D0A23206C696E6573206F7220666F6C6C6F77696E6720746865206D616368696E65206E616D652064656E6F7465642062792061202723272073796D626F6C2E0D0A230D0A2320466F72206578616D706C653A0D0A230D0A232020202020203130322E35342E39342E393720202020207268696E6F2E61636D652E636F6D202020202020202020202320736F75726365207365727665720D0A232020202020202033382E32352E36332E31302020202020782E61636D652E636F6D202020202020202020202020202023207820636C69656E7420686F73740D0A0D0A23206C6F63616C686F7374206E616D65207265736F6C7574696F6E2069732068616E646C65642077697468696E20444E5320697473656C662E0D0A23093132372E302E302E31202020202020206C6F63616C686F73740D0A23093A3A31202020202020202020202020206C6F63616C686F73740D0A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0A2320756E636865636B69745F626567696E0A232054686573652072756C657320776572652061646465642062792074686520556E636865636B697470726F6772616D20696E206F7264657220746F20626C6F636B206164766572746973696E6720736F667477617265206D6F64756C65730D0A302E302E302E3020302E302E302E3020232066697820666F72207472616365726F75746520616E64206E65747374617420646973706C617920616E6F6D616C790D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D2E73332E616D617A6F6E6177732E636F6D0D0A302E302E302E30206D656469612E6F70656E63616E64792E636F6D0D0A302E302E302E302063646E2E6F70656E63616E64792E636F6D0D0A302E302E302E3020747261636B696E672E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E6F70656E63616E64792E636F6D0D0A302E302E302E30206170692E7265636F6D6D656E64656473772E636F6D0D0A302E302E302E3020696E7374616C6C65722E626574746572696E7374616C6C65722E636F6D0D0A302E302E302E3020696E7374616C6C65722E66696C6562756C6C646F672E636F6D0D0A302E302E302E302064336F78746E31783362386437692E636C6F756466726F6E742E6E65740D0A302E302E302E3020696E6E6F2E62697372762E636F6D0D0A302E302E302E30206E7369732E62697372762E636F6D0D0A302E302E302E302063646E2E66696C65326465736B746F702E636F6D0D0A302E302E302E302063646E2E676F617465617374636163682E75730D0A302E302E302E302063646E2E677574746173746174646B2E75730D0A302E302E302E302063646E2E696E736B696E6D656469612E636F6D0D0A302E302E302E302063646E2E696E7374612E6F6962756E646C6573322E636F6D0D0A302E302E302E302063646E2E696E7374612E706C617962727974652E636F6D0D0A302E302E302E302063646E2E6C6C6F67657466617374636163682E75730D0A302E302E302E302063646E2E6D6F6E74696572612E636F6D0D0A302E302E302E302063646E2E6D7364776E6C642E636F6D0D0A302E302E302E302063646E2E6D7970636261636B75702E636F6D0D0A302E302E302E302063646E2E7070646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E72696365617465617374636163682E75730D0A302E302E302E302063646E2E73687961706F7461746F2E75730D0A302E302E302E302063646E2E736F6C696D62612E636F6D0D0A302E302E302E302063646E2E7475746F3470632E636F6D0D0A302E302E302E302063646E2E617070726F756E642E62697A0D0A302E302E302E302063646E2E626967737065656470726F2E636F6D0D0A302E302E302E302063646E2E62697370642E636F6D0D0A302E302E302E302063646E2E62697372762E636F6D0D0A302E302E302E302063646E2E63646E64702E636F6D0D0A302E302E302E302063646E2E646F776E6C6F61642E73776565747061636B732E636F6D0D0A302E302E302E302063646E2E6470646F776E6C6F61642E636F6D0D0A302E302E302E302063646E2E76697375616C6265652E6E65740D0A2320756E636865636B69745F656E640A

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-205815100-794779995-1947703700-1001\Control Panel\Desktop\\Wallpaper -> c:\users\martin\pictures\carcasonne.jpg
DNS Servers: 10.156.33.53 - 129.187.5.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{6A219EAC-A8C9-4714-A40C-4B1E675DA9A5}C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe] => (Allow) C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe
FirewallRules: [UDP Query User{14B44FB0-F9E5-4BF6-9334-B6BE4CE1D514}C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe] => (Allow) C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe
FirewallRules: [{A88975B8-BBFD-477E-9DC2-5236F5A941BD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{3F3A4D03-C443-4145-84BF-83523DF57C2D}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{AF9C9E7C-E573-4295-9FCB-8ACFAD7FC8F2}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{F138714E-9316-4A72-9797-E4514582BC93}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{0D91FB41-C9AB-40A5-A51E-C6BE6A9CCDEA}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{3E537FF1-097F-4C80-B334-DBAC95E65F32}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{2C1F9E7C-BD53-492A-9B41-50335850F173}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe
FirewallRules: [UDP Query User{32EAEC46-63B7-4D3F-8CB1-FEB6FFFAFCF3}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe
FirewallRules: [{8A367C20-C7E1-4CF4-89F5-014469534249}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{30D99AD4-8229-4E56-966D-245501088E8D}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{A09EB9EB-05F5-445D-855D-1C3B2B1C395A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4CAA78A7-C705-4920-A218-EEFE8BBFA3D0}] => (Allow) C:\Program Files (x86)\Legpat\Update\LegpatUpdate.exe
FirewallRules: [{EC294C97-2178-4F12-B7F5-D2E08D380816}] => (Allow) C:\Program Files (x86)\Legpat\Application\chrome.exe
FirewallRules: [{237E438F-F612-442D-B6F1-028C41382D9D}] => (Allow) C:\ProgramData\Legpat\Legpat.exe
FirewallRules: [{BD4C73AA-4A79-4087-BC07-79477408C425}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{83D7999B-70EB-4F99-9EFD-89AA057289DB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B2D7DCAF-91F3-4D50-9DDF-B79AB22CE482}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9BE540DB-ABBB-4FBF-A772-118C53E7EFF5}] => (Allow) C:\Program Files (x86)\CLIQZ\CLIQZ.exe
FirewallRules: [{0981E983-07AE-4243-A739-73165D224A54}] => (Allow) C:\Program Files (x86)\CLIQZ\CLIQZ.exe
FirewallRules: [{31958BF8-D377-4CD8-811E-2E0A87DBD93F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Wiederherstellungspunkte =========================

10-08-2016 09:32:46 Geplanter Prüfpunkt
19-08-2016 10:38:33 Geplanter Prüfpunkt
24-08-2016 09:01:40 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/28/2016 02:11:28 PM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (08/28/2016 02:11:06 PM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (08/28/2016 01:14:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Laptop-Martin)
Description: Bei der Aktivierung der App „Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/28/2016 11:59:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1218

Error: (08/28/2016 11:59:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1218

Error: (08/28/2016 11:59:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/28/2016 09:37:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Laptop-Martin)
Description: Bei der Aktivierung der App „Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147023174. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/28/2016 09:37:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Laptop-Martin)
Description: Bei der Aktivierung der App „Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147023174. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/28/2016 08:33:54 AM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (08/27/2016 08:19:18 PM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.


Systemfehler:
=============
Error: (08/28/2016 01:35:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT-AUTORITÄT)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.

 Code: 8 0x0 0x0

Error: (08/28/2016 01:35:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT-AUTORITÄT)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.

 Code: 2 0xdeaddeed 0xeeec

Error: (08/28/2016 01:35:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT-AUTORITÄT)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.

 Code: 1 0xc 0x4

Error: (08/28/2016 11:59:41 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht.

Error: (08/28/2016 08:33:15 AM) (Source: DCOM) (EventID: 10005) (User: Laptop-Martin)
Description: 1053MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (08/28/2016 08:33:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053 = Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (08/28/2016 08:33:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Installer erreicht.

Error: (08/28/2016 08:31:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053 = Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (08/28/2016 08:31:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.

Error: (08/27/2016 11:21:06 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {7006698D-2974-4091-A424-85DD0B909E23}


CodeIntegrity:
===================================
  Date: 2016-08-10 17:18:45.428
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-10 13:17:56.917
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-14 10:14:07.414
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-14 07:27:25.005
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-13 09:06:47.804
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-17 15:45:12.710
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-17 11:43:54.192
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-16 12:49:49.599
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-30 22:21:40.173
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2016-05-30 21:00:16.417
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 42%
Installierter physikalischer RAM: 8084.27 MB
Verfügbarer physikalischer RAM: 4658.36 MB
Summe virtueller Speicher: 9364.27 MB
Verfügbarer virtueller Speicher: 5371.94 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:448.21 GB) (Free:139.98 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (RECOVERY) (Fixed) (Total:16.79 GB) (Free:2.14 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (UNSERE_ERDE) (CDROM) (Total:6.87 GB) (Free:0 GB) UDF

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9EC65A10)

Partition: GPT.

==================== Ende von Addition.txt ============================

Martin.9008 · 28.08.2016, 16:04

TDSSKller

Code:

ATTFilter

16:41:53.0484 0x1154  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
16:41:53.0484 0x1154  UEFI system
16:41:58.0034 0x1154  ============================================================
16:41:58.0034 0x1154  Current date / time: 2016/08/28 16:41:58.0034
16:41:58.0035 0x1154  SystemInfo:
16:41:58.0035 0x1154  
16:41:58.0035 0x1154  OS Version: 10.0.10586 ServicePack: 0.0
16:41:58.0035 0x1154  Product type: Workstation
16:41:58.0035 0x1154  ComputerName: LAPTOP-MARTIN
16:41:58.0035 0x1154  UserName: Martin
16:41:58.0035 0x1154  Windows directory: C:\WINDOWS
16:41:58.0035 0x1154  System windows directory: C:\WINDOWS
16:41:58.0035 0x1154  Running under WOW64
16:41:58.0035 0x1154  Processor architecture: Intel x64
16:41:58.0035 0x1154  Number of processors: 4
16:41:58.0035 0x1154  Page size: 0x1000
16:41:58.0035 0x1154  Boot type: Normal boot
16:41:58.0035 0x1154  CodeIntegrityOptions = 0x00000001
16:41:58.0035 0x1154  ============================================================
16:41:58.0951 0x1154  KLMD registered as C:\WINDOWS\system32\drivers\74074566.sys
16:41:58.0951 0x1154  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 10586.545, osProperties = 0x19
16:42:00.0262 0x1154  System UUID: {34B26B61-8220-4638-323C-40A5C5B2118A}
16:42:01.0659 0x1154  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:42:01.0676 0x1154  ============================================================
16:42:01.0676 0x1154  \Device\Harddisk0\DR0:
16:42:01.0676 0x1154  GPT partitions:
16:42:01.0678 0x1154  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {47C292F1-3DC7-4D8F-9757-DD19AF73B9F5}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
16:42:01.0678 0x1154  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {FA027F16-B37B-4383-AC62-CE169939C995}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x82000
16:42:01.0678 0x1154  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {65E97C67-0B5A-47AD-9659-AFD4D17118D6}, Name: Microsoft reserved partition, StartLBA 0x14A800, BlocksNum 0x40000
16:42:01.0678 0x1154  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {9C553705-B9C3-43D6-B865-07BDEE7ADF77}, Name: Basic data partition, StartLBA 0x18A800, BlocksNum 0x38069800
16:42:01.0678 0x1154  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {C11FE4C5-89D8-4908-8813-B0A1C6440898}, Name: Basic data partition, StartLBA 0x381F4000, BlocksNum 0x2192000
16:42:01.0678 0x1154  MBR partitions:
16:42:01.0678 0x1154  ============================================================
16:42:01.0766 0x1154  C: <-> \Device\Harddisk0\DR0\Partition4
16:42:01.0821 0x1154  D: <-> \Device\Harddisk0\DR0\Partition5
16:42:01.0821 0x1154  ============================================================
16:42:01.0821 0x1154  Initialize success
16:42:01.0821 0x1154  ============================================================
16:45:02.0397 0x1dcc  ============================================================
16:45:02.0397 0x1dcc  Scan started
16:45:02.0397 0x1dcc  Mode: Manual; SigCheck; TDLFS; 
16:45:02.0397 0x1dcc  ============================================================
16:45:02.0397 0x1dcc  KSN ping started
16:45:02.0951 0x1dcc  KSN ping finished: true
16:45:09.0323 0x1dcc  ================ Scan system memory ========================
16:45:09.0323 0x1dcc  System memory - ok
16:45:09.0324 0x1dcc  ================ Scan services =============================
16:45:09.0808 0x1dcc  1394ohci - ok
16:45:09.0815 0x1dcc  3ware - ok
16:45:09.0855 0x1dcc  [ 899B7E724BF19F17978B6A37B864A277, F7D166DC5F7642D4B834B1E0D956929BA94F3E4D402989FC1A681A08FA1F86B6 ] Accelerometer   C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
16:45:10.0035 0x1dcc  Accelerometer - ok
16:45:10.0070 0x1dcc  ACPI - ok
16:45:10.0074 0x1dcc  acpiex - ok
16:45:10.0079 0x1dcc  acpipagr - ok
16:45:10.0096 0x1dcc  AcpiPmi - ok
16:45:10.0100 0x1dcc  acpitime - ok
16:45:10.0321 0x1dcc  [ 68E7DEA59FDEF410BAF29FDB5B7A6EEF, B808FCF0C30B465A1330E47947B84FC722A3B4C46260E261C54B1EED725A288F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:45:10.0370 0x1dcc  AdobeARMservice - ok
16:45:10.0599 0x1dcc  [ 32B31B696CB8E8F380831DFEB80A67E4, 8C8F6E16F2FB3E8F10569261B7712BBC931A2924B6C27D561E7F828041C4F3E6 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:45:10.0626 0x1dcc  AdobeFlashPlayerUpdateSvc - ok
16:45:10.0707 0x1dcc  ADP80XX - ok
16:45:10.0717 0x1dcc  AFD - ok
16:45:10.0723 0x1dcc  agp440 - ok
16:45:10.0750 0x1dcc  ahcache - ok
16:45:10.0772 0x1dcc  AJRouter - ok
16:45:10.0826 0x1dcc  ALG - ok
16:45:10.0871 0x1dcc  [ BBADD85854BFB5D43C60B7AC8EEA3DBA, 968C043ABEA46F5C79525863B3FE2681AC0FA4202036C9EFD20B408DECF407E2 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
16:45:10.0962 0x1dcc  AMD External Events Utility - ok
16:45:10.0967 0x1dcc  AmdK8 - ok
16:45:11.0012 0x1dcc  amdkmdag - ok
16:45:11.0118 0x1dcc  [ 17BA5C907E14947574CBB788F4CEB85F, EAA3DBF436637C58666A91905E388287FC54334EBB2589A00727EB09AC4870E3 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
16:45:11.0155 0x1dcc  amdkmdap - ok
16:45:11.0259 0x1dcc  [ 82D7250133CF669A294AF189910C8744, D6448B86B36FD777084755BB653452ACA72D1D0A41227B27E0073BC4A2DF9C8B ] amdkmpfd        C:\WINDOWS\system32\drivers\amdkmpfd.sys
16:45:11.0381 0x1dcc  amdkmpfd - ok
16:45:11.0388 0x1dcc  AmdPPM - ok
16:45:11.0395 0x1dcc  amdsata - ok
16:45:11.0402 0x1dcc  amdsbs - ok
16:45:11.0409 0x1dcc  amdxata - ok
16:45:11.0517 0x1dcc  AppHostSvc - ok
16:45:11.0533 0x1dcc  AppID - ok
16:45:11.0550 0x1dcc  AppIDSvc - ok
16:45:11.0556 0x1dcc  Appinfo - ok
16:45:11.0597 0x1dcc  AppReadiness - ok
16:45:11.0694 0x1dcc  AppXSvc - ok
16:45:11.0700 0x1dcc  arcsas - ok
16:45:11.0853 0x1dcc  aspnet_state - ok
16:45:11.0956 0x1dcc  [ 1694434F5B9AB16772C7A8E2EF9134CA, B84FA624EB6D438BB01AB886AE85FA42BEA46F2E33454C6C4D9078015813CDB5 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
16:45:12.0027 0x1dcc  aswHwid - ok
16:45:12.0095 0x1dcc  [ 786E8BCDFF674068F3C950615FC2E71C, B5803960297F9622F594EC113FF6C89221606FC6B26B02EA6F021BE38AA66794 ] aswKbd          C:\WINDOWS\system32\drivers\aswKbd.sys
16:45:12.0193 0x1dcc  aswKbd - ok
16:45:12.0212 0x1dcc  [ 33D0DD0471FDF449C81338863FC63978, D5898B51B3BCE43E62D459CE808888085D82A4B9B284F90E3301CEF7C33C03E4 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
16:45:12.0281 0x1dcc  aswMonFlt - ok
16:45:12.0378 0x1dcc  [ DF190688D993A3DB227BFB0BB40BD7D4, C7EDA64AE84001089AE2085B8336B7572DEDDCC80EAAA05D73C9C675CAD8C511 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr2.sys
16:45:12.0420 0x1dcc  aswRdr - ok
16:45:12.0487 0x1dcc  [ D873455DFA27680585AE238503917DF5, CAD9CBCD24F33FF8E49C77C795F8FE0540243E455A6FC9E3035B8C15C9EEBD6C ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
16:45:12.0599 0x1dcc  aswRvrt - ok
16:45:12.0701 0x1dcc  [ A371A06EC8F4830C263D3F5CA5A11B65, 62E55DD439C106184F3AF73198D5CEAB5828A0EE1E30A13C35103B1B57966AB6 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
16:45:12.0820 0x1dcc  aswSnx - ok
16:45:12.0870 0x1dcc  [ 6B7F6CE19A16240EE9DE2C528897ED9C, 3B7C24F5B152B408D87DA70B01AD2E744DCB877D46602C0620931FCADB275E17 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
16:45:12.0948 0x1dcc  aswSP - ok
16:45:12.0988 0x1dcc  [ 3575F9226251DE48E065ED5C384A21EF, 032F53FEEB0BB43F1AD673EE13F507D3A8AC10F78543EA1294C40BAA918ED323 ] aswStm          C:\WINDOWS\system32\drivers\aswStm.sys
16:45:13.0008 0x1dcc  aswStm - ok
16:45:13.0069 0x1dcc  [ 5C557767CFC14676DFBA5276BED228EB, 5DAEDCE074EC994947CE4B628717D056D2F5DA4EB1ADAA3E9BD62C56B18E2000 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
16:45:13.0201 0x1dcc  aswVmm - ok
16:45:13.0208 0x1dcc  AsyncMac - ok
16:45:13.0213 0x1dcc  atapi - ok
16:45:13.0291 0x1dcc  [ B4BDE3F758A34658A37DFED3D9783CD8, BC9F6B9BDD639457894DE0F596AB3A655374E078796762FE5E8E5414F0481208 ] atksgt          C:\WINDOWS\system32\DRIVERS\atksgt.sys
16:45:13.0422 0x1dcc  atksgt - ok
16:45:13.0477 0x1dcc  AudioEndpointBuilder - ok
16:45:13.0555 0x1dcc  Audiosrv - ok
16:45:13.0673 0x1dcc  [ 3817558D8D5BBC8B0F190CF0D7C4720F, 7CD250DD22BE0E6CF6BEA639EA8220E46158CA7DF33FF803967CEAEA7FBD14E5 ] Autodesk Content Service C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
16:45:13.0693 0x1dcc  Autodesk Content Service - detected UnsignedFile.Multi.Generic ( 1 )
16:45:13.0948 0x1dcc  Detect skipped due to KSN trusted
16:45:13.0949 0x1dcc  Autodesk Content Service - ok
16:45:14.0097 0x1dcc  [ A24AF1F8186B4B69D54DCC4B059CA695, 882338FEF206231B9FD83787A8685A7B69D76A414923B511A8D6A7619CB86F87 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:45:14.0116 0x1dcc  avast! Antivirus - ok
16:45:14.0179 0x1dcc  AX88772 - ok
16:45:14.0191 0x1dcc  AxInstSV - ok
16:45:14.0197 0x1dcc  b06bdrv - ok
16:45:14.0210 0x1dcc  BasicDisplay - ok
16:45:14.0217 0x1dcc  BasicRender - ok
16:45:14.0227 0x1dcc  bcmfn - ok
16:45:14.0234 0x1dcc  bcmfn2 - ok
16:45:14.0258 0x1dcc  BDESVC - ok
16:45:14.0267 0x1dcc  Beep - ok
16:45:14.0277 0x1dcc  BFE - ok
16:45:14.0330 0x1dcc  BITS - ok
16:45:14.0427 0x1dcc  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:45:14.0449 0x1dcc  Bonjour Service - ok
16:45:14.0452 0x1dcc  bowser - ok
16:45:14.0476 0x1dcc  BrokerInfrastructure - ok
16:45:14.0479 0x1dcc  Browser - ok
16:45:14.0492 0x1dcc  BthAvrcpTg - ok
16:45:14.0495 0x1dcc  BthHFEnum - ok
16:45:14.0499 0x1dcc  bthhfhid - ok
16:45:14.0514 0x1dcc  BthHFSrv - ok
16:45:14.0517 0x1dcc  BTHMODEM - ok
16:45:14.0566 0x1dcc  bthserv - ok
16:45:14.0587 0x1dcc  buttonconverter - ok
16:45:14.0593 0x1dcc  CapImg - ok
16:45:14.0600 0x1dcc  cdfs - ok
16:45:14.0663 0x1dcc  CDPSvc - ok
16:45:14.0723 0x1dcc  cdrom - ok
16:45:14.0731 0x1dcc  CertPropSvc - ok
16:45:14.0778 0x1dcc  circlass - ok
16:45:14.0877 0x1dcc  [ 10831D30FF7FB1D9963C96AB0CAF925B, 17DCB70D9A7497F77BB3FAEAE6A1309E50930C2857068C6F6DAE54A46341CF64 ] cktSvc          C:\Program Files (x86)\Uncheckit\cktSvc.exe
16:45:14.0897 0x1dcc  cktSvc - ok
16:45:14.0901 0x1dcc  CLFS - ok
16:45:14.0933 0x1dcc  ClipSVC - ok
16:45:15.0032 0x1dcc  [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive  C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
16:45:15.0087 0x1dcc  CLVirtualDrive - ok
16:45:15.0091 0x1dcc  CmBatt - ok
16:45:15.0138 0x1dcc  CNG - ok
16:45:15.0145 0x1dcc  cnghwassist - ok
16:45:15.0368 0x1dcc  [ 8B6521F722A6C81333E42BD87FDDB61B, F6E507A0885011B75F0FEE3E324265626A18B01C33D76F6A42F2945A78409DB2 ] CodeMeter.exe   C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
16:45:15.0471 0x1dcc  CodeMeter.exe - ok
16:45:15.0655 0x1dcc  CompositeBus - ok
16:45:15.0662 0x1dcc  COMSysApp - ok
16:45:15.0710 0x1dcc  condrv - ok
16:45:15.0765 0x1dcc  CoreMessagingRegistrar - ok
16:45:15.0921 0x1dcc  [ BB812787B838A74943DEF209350C3883, 2C168F48A68644AA3CB6167BEC2A260E3E9C78D0766A15AA0FAA39CDBD7FA040 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
16:45:15.0956 0x1dcc  cphs - ok
16:45:15.0987 0x1dcc  CryptSvc - ok
16:45:15.0990 0x1dcc  dam - ok
16:45:16.0172 0x1dcc  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdate        C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
16:45:16.0194 0x1dcc  dbupdate - ok
16:45:16.0204 0x1dcc  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdatem       C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
16:45:16.0218 0x1dcc  dbupdatem - ok
16:45:16.0240 0x1dcc  DcomLaunch - ok
16:45:16.0251 0x1dcc  DcpSvc - ok
16:45:16.0263 0x1dcc  defragsvc - ok
16:45:16.0266 0x1dcc  DeviceAssociationService - ok
16:45:16.0324 0x1dcc  DeviceInstall - ok
16:45:16.0327 0x1dcc  DevQueryBroker - ok
16:45:16.0343 0x1dcc  Dfsc - ok
16:45:16.0361 0x1dcc  Dhcp - ok
16:45:16.0450 0x1dcc  diagnosticshub.standardcollector.service - ok
16:45:16.0512 0x1dcc  DiagTrack - ok
16:45:16.0531 0x1dcc  disk - ok
16:45:16.0552 0x1dcc  DmEnrollmentSvc - ok
16:45:16.0560 0x1dcc  dmvsc - ok
16:45:16.0575 0x1dcc  dmwappushservice - ok
16:45:16.0596 0x1dcc  Dnscache - ok
16:45:16.0638 0x1dcc  dot3svc - ok
16:45:16.0749 0x1dcc  [ C0AA415718DDD13A136E353844628A65, 7E2F2A139E897EAE56038B920BDA9381094BC0AE9E626F6634E6B444B8B0C91F ] dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
16:45:16.0841 0x1dcc  dot4 - ok
16:45:16.0911 0x1dcc  [ 0BD906A79F9CE3013F7D9D0AC45F9F9D, 2F7D5082E7E226D5EBEA164A8ACEE0A447C96EB1829224A6EFA3E7B4EFEE1D14 ] Dot4Print       C:\WINDOWS\System32\drivers\Dot4Prt.sys
16:45:17.0129 0x1dcc  Dot4Print - ok
16:45:17.0168 0x1dcc  [ 292ADB7C57B5457F18F2FC06934B0B40, 12FFDF5F48A79B1B4ADBB88BA2CB6C59DD6719554E8EA6BEEFE99B3E3C66F1AC ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
16:45:17.0209 0x1dcc  dot4usb - ok
16:45:17.0253 0x1dcc  DPS - ok
16:45:17.0305 0x1dcc  drmkaud - ok
16:45:17.0329 0x1dcc  DsmSvc - ok
16:45:17.0345 0x1dcc  DsSvc - ok
16:45:17.0357 0x1dcc  DXGKrnl - ok
16:45:17.0373 0x1dcc  Eaphost - ok
16:45:17.0475 0x1dcc  ebdrv - ok
16:45:17.0505 0x1dcc  EFS - ok
16:45:17.0513 0x1dcc  EhStorClass - ok
16:45:17.0527 0x1dcc  EhStorTcgDrv - ok
16:45:17.0532 0x1dcc  embeddedmode - ok
16:45:17.0554 0x1dcc  EntAppSvc - ok
16:45:17.0558 0x1dcc  ErrDev - ok
16:45:17.0613 0x1dcc  EventSystem - ok
16:45:17.0618 0x1dcc  exfat - ok
16:45:17.0730 0x1dcc  fastfat - ok
16:45:17.0741 0x1dcc  Fax - ok
16:45:17.0752 0x1dcc  fdc - ok
16:45:17.0758 0x1dcc  fdPHost - ok
16:45:17.0764 0x1dcc  FDResPub - ok
16:45:17.0784 0x1dcc  fhsvc - ok
16:45:17.0806 0x1dcc  FileCrypt - ok
16:45:17.0813 0x1dcc  FileInfo - ok
16:45:17.0820 0x1dcc  Filetrace - ok
16:45:18.0056 0x1dcc  [ 96A89625E34EC8B5F05A9D01AAD04759, B64B7E7AD5D02D4C91A2A45FB9F523A162482A37F784625233FE4AD8B2601453 ] FlexNet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
16:45:18.0091 0x1dcc  FlexNet Licensing Service 64 - ok
16:45:18.0095 0x1dcc  flpydisk - ok
16:45:18.0099 0x1dcc  FltMgr - ok
16:45:18.0127 0x1dcc  FontCache - ok
16:45:18.0364 0x1dcc  FontCache3.0.0.0 - ok
16:45:18.0384 0x1dcc  FsDepends - ok
16:45:18.0390 0x1dcc  Fs_Rec - ok
16:45:18.0407 0x1dcc  fvevol - ok
16:45:18.0414 0x1dcc  gagp30kx - ok
16:45:18.0432 0x1dcc  gencounter - ok
16:45:18.0449 0x1dcc  genericusbfn - ok
16:45:18.0455 0x1dcc  GPIOClx0101 - ok
16:45:18.0469 0x1dcc  gpsvc - ok
16:45:18.0473 0x1dcc  GpuEnergyDrv - ok
16:45:18.0636 0x1dcc  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:45:18.0657 0x1dcc  gupdate - ok
16:45:18.0667 0x1dcc  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:45:18.0677 0x1dcc  gupdatem - ok
16:45:18.0737 0x1dcc  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:45:18.0746 0x1dcc  gusvc - ok
16:45:18.0750 0x1dcc  HDAudBus - ok
16:45:18.0753 0x1dcc  HidBatt - ok
16:45:18.0756 0x1dcc  HidBth - ok
16:45:18.0759 0x1dcc  hidi2c - ok
16:45:18.0763 0x1dcc  hidinterrupt - ok
16:45:18.0766 0x1dcc  HidIr - ok
16:45:18.0817 0x1dcc  hidserv - ok
16:45:18.0954 0x1dcc  HidUsb - ok
16:45:19.0020 0x1dcc  HomeGroupListener - ok
16:45:19.0066 0x1dcc  HomeGroupProvider - ok
16:45:19.0112 0x1dcc  [ D104FF402FC3DDB686E6DEF00334DB26, 6CCE56587C02ECE474C6BF959C4A6F752A1FF0B718FBE8EE4FD9755313A207C1 ] hpdskflt        C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
16:45:19.0130 0x1dcc  hpdskflt - ok
16:45:19.0362 0x1dcc  [ 7B7DE6B3DC30F3246958F42C67A6F7BB, 4B66B90CFEC2231B905B21DECC4EC7C6500E546F080A452EF67E724EDF37ADD9 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
16:45:19.0390 0x1dcc  hpqwmiex - ok
16:45:19.0394 0x1dcc  HpSAMD - ok
16:45:19.0459 0x1dcc  [ 55FFCBB036D7BE4BCA6FA1421203A27F, 5BB865FC631390F59AF5F2452D4D2DA47E34A49E194C8010E942F5A2013F3895 ] hpsrv           C:\WINDOWS\system32\Hpservice.exe
16:45:19.0482 0x1dcc  hpsrv - ok
16:45:19.0588 0x1dcc  [ 83B7C57901235297A702348394B460A5, FE47A2C19BD5DFEBC0830944E7F3FB67BAC0F09265DD56C74C2CB8000883ABBF ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
16:45:19.0612 0x1dcc  HPSupportSolutionsFrameworkService - ok
16:45:19.0741 0x1dcc  [ 3C5B2067338E4EFDADE94E4A72728F23, 72E21FA1E660F9405A5E39B0F89AB21C60F20BAC13247567EF7139AC130F1897 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
16:45:19.0754 0x1dcc  HPWMISVC - ok
16:45:19.0784 0x1dcc  HTTP - ok
16:45:19.0902 0x1dcc  hwpolicy - ok
16:45:19.0926 0x1dcc  hyperkbd - ok
16:45:19.0934 0x1dcc  HyperVideo - ok
16:45:19.0941 0x1dcc  i8042prt - ok
16:45:19.0948 0x1dcc  iai2c - ok
16:45:19.0959 0x1dcc  iaLPSS2i_I2C - ok
16:45:19.0964 0x1dcc  iaLPSSi_GPIO - ok
16:45:19.0969 0x1dcc  iaLPSSi_I2C - ok
16:45:20.0026 0x1dcc  [ 050F2539E14F9D5E90A4B61738EC29BD, 0E65468B9F452FA7DB6DF2C1B2B2E9439C79031E27054FBDBDFE28A9F98721D7 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
16:45:20.0202 0x1dcc  iaStorA - ok
16:45:20.0207 0x1dcc  iaStorAV - ok
16:45:20.0213 0x1dcc  iaStorV - ok
16:45:20.0217 0x1dcc  ibbus - ok
16:45:20.0349 0x1dcc  [ ABEFA4BD23329FD9BD47496BF2E58774, 9689D4C6380735EE1CC7F480696CDDC229E0FA511942AC813314D353584D82DD ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
16:45:20.0427 0x1dcc  IconMan_R - detected UnsignedFile.Multi.Generic ( 1 )
16:45:20.0591 0x1dcc  Detect skipped due to KSN trusted
16:45:20.0591 0x1dcc  IconMan_R - ok
16:45:20.0628 0x1dcc  icssvc - ok
16:45:20.0773 0x1dcc  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:45:20.0789 0x1dcc  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
16:45:21.0036 0x1dcc  Detect skipped due to KSN trusted
16:45:21.0036 0x1dcc  IDriverT - ok
16:45:21.0043 0x1dcc  IEEtwCollectorService - ok
16:45:21.0186 0x1dcc  [ CEFA6BDB4789F3DA003ACBDCC64F5877, 0FE78AEFA9A75B4A99AD6B73AC3252E4C6DFA9D306FEC02D26C1FD574108BFBA ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
16:45:21.0261 0x1dcc  igfx - ok
16:45:21.0331 0x1dcc  [ 75909533EECD0CD9D5974B59474AA6C0, F81D0F949F1F01D09C91735C79288395B82C27B8FB78804752E5A678D7EF3860 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
16:45:21.0358 0x1dcc  igfxCUIService1.0.0.0 - ok
16:45:21.0412 0x1dcc  IKEEXT - ok
16:45:21.0448 0x1dcc  [ B1F193AB8FB72E9FC34B3A39314ED872, 408E98D9C8ABB928090DD9E5D1BB227EFBC997BF168437BAEF0461EB0D1DAE3D ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
16:45:21.0579 0x1dcc  intaud_WaveExtensible - ok
16:45:21.0637 0x1dcc  [ 87871AB7AC797F922A6F3D4C874CED96, 2BCD89911E42827CD294DD7D1486A7845D1F98019E51958E0F488384401B2944 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
16:45:21.0672 0x1dcc  IntcDAud - ok
16:45:21.0848 0x1dcc  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
16:45:21.0871 0x1dcc  Intel(R) Capability Licensing Service Interface - ok
16:45:22.0111 0x1dcc  [ 30E9FAC23E2537D82F2836CB81AEE186, 03E5072D43ECED70EF004D2E6E654B4CCCE059825CC3C641C0534E4C0BC0C7E8 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
16:45:22.0125 0x1dcc  Intel(R) ME Service - ok
16:45:22.0157 0x1dcc  intelide - ok
16:45:22.0176 0x1dcc  intelpep - ok
16:45:22.0181 0x1dcc  intelppm - ok
16:45:22.0187 0x1dcc  IoQos - ok
16:45:22.0191 0x1dcc  IpFilterDriver - ok
16:45:22.0217 0x1dcc  iphlpsvc - ok
16:45:22.0220 0x1dcc  IPMIDRV - ok
16:45:22.0265 0x1dcc  IPNAT - ok
16:45:22.0269 0x1dcc  IRENUM - ok
16:45:22.0303 0x1dcc  iSafeKrnl - ok
16:45:22.0422 0x1dcc  [ 6010A31C6290AE0C8C6B55FEA74F2D7C, F14CC86E6B52243913F80BAD241D7714610F9EE964850349A15B97984E193A9A ] iSafeKrnlBoot   C:\WINDOWS\system32\DRIVERS\iSafeKrnlBoot.sys
16:45:22.0462 0x1dcc  iSafeKrnlBoot - ok
16:45:22.0465 0x1dcc  iSafeKrnlKit - ok
16:45:22.0513 0x1dcc  [ 60BF5D4AC1E6D465A91456DF16191254, CB83849470070356AF68BB93EA9E628EC573128F8FF7AECC2786A726D4796972 ] iSafeKrnlMon    C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys
16:45:22.0568 0x1dcc  iSafeKrnlMon - ok
16:45:22.0644 0x1dcc  [ 9FB02FBA90F6AF59537A30C3DB9777C8, 6597D4994D0D6262B853F64A6E828C5D411225624F137901F6DCF3D3BA81BB80 ] iSafeNetFilter  C:\WINDOWS\system32\DRIVERS\iSafeNetFilter.sys
16:45:22.0704 0x1dcc  iSafeNetFilter - ok
16:45:22.0708 0x1dcc  iSafeService - ok
16:45:22.0723 0x1dcc  isapnp - ok
16:45:22.0727 0x1dcc  iScsiPrt - ok
16:45:22.0762 0x1dcc  [ DD1F43B86AD84E53203F92FD3EF3AEB6, 9DE2BA80B315E56DF2E74EAA65F4ECB8324DFC19E30EB56EDDF08340AB100E87 ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
16:45:22.0817 0x1dcc  iwdbus - ok
16:45:22.0874 0x1dcc  [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
16:45:22.0901 0x1dcc  jhi_service - ok
16:45:22.0905 0x1dcc  kbdclass - ok
16:45:22.0909 0x1dcc  kbdhid - ok
16:45:22.0913 0x1dcc  kdnic - ok
16:45:22.0917 0x1dcc  KeyIso - ok
16:45:22.0921 0x1dcc  KSecDD - ok
16:45:22.0948 0x1dcc  KSecPkg - ok
16:45:22.0951 0x1dcc  ksthunk - ok
16:45:22.0960 0x1dcc  KtmRm - ok
16:45:22.0966 0x1dcc  LanmanServer - ok
16:45:22.0971 0x1dcc  LanmanWorkstation - ok
16:45:23.0100 0x1dcc  [ 8FB6D64CB42E660C4534D38013D64A03, 11A6A914E8588DDFDE32D12A858BA8A31783B5DDB42C9E7FD0F237D57A437976 ] LavasoftTcpService C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
16:45:23.0154 0x1dcc  LavasoftTcpService - ok
16:45:23.0257 0x1dcc  [ 0557D50CC6515EEBEABD6BC9AD3E54FC, 75D67645D5373CBB6EBEBA6B96C20306218528F0F7392D6076BC488655637DDA ] LegpatP         C:\ProgramData\Legpat\Legpat.exe
16:45:23.0274 0x1dcc  LegpatP - ok
16:45:23.0295 0x1dcc  lfsvc - ok
16:45:23.0298 0x1dcc  LicenseManager - ok
16:45:23.0324 0x1dcc  [ 955982BF4421B77722196552B62E8DC2, 3732449ACDBB78E1ED8436DF153C899C28573F458FDCFE345DFA1B305D085033 ] lirsgt          C:\WINDOWS\system32\DRIVERS\lirsgt.sys
16:45:23.0403 0x1dcc  lirsgt - ok
16:45:23.0430 0x1dcc  lltdio - ok
16:45:23.0437 0x1dcc  lltdsvc - ok
16:45:23.0457 0x1dcc  lmhosts - ok
16:45:23.0499 0x1dcc  [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:45:23.0525 0x1dcc  LMS - ok
16:45:23.0555 0x1dcc  LSI_SAS - ok
16:45:23.0563 0x1dcc  LSI_SAS2i - ok
16:45:23.0567 0x1dcc  LSI_SAS3i - ok
16:45:23.0571 0x1dcc  LSI_SSS - ok
16:45:23.0575 0x1dcc  LSM - ok
16:45:23.0580 0x1dcc  luafv - ok
16:45:23.0594 0x1dcc  MapsBroker - ok
16:45:23.0597 0x1dcc  megasas - ok
16:45:23.0600 0x1dcc  megasr - ok
16:45:23.0639 0x1dcc  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
16:45:23.0773 0x1dcc  MEIx64 - ok
16:45:24.0083 0x1dcc  [ 6F62B8758B0C164E6D9BA7CACF9476C6, 1BBACED2FDB1190E54E2BB6E9281CBD9EB2A1640A3837F7F63D270933421062D ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
16:45:24.0095 0x1dcc  MemeoBackgroundService - ok
16:45:24.0120 0x1dcc  MessagingService - ok
16:45:24.0289 0x1dcc  Microsoft SharePoint Workspace Audit Service - ok
16:45:24.0321 0x1dcc  mlx4_bus - ok
16:45:24.0352 0x1dcc  MMCSS - ok
16:45:24.0358 0x1dcc  Modem - ok
16:45:24.0365 0x1dcc  monitor - ok
16:45:24.0372 0x1dcc  mouclass - ok
16:45:24.0379 0x1dcc  mouhid - ok
16:45:24.0388 0x1dcc  mountmgr - ok
16:45:24.0446 0x1dcc  [ 096C5D009C554DBC8F2E2EFEDFE10A47, D72F1286807FE471755D992AAF398D519680A160D71DB6327019F6DC5A9DEFFC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:45:24.0461 0x1dcc  MozillaMaintenance - ok
16:45:24.0464 0x1dcc  mpsdrv - ok
16:45:24.0487 0x1dcc  MpsSvc - ok
16:45:24.0490 0x1dcc  MRxDAV - ok
16:45:24.0535 0x1dcc  mrxsmb - ok
16:45:24.0550 0x1dcc  mrxsmb10 - ok
16:45:24.0553 0x1dcc  mrxsmb20 - ok
16:45:24.0568 0x1dcc  MsBridge - ok
16:45:24.0579 0x1dcc  MSDTC - ok
16:45:24.0584 0x1dcc  Msfs - ok
16:45:24.0598 0x1dcc  msgpiowin32 - ok
16:45:24.0601 0x1dcc  mshidkmdf - ok
16:45:24.0604 0x1dcc  mshidumdf - ok
16:45:24.0608 0x1dcc  msisadrv - ok
16:45:24.0641 0x1dcc  MSiSCSI - ok
16:45:24.0644 0x1dcc  msiserver - ok
16:45:24.0647 0x1dcc  MSKSSRV - ok
16:45:24.0651 0x1dcc  MsLldp - ok
16:45:24.0653 0x1dcc  MSPCLOCK - ok
16:45:24.0657 0x1dcc  MSPQM - ok
16:45:24.0660 0x1dcc  MsRPC - ok
16:45:24.0665 0x1dcc  mssmbios - ok
16:45:24.0668 0x1dcc  MSTEE - ok
16:45:24.0671 0x1dcc  MTConfig - ok
16:45:24.0675 0x1dcc  Mup - ok
16:45:24.0678 0x1dcc  mvumis - ok
16:45:24.0713 0x1dcc  NativeWifiP - ok
16:45:24.0828 0x1dcc  [ 988CDC4DAE2186F3A5ED6EE7D3E6B5CA, DB40F7705F0475FF774452E365152EBEDDC77D8ACE48419DABE02DD385C6B725 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
16:45:24.0861 0x1dcc  NAUpdate - ok
16:45:24.0887 0x1dcc  NcaSvc - ok
16:45:24.0907 0x1dcc  NcbService - ok
16:45:24.0909 0x1dcc  NcdAutoSetup - ok
16:45:24.0916 0x1dcc  ndfltr - ok
16:45:24.0923 0x1dcc  NDIS - ok
16:45:24.0929 0x1dcc  NdisCap - ok
16:45:24.0937 0x1dcc  NdisImPlatform - ok
16:45:24.0942 0x1dcc  NdisTapi - ok
16:45:24.0946 0x1dcc  Ndisuio - ok
16:45:24.0950 0x1dcc  NdisVirtualBus - ok
16:45:24.0954 0x1dcc  NdisWan - ok
16:45:24.0958 0x1dcc  ndiswanlegacy - ok
16:45:24.0962 0x1dcc  ndproxy - ok
16:45:24.0982 0x1dcc  Ndu - ok
16:45:25.0008 0x1dcc  [ 6D1D9124B78C96CB5B98AAC511D6E853, 6D8082C11454672D37E1389B455B9806B40FC3A71358FE10869065D06EAF494A ] Net Driver HPZ12 C:\Windows\System32\HPZinw12.dll
16:45:25.0033 0x1dcc  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
16:45:25.0195 0x1dcc  Detect skipped due to KSN trusted
16:45:25.0195 0x1dcc  Net Driver HPZ12 - ok
16:45:25.0202 0x1dcc  NetBIOS - ok
16:45:25.0233 0x1dcc  NetBT - ok
16:45:25.0239 0x1dcc  Netlogon - ok
16:45:25.0258 0x1dcc  Netman - ok
16:45:25.0265 0x1dcc  netprofm - ok
16:45:25.0272 0x1dcc  netr28x - ok
16:45:25.0316 0x1dcc  NetSetupSvc - ok
16:45:25.0477 0x1dcc  NetTcpPortSharing - ok
16:45:25.0508 0x1dcc  netvsc - ok
16:45:25.0575 0x1dcc  NgcCtnrSvc - ok
16:45:25.0582 0x1dcc  NgcSvc - ok
16:45:25.0589 0x1dcc  NlaSvc - ok
16:45:25.0595 0x1dcc  Npfs - ok
16:45:25.0619 0x1dcc  npsvctrig - ok
16:45:25.0625 0x1dcc  nsi - ok
16:45:25.0633 0x1dcc  nsiproxy - ok
16:45:25.0653 0x1dcc  NTFS - ok
16:45:25.0661 0x1dcc  Null - ok
16:45:25.0666 0x1dcc  nvraid - ok
16:45:25.0672 0x1dcc  nvstor - ok
16:45:25.0676 0x1dcc  nv_agp - ok
16:45:25.0700 0x1dcc  OneSyncSvc - ok
16:45:25.0820 0x1dcc  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:45:25.0830 0x1dcc  ose - ok
16:45:26.0067 0x1dcc  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:45:26.0165 0x1dcc  osppsvc - ok
16:45:26.0196 0x1dcc  p2pimsvc - ok
16:45:26.0204 0x1dcc  p2psvc - ok
16:45:26.0264 0x1dcc  Parport - ok
16:45:26.0282 0x1dcc  partmgr - ok
16:45:26.0289 0x1dcc  PcaSvc - ok
16:45:26.0308 0x1dcc  pci - ok
16:45:26.0315 0x1dcc  pciide - ok
16:45:26.0321 0x1dcc  pcmcia - ok
16:45:26.0330 0x1dcc  pcw - ok
16:45:26.0337 0x1dcc  pdc - ok
16:45:26.0349 0x1dcc  PEAUTH - ok
16:45:26.0378 0x1dcc  [ 8B028BB7546947C93B5D7DD3C6B39444, AC6C11ED8F23F9B15082A15F5DF1A8A44D14EBDA0F90592B40F8631F970E600A ] pelmouse        C:\WINDOWS\system32\DRIVERS\pelmouse.sys
16:45:26.0412 0x1dcc  pelmouse - ok
16:45:26.0429 0x1dcc  [ B09DF176603C4609BFB370F4F4973300, 0AF4E66557346A99C1AFCA483822BB934CA20076ADDEDBC03F965E79E76CFFFA ] pelusblf        C:\WINDOWS\system32\DRIVERS\pelusblf.sys
16:45:26.0490 0x1dcc  pelusblf - ok
16:45:26.0514 0x1dcc  percsas2i - ok
16:45:26.0520 0x1dcc  percsas3i - ok
16:45:26.0601 0x1dcc  PerfHost - ok
16:45:26.0616 0x1dcc  PhoneSvc - ok
16:45:26.0646 0x1dcc  PimIndexMaintenanceSvc - ok
16:45:26.0699 0x1dcc  pla - ok
16:45:26.0718 0x1dcc  PlugPlay - ok
16:45:26.0746 0x1dcc  [ 6A5C18184E4CF60A963BDD9CB67243BA, 78F6FFB4B504E6C138176181F21EE4D775976DDA9CBEE46219459061645B023C ] Pml Driver HPZ12 C:\Windows\System32\HPZipm12.dll
16:45:26.0761 0x1dcc  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
16:45:26.0933 0x1dcc  Detect skipped due to KSN trusted
16:45:26.0933 0x1dcc  Pml Driver HPZ12 - ok
16:45:26.0941 0x1dcc  PNRPAutoReg - ok
16:45:26.0948 0x1dcc  PNRPsvc - ok
16:45:26.0983 0x1dcc  PolicyAgent - ok
16:45:26.0989 0x1dcc  Power - ok
16:45:27.0006 0x1dcc  PptpMiniport - ok
16:45:27.0218 0x1dcc  [ C9908063F90F5541098BF19EA63E1327, AA6B5E4D01CD8061D5953FDE3025FE4AF01B265C182B8818107A035E4FFAD0DF ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
16:45:27.0391 0x1dcc  PrintNotify - ok
16:45:27.0405 0x1dcc  Processor - ok
16:45:27.0425 0x1dcc  ProfSvc - ok
16:45:27.0435 0x1dcc  Psched - ok
16:45:27.0594 0x1dcc  [ CA54F472755305BB7261CFFE2639E7E7, 58CADDCDDFAEE2C17D3E021BC4F2510C33B62A542E6EBAAEB8B47EE8910D6734 ] qkseeService    C:\Program Files (x86)\qksee\qkseeSvc.exe
16:45:27.0630 0x1dcc  qkseeService - detected UnsignedFile.Multi.Generic ( 1 )
16:45:28.0510 0x1dcc  qkseeService ( UnsignedFile.Multi.Generic ) - warning
16:45:28.0730 0x1dcc  QWAVE - ok
16:45:28.0737 0x1dcc  QWAVEdrv - ok
16:45:28.0745 0x1dcc  RasAcd - ok
16:45:28.0778 0x1dcc  RasAgileVpn - ok
16:45:28.0797 0x1dcc  RasAuto - ok
16:45:28.0814 0x1dcc  Rasl2tp - ok
16:45:28.0821 0x1dcc  RasMan - ok
16:45:28.0827 0x1dcc  RasPppoe - ok
16:45:28.0835 0x1dcc  RasSstp - ok
16:45:28.0855 0x1dcc  rdbss - ok
16:45:28.0861 0x1dcc  rdpbus - ok
16:45:28.0866 0x1dcc  RDPDR - ok
16:45:28.0922 0x1dcc  RdpVideoMiniport - ok
16:45:28.0926 0x1dcc  rdyboost - ok
16:45:28.0936 0x1dcc  ReFSv1 - ok
16:45:28.0953 0x1dcc  RemoteAccess - ok
16:45:28.0958 0x1dcc  RemoteRegistry - ok
16:45:28.0979 0x1dcc  RetailDemo - ok
16:45:28.0984 0x1dcc  RpcEptMapper - ok
16:45:28.0993 0x1dcc  RpcLocator - ok
16:45:28.0998 0x1dcc  RpcSs - ok
16:45:29.0036 0x1dcc  [ D38250F459BF60D6F4B69B79DCD948CC, E68C864C1A4C9352EA939062F28789ADE9F0672E8CB3F3909D2891786C76F06F ] RSP2STOR        C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys
16:45:29.0075 0x1dcc  RSP2STOR - ok
16:45:29.0079 0x1dcc  rspndr - ok
16:45:29.0082 0x1dcc  rt640x64 - ok
16:45:29.0112 0x1dcc  s3cap - ok
16:45:29.0120 0x1dcc  SamSs - ok
16:45:29.0123 0x1dcc  sbp2port - ok
16:45:29.0138 0x1dcc  SCardSvr - ok
16:45:29.0141 0x1dcc  ScDeviceEnum - ok
16:45:29.0144 0x1dcc  scfilter - ok
16:45:29.0162 0x1dcc  Schedule - ok
16:45:29.0180 0x1dcc  SCPolicySvc - ok
16:45:29.0194 0x1dcc  sdbus - ok
16:45:29.0197 0x1dcc  SDRSVC - ok
16:45:29.0200 0x1dcc  sdstor - ok
16:45:29.0276 0x1dcc  [ 8658BEDD11B13C56607EE0BE437693E5, E86546071DD68D0F07D0475151D5233CDF1171B01209580FC8EA8A86FC0C2215 ] SearchProtectionService C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
16:45:29.0289 0x1dcc  SearchProtectionService - ok
16:45:29.0325 0x1dcc  seclogon - ok
16:45:29.0332 0x1dcc  SENS - ok
16:45:29.0347 0x1dcc  SensorDataService - ok
16:45:29.0375 0x1dcc  SensorService - ok
16:45:29.0416 0x1dcc  SensrSvc - ok
16:45:29.0423 0x1dcc  SerCx - ok
16:45:29.0455 0x1dcc  SerCx2 - ok
16:45:29.0503 0x1dcc  Serenum - ok
16:45:29.0519 0x1dcc  Serial - ok
16:45:29.0528 0x1dcc  sermouse - ok
16:45:29.0551 0x1dcc  SessionEnv - ok
16:45:29.0556 0x1dcc  sfloppy - ok
16:45:29.0569 0x1dcc  SharedAccess - ok
16:45:29.0592 0x1dcc  ShellHWDetection - ok
16:45:29.0596 0x1dcc  SiSRaid2 - ok
16:45:29.0601 0x1dcc  SiSRaid4 - ok
16:45:29.0663 0x1dcc  [ E00BA977EA507FB19BDD9594AFA13C47, 78A07DD3E9258AC49B815BF5E4CCA1184F8708CC7B96C2A910270608C4D8B153 ] SKYNETU2C       C:\WINDOWS\System32\drivers\SkyNetU2C_AMD64.SYS
16:45:29.0739 0x1dcc  SKYNETU2C - ok
16:45:29.0813 0x1dcc  [ 0229E0BB503D7D58355EE30823CDA701, F19AC8A5F2F5C45D1914DA60C6EE2075145AA72B29E0D8AF77F3647C89AFFA2E ] SkyNetU2CBDA_AMD64 C:\WINDOWS\system32\DRIVERS\SkyNetU2CBDA_AMD64.sys
16:45:29.0867 0x1dcc  SkyNetU2CBDA_AMD64 - ok
16:45:29.0887 0x1dcc  [ AF5CC3F9B88F140D78FC967ABF0F4EC7, 7CE3AB7B0A36635CF00E35E84C14B8661FAF794ABCFA61AE45A0E5E8EA996A3B ] SmbDrv          C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys
16:45:29.0895 0x1dcc  SmbDrv - ok
16:45:29.0945 0x1dcc  [ C67697A38E6D646F97EFF462DED68CF3, C6A8B2BAAC830D59E05949485F77E6803ED0138FEEAB6C2DA58A3D0BF5361A3E ] SmbDrvI         C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
16:45:29.0994 0x1dcc  SmbDrvI - ok
16:45:30.0043 0x1dcc  smphost - ok
16:45:30.0068 0x1dcc  SmsRouter - ok
16:45:30.0092 0x1dcc  SNMPTRAP - ok
16:45:30.0109 0x1dcc  spaceport - ok
16:45:30.0117 0x1dcc  SpbCx - ok
16:45:30.0140 0x1dcc  Spooler - ok
16:45:30.0151 0x1dcc  sppsvc - ok
16:45:30.0168 0x1dcc  srv - ok
16:45:30.0172 0x1dcc  srv2 - ok
16:45:30.0188 0x1dcc  srvnet - ok
16:45:30.0205 0x1dcc  SSDPSRV - ok
16:45:30.0209 0x1dcc  SstpSvc - ok
16:45:30.0334 0x1dcc  [ 098185E9B7C417CF7480BB9F839DB652, 5573CB98057DC2F01E8958780165A32AFD08E4C768F5625250628CB8A4C509D3 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
16:45:30.0388 0x1dcc  STacSV - ok
16:45:30.0416 0x1dcc  StateRepository - ok
16:45:30.0434 0x1dcc  stexstor - ok
16:45:30.0488 0x1dcc  [ 32BE0B7CCA47A5BE30E7E43DC54B54F3, D4667E88E14393311F93D787C902B993B9451A94D332A65B0E22A8C40C3DFF44 ] STHDA           C:\WINDOWS\system32\DRIVERS\stwrt64.sys
16:45:30.0612 0x1dcc  STHDA - ok
16:45:30.0633 0x1dcc  stisvc - ok
16:45:30.0636 0x1dcc  storahci - ok
16:45:30.0642 0x1dcc  storflt - ok
16:45:30.0646 0x1dcc  stornvme - ok
16:45:30.0650 0x1dcc  storqosflt - ok
16:45:30.0665 0x1dcc  StorSvc - ok
16:45:30.0669 0x1dcc  storufs - ok
16:45:30.0673 0x1dcc  storvsc - ok
16:45:30.0687 0x1dcc  svsvc - ok
16:45:30.0690 0x1dcc  swenum - ok
16:45:30.0694 0x1dcc  swprv - ok
16:45:30.0711 0x1dcc  Synth3dVsc - ok
16:45:30.0762 0x1dcc  [ 46062E452891A8D6D3B96DCAADDCC084, 0A4D4B16B7F8C751D3887FFD9977BAA8B76B321CCA06F024D93E2867D22B4F8D ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:45:30.0781 0x1dcc  SynTP - ok
16:45:30.0805 0x1dcc  SysMain - ok
16:45:30.0820 0x1dcc  SystemEventsBroker - ok
16:45:30.0828 0x1dcc  TabletInputService - ok
16:45:30.0832 0x1dcc  TapiSrv - ok
16:45:30.0848 0x1dcc  Tcpip - ok
16:45:30.0852 0x1dcc  Tcpip6 - ok
16:45:30.0859 0x1dcc  tcpipreg - ok
16:45:30.0878 0x1dcc  tdx - ok
16:45:30.0882 0x1dcc  terminpt - ok
16:45:30.0888 0x1dcc  TermService - ok
16:45:30.0893 0x1dcc  Themes - ok
16:45:31.0008 0x1dcc  [ A2731C202E21BC940F9230FFBD15BD67, 217B1F1720E3DBAF413685294600B5A636C555246962FFA70A29F9A3BBAC3BC4 ] ThnAdpsrv       C:\Program Files (x86)\Thunshprerusp\ThnAdpsrv.exe
16:45:31.0042 0x1dcc  ThnAdpsrv - ok
16:45:31.0093 0x1dcc  TieringEngineService - ok
16:45:31.0115 0x1dcc  tiledatamodelsvc - ok
16:45:31.0142 0x1dcc  TimeBroker - ok
16:45:31.0189 0x1dcc  TPM - ok
16:45:31.0208 0x1dcc  TrkWks - ok
16:45:31.0285 0x1dcc  TrustedInstaller - ok
16:45:31.0295 0x1dcc  tsusbflt - ok
16:45:31.0303 0x1dcc  TsUsbGD - ok
16:45:31.0310 0x1dcc  tunnel - ok
16:45:31.0344 0x1dcc  tzautoupdate - ok
16:45:31.0355 0x1dcc  uagp35 - ok
16:45:31.0362 0x1dcc  UASPStor - ok
16:45:31.0374 0x1dcc  UcmCx0101 - ok
16:45:31.0381 0x1dcc  UcmUcsi - ok
16:45:31.0390 0x1dcc  Ucx01000 - ok
16:45:31.0395 0x1dcc  UdeCx - ok
16:45:31.0400 0x1dcc  udfs - ok
16:45:31.0405 0x1dcc  UEFI - ok
16:45:31.0415 0x1dcc  Ufx01000 - ok
16:45:31.0429 0x1dcc  UfxChipidea - ok
16:45:31.0432 0x1dcc  ufxsynopsys - ok
16:45:31.0439 0x1dcc  UI0Detect - ok
16:45:31.0442 0x1dcc  uliagpkx - ok
16:45:31.0445 0x1dcc  umbus - ok
16:45:31.0448 0x1dcc  UmPass - ok
16:45:31.0457 0x1dcc  UmRdpService - ok
16:45:31.0557 0x1dcc  [ B57877104D8D30B4538CA6D01E98B825, F124AC9E22F652AE49E67D5F084CFC149BB7BB989401E9AF589650F709438C4B ] UncheckitSvc    C:\Program Files (x86)\Uncheckit\UncheckitSvc.exe
16:45:31.0576 0x1dcc  UncheckitSvc - ok
16:45:31.0608 0x1dcc  UnistoreSvc - ok
16:45:31.0793 0x1dcc  [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:45:31.0815 0x1dcc  UNS - ok
16:45:31.0818 0x1dcc  upnphost - ok
16:45:31.0855 0x1dcc  UrsChipidea - ok
16:45:31.0858 0x1dcc  UrsCx01000 - ok
16:45:31.0861 0x1dcc  UrsSynopsys - ok
16:45:31.0877 0x1dcc  usbccgp - ok
16:45:31.0880 0x1dcc  usbcir - ok
16:45:31.0885 0x1dcc  usbehci - ok
16:45:31.0888 0x1dcc  usbhub - ok
16:45:31.0896 0x1dcc  USBHUB3 - ok
16:45:31.0900 0x1dcc  usbohci - ok
16:45:31.0903 0x1dcc  usbprint - ok
16:45:31.0908 0x1dcc  usbser - ok
16:45:31.0922 0x1dcc  USBSTOR - ok
16:45:31.0925 0x1dcc  usbuhci - ok
16:45:31.0928 0x1dcc  usbvideo - ok
16:45:31.0940 0x1dcc  USBXHCI - ok
16:45:31.0964 0x1dcc  UserDataSvc - ok
16:45:31.0998 0x1dcc  UserManager - ok
16:45:32.0010 0x1dcc  UsoSvc - ok
16:45:32.0014 0x1dcc  VaultSvc - ok
16:45:32.0019 0x1dcc  vdrvroot - ok
16:45:32.0039 0x1dcc  vds - ok
16:45:32.0042 0x1dcc  VerifierExt - ok
16:45:32.0046 0x1dcc  vhdmp - ok
16:45:32.0050 0x1dcc  vhf - ok
16:45:32.0053 0x1dcc  vmbus - ok
16:45:32.0056 0x1dcc  VMBusHID - ok
16:45:32.0066 0x1dcc  vmicguestinterface - ok
16:45:32.0069 0x1dcc  vmicheartbeat - ok
16:45:32.0074 0x1dcc  vmickvpexchange - ok
16:45:32.0077 0x1dcc  vmicrdv - ok
16:45:32.0080 0x1dcc  vmicshutdown - ok
16:45:32.0084 0x1dcc  vmictimesync - ok
16:45:32.0088 0x1dcc  vmicvmsession - ok
16:45:32.0092 0x1dcc  vmicvss - ok
16:45:32.0095 0x1dcc  volmgr - ok
16:45:32.0121 0x1dcc  volmgrx - ok
16:45:32.0125 0x1dcc  volsnap - ok
16:45:32.0162 0x1dcc  vpci - ok
16:45:32.0165 0x1dcc  vsmraid - ok
16:45:32.0169 0x1dcc  VSS - ok
16:45:32.0172 0x1dcc  VSTXRAID - ok
16:45:32.0176 0x1dcc  vwifibus - ok
16:45:32.0179 0x1dcc  vwififlt - ok
16:45:32.0184 0x1dcc  vwifimp - ok
16:45:32.0190 0x1dcc  W32Time - ok
16:45:32.0295 0x1dcc  w3logsvc - ok
16:45:32.0304 0x1dcc  WacomPen - ok
16:45:32.0339 0x1dcc  WalletService - ok
16:45:32.0343 0x1dcc  wanarp - ok
16:45:32.0349 0x1dcc  wanarpv6 - ok
16:45:32.0385 0x1dcc  WAS - ok
16:45:32.0407 0x1dcc  wbengine - ok
16:45:32.0415 0x1dcc  WbioSrvc - ok
16:45:32.0432 0x1dcc  Wcmsvc - ok
16:45:32.0439 0x1dcc  wcncsvc - ok
16:45:32.0445 0x1dcc  WcsPlugInService - ok
16:45:32.0473 0x1dcc  WdBoot - ok
16:45:32.0499 0x1dcc  Wdf01000 - ok
16:45:32.0504 0x1dcc  WdFilter - ok
16:45:32.0515 0x1dcc  WdiServiceHost - ok
16:45:32.0527 0x1dcc  WdiSystemHost - ok
16:45:32.0538 0x1dcc  wdiwifi - ok
16:45:32.0542 0x1dcc  WdNisDrv - ok
16:45:32.0570 0x1dcc  WdNisSvc - ok
16:45:32.0596 0x1dcc  WebClient - ok
16:45:32.0602 0x1dcc  Wecsvc - ok
16:45:32.0607 0x1dcc  WEPHOSTSVC - ok
16:45:32.0653 0x1dcc  wercplsupport - ok
16:45:32.0662 0x1dcc  WerSvc - ok
16:45:32.0711 0x1dcc  WFPLWFS - ok
16:45:32.0718 0x1dcc  WiaRpc - ok
16:45:32.0726 0x1dcc  WIMMount - ok
16:45:32.0733 0x1dcc  WinDefend - ok
16:45:32.0746 0x1dcc  WindowsTrustedRT - ok
16:45:32.0787 0x1dcc  WindowsTrustedRTProxy - ok
16:45:32.0802 0x1dcc  WinHttpAutoProxySvc - ok
16:45:32.0807 0x1dcc  WinMad - ok
16:45:32.0909 0x1dcc  Winmgmt - ok
16:45:32.0923 0x1dcc  WinRM - ok
16:45:32.0971 0x1dcc  WINUSB - ok
16:45:32.0980 0x1dcc  WinVerbs - ok
16:45:33.0138 0x1dcc  [ 6B14008F9BF49B3B24CBB0A5D8F18D7F, FDC348F881FFD46F070B7E9733758A02C8726D5621314E1B68E1BE4B65A54E5B ] winzipersvc     C:\Program Files (x86)\WinZipper\winzipersvc.exe
16:45:33.0171 0x1dcc  winzipersvc - ok
16:45:33.0222 0x1dcc  [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] WirelessButtonDriver C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys
16:45:33.0538 0x1dcc  WirelessButtonDriver - ok
16:45:33.0607 0x1dcc  WlanSvc - ok
16:45:33.0641 0x1dcc  wlidsvc - ok
16:45:33.0648 0x1dcc  WmiAcpi - ok
16:45:33.0671 0x1dcc  wmiApSrv - ok
16:45:33.0699 0x1dcc  WMPNetworkSvc - ok
16:45:33.0763 0x1dcc  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
16:45:33.0870 0x1dcc  Wof - ok
16:45:33.0918 0x1dcc  workfolderssvc - ok
16:45:33.0937 0x1dcc  wpcfltr - ok
16:45:33.0964 0x1dcc  WPDBusEnum - ok
16:45:33.0968 0x1dcc  WpdUpFltr - ok
16:45:33.0975 0x1dcc  WpnService - ok
16:45:33.0979 0x1dcc  ws2ifsl - ok
16:45:33.0986 0x1dcc  wscsvc - ok
16:45:33.0990 0x1dcc  WSDPrintDevice - ok
16:45:33.0994 0x1dcc  WSearch - ok
16:45:34.0021 0x1dcc  WSService - ok
16:45:34.0039 0x1dcc  wuauserv - ok
16:45:34.0056 0x1dcc  WudfPf - ok
16:45:34.0069 0x1dcc  WUDFRd - ok
16:45:34.0080 0x1dcc  wudfsvc - ok
16:45:34.0083 0x1dcc  WUDFWpdFs - ok
16:45:34.0088 0x1dcc  WUDFWpdMtp - ok
16:45:34.0092 0x1dcc  WwanSvc - ok
16:45:34.0113 0x1dcc  XblAuthManager - ok
16:45:34.0131 0x1dcc  XblGameSave - ok
16:45:34.0143 0x1dcc  xboxgip - ok
16:45:34.0169 0x1dcc  XboxNetApiSvc - ok
16:45:34.0187 0x1dcc  xinputhid - ok
16:45:34.0192 0x1dcc  ================ Scan global ===============================
16:45:34.0291 0x1dcc  [ Global ] - ok
16:45:34.0292 0x1dcc  ================ Scan MBR ==================================
16:45:34.0318 0x1dcc  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
16:45:34.0397 0x1dcc  \Device\Harddisk0\DR0 - ok
16:45:34.0397 0x1dcc  ================ Scan VBR ==================================
16:45:34.0425 0x1dcc  [ CE3C593D8B9821FE39405DA5E71D6B6F ] \Device\Harddisk0\DR0\Partition1
16:45:34.0426 0x1dcc  \Device\Harddisk0\DR0\Partition1 - ok
16:45:34.0439 0x1dcc  [ 45DB0828650CFF28AC387F721DA99868 ] \Device\Harddisk0\DR0\Partition2
16:45:34.0440 0x1dcc  \Device\Harddisk0\DR0\Partition2 - ok
16:45:34.0447 0x1dcc  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
16:45:34.0447 0x1dcc  \Device\Harddisk0\DR0\Partition3 - ok
16:45:34.0456 0x1dcc  [ CE0F7F3F0EC30463376B92DEB1842280 ] \Device\Harddisk0\DR0\Partition4
16:45:34.0457 0x1dcc  \Device\Harddisk0\DR0\Partition4 - ok
16:45:34.0496 0x1dcc  [ 547DBA75702140C56BFC3BED916F2A63 ] \Device\Harddisk0\DR0\Partition5
16:45:34.0497 0x1dcc  \Device\Harddisk0\DR0\Partition5 - ok
16:45:34.0498 0x1dcc  ================ Scan generic autorun ======================
16:45:34.0623 0x1dcc  [ 210875E72C45D712120904128F357233, 4998BF27D28D4DDE79F9B06E0562E28A9D433DBFC0D3D4144A7A97EBF5110091 ] C:\Program Files\IDT\WDM\sttray64.exe
16:45:34.0681 0x1dcc  SysTrayApp - ok
16:45:34.0683 0x1dcc  SynTPEnh - ok
16:45:34.0827 0x1dcc  [ B7995C675014EEBE77A0BEB7AFCCFC08, 41D186C63273301CF0A1C1EE7B6EB0BB75A251DD441532C5CEB7A4095FB103CD ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
16:45:34.0843 0x1dcc  RemoteControl10 - ok
16:45:35.0024 0x1dcc  [ D1C8B0DC04347B6B9B5B3B9204DF6756, DA4D1CC98DCDFDF674F83164843A6B4E8830232700BE13CC755F94638351DA8B ] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
16:45:35.0053 0x1dcc  HP CoolSense - ok
16:45:35.0206 0x1dcc  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
16:45:35.0231 0x1dcc  BCSSync - ok
16:45:35.0345 0x1dcc  [ BCBE8AEB8C6014A694062968F21BC0C4, 294D7BAA92121C7F647C0066A4D7E10F75C39C3EF12A0ECD5CAAF99F99A7C64A ] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe
16:45:35.0362 0x1dcc  Memeo Instant Backup - ok
16:45:35.0473 0x1dcc  [ 6198A9BC15ED77F318D5DDD1918CF1D1, 6C7E619BB053F09021F5867E3A70A3A2890E2318CF1A5CE294A5F894CB3A4890 ] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
16:45:35.0495 0x1dcc  HP Quick Launch - ok
16:45:35.0793 0x1dcc  [ 1E06B301F4FA22A01B8CC314FC7A7E1C, D8E7DC35BF60FD5A1169BA6C127747D7928758071E37043891C24821F8BFFD19 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
16:45:35.0944 0x1dcc  AvastUI.exe - ok
16:45:36.0072 0x1dcc  [ 4C6AAABB264526A9C845A39AEBB79B69, B27F869E8B44CC5F1F9ADCA53AA848C16D706587ED9C7F995AE59BF9B0426523 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
16:45:36.0091 0x1dcc  StartCCC - ok
16:45:36.0209 0x1dcc  Dropbox - ok
16:45:36.0307 0x1dcc  [ 6EACC43D0542EF88226FB34B0B12EDB0, 6345E4B49D7F804F6DE042F981AB172822B6AB74C42209BEFB0582B019430884 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
16:45:36.0327 0x1dcc  SunJavaUpdateSched - ok
16:45:36.0429 0x1dcc  OneDriveSetup - ok
16:45:36.0432 0x1dcc  OneDriveSetup - ok
16:45:36.0591 0x1dcc  [ A49BDAAE58D3FFFEF42886F9CDA17861, 71CE5FF6F12938E3973A7052851C9645EB6852BC662A5B07A0F75F475E04DC40 ] C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
16:45:36.0627 0x1dcc  Power2GoExpress8 - ok
16:45:36.0987 0x1dcc  [ 10E89F598469C60D8C87A8218089A87D, BE40B0DAB9F19E325086605A795469FC8A501FA66E05AD4D990E3C1A0326BAEF ] C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe
16:45:37.0073 0x1dcc  Akamai NetSession Interface - ok
16:45:37.0235 0x1dcc  [ 6C7122316FE67D7EF1C470DBFDEBE65D, 498EA6B8E9F4482FE5FEEC174000FD4EF68287C72EBE1D0D0AFAEF6AD3850F4B ] C:\Users\Martin\AppData\Roaming\Browser-Security\safe_url__2.exe
16:45:37.0295 0x1dcc  safe_url__2 - ok
16:45:37.0457 0x1dcc  [ 2AB653E11A18FB6E88A3E8974C2E084D, 8CAAC651B37CA4D31AB436ACED6239C8338F3D692D8ABC851BF99F282215E349 ] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
16:45:37.0486 0x1dcc  Web Companion - ok
16:45:37.0669 0x1dcc  [ A5D4129CEA4D3B75839E071C12185BD9, 7DC1A91F9D8AEBD7C684C30AB6D9983E6D3B6F105042FE8D5A21A3FB360C1FD4 ] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
16:45:37.0700 0x1dcc  Autodesk Sync - ok
16:45:37.0841 0x1dcc  [ 1D7DD340E13DF9585EABB849CFC3E11B, 31CCD9753402DC030C641214B4ECB48A757BCD9F427A143A88745C62EFF87766 ] C:\Users\Martin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
16:45:37.0870 0x1dcc  OneDrive - ok
16:45:37.0971 0x1dcc  Uninstall C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64 - ok
16:45:37.0972 0x1dcc  Waiting for KSN requests completion. In queue: 91
16:45:39.0047 0x1dcc  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.494 ), 0x60100 ( disabled : updated )
16:45:39.0064 0x1dcc  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.2.2738.0 ), 0x41000 ( enabled : updated )
16:45:39.0072 0x1dcc  Win FW state via NFP2: enabled ( trusted )
16:45:39.0267 0x1dcc  ============================================================
16:45:39.0267 0x1dcc  Scan finished
16:45:39.0267 0x1dcc  ============================================================
16:45:39.0280 0x19dc  Detected object count: 1
16:45:39.0280 0x19dc  Actual detected object count: 1
16:48:45.0501 0x19dc  qkseeService ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:45.0501 0x19dc  qkseeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:52:14.0682 0x15b8  Deinitialize success

M-K-D-B · 29.08.2016, 09:04

Servus,

du bist ab sofort mein Lieblings-User hier...

jede Menge Adware auf dem PC... das wird eine Materialschlacht...

Avast während der Schritte bitte deaktivieren, nicht dass es stört. Bitte alle Anleitungen genau lesen.

Auf zur 1. Bereinigungswelle:

Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel
- "Prefetch" Dateien
- Proxy
- Winsock
- Internet Explorer Richtlinien
- Chrome Richtlinien
- Chrome Einstellungen
- Hosts-Datei
Bestätige die Auswahl mit Ok.
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

Martin.9008 · 29.08.2016, 13:12

Sooo.... wenn ich dass so sehe, komme ich mir sau dumm vor.
Und schön, wenn du dich über meine Adware freust

Hier die Logs:
AdwCleaner:

Code:

ATTFilter

# AdwCleaner v6.010 - Bericht erstellt am 29/08/2016 um 11:20:48
# Aktualisiert am 12/08/2016 von ToolsLib
# Datenbank : 2016-08-28.2 [Server]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : Martin - LAPTOP-MARTIN
# Gestartet von : C:\Users\Martin\Desktop\AdwCleaner_6.010.exe
# Modus: Löschen
# Unterstützung : https://toolslib.net/forum



***** [ Dienste ] *****

[-] Dienst gelöscht: iSafeKrnl
[-] Dienst gelöscht: iSafeKrnlBoot
[-] Dienst gelöscht: iSafeKrnlKit
[-] Dienst gelöscht: iSafeKrnlMon
[-] Dienst gelöscht: iSafeNetFilter
[-] Dienst gelöscht: iSafeService
[-] Dienst gelöscht: winzipersvc
[-] Dienst gelöscht: LavasoftTcpService
[-] Dienst gelöscht: qkseeService
[-] Dienst gelöscht: SearchProtectionService
[-] Dienst gelöscht: LegpatP
[-] Dienst gelöscht: UncheckitSvc
[-] Dienst gelöscht: cktSvc


***** [ Ordner ] *****

[-] Ordner gelöscht: C:\ProgramData\8winp8
[-] Ordner gelöscht: C:\ProgramData\AwinpA
[-] Ordner gelöscht: C:\ProgramData\ewinpe
[-] Ordner gelöscht: C:\ProgramData\fwinpf
[-] Ordner gelöscht: C:\ProgramData\GwinpG
[-] Ordner gelöscht: C:\ProgramData\JwinpJ
[-] Ordner gelöscht: C:\ProgramData\KwinpK
[-] Ordner gelöscht: C:\ProgramData\WwinpW
[-] Ordner gelöscht: C:\Users\Martin\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
[-] Ordner gelöscht: C:\Users\Martin\AppData\Local\Legpat
[-] Ordner gelöscht: C:\Users\Martin\AppData\LocalLow\Browser-Security
[-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\Browser-Security
[-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\DriverCure
[-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\dvdvideosoftiehelpers
[-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\eCyber
[-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\Elex-tech
[-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\ParetoLogic
[-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\Solvusoft
[-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\lavasoft\web companion
[-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\qksee
[-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\WinZiper
[-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\BandwidthStat
[-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\Uncheckit
[-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BandwidthStat
[-] Ordner gelöscht: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\PConverter_dz
[-] Ordner gelöscht: C:\ProgramData\ParetoLogic
[-] Ordner gelöscht: C:\ProgramData\lavasoft\web companion
[-] Ordner gelöscht: C:\ProgramData\Uncheckit
[-] Ordner gelöscht: C:\ProgramData\Legpat
[-] Ordner gelöscht: C:\ProgramData\ChelfNotify
[#] Ordner mit Neustart gelöscht: C:\ProgramData\uckt
[-] Ordner gelöscht: C:\ProgramData\Application Data\lavasoft\web companion
[-] Ordner gelöscht: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaNetworkEnhance
[-] Ordner gelöscht: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
[-] Ordner gelöscht: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uncheckit
[-] Ordner gelöscht: C:\Program Files (x86)\Elex-tech
[-] Ordner gelöscht: C:\Program Files (x86)\ParetoLogic
[-] Ordner gelöscht: C:\Program Files (x86)\PC Speed Maximizer
[-] Ordner gelöscht: C:\Program Files (x86)\SFK
[-] Ordner gelöscht: C:\Program Files (x86)\Wajam
[-] Ordner gelöscht: C:\Program Files (x86)\WaNetworkEnhance
[#] Ordner mit Neustart gelöscht: C:\Program Files (x86)\WinZipper
[-] Ordner gelöscht: C:\Program Files (x86)\TData
[-] Ordner gelöscht: C:\Program Files (x86)\lavasoft\web companion
[-] Ordner gelöscht: C:\Program Files (x86)\qksee
[-] Ordner gelöscht: C:\Program Files (x86)\QQBrowser
[-] Ordner gelöscht: C:\Program Files (x86)\SoftUpgrade
[-] Ordner gelöscht: C:\Program Files (x86)\Uncheckit
[-] Ordner gelöscht: C:\Program Files (x86)\Legpat
[-] Ordner gelöscht: C:\Program Files (x86)\TXQQBrowser
[-] Ordner gelöscht: C:\Program Files (x86)\WinSaber
[-] Ordner gelöscht: C:\Program Files (x86)\SoEasySvc
[#] Ordner mit Neustart gelöscht: C:\Program Files (x86)\winsaber
[-] Ordner gelöscht: C:\Program Files (x86)\Common Files\ParetoLogic
[-] Ordner gelöscht: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Uncheckit


***** [ Dateien ] *****

[-] Datei gelöscht: C:\Users\Martin\Desktop\ParetoLogic PC Health Advisor.lnk
[-] Datei gelöscht: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
[-] Datei gelöscht: C:\WINDOWS\SysNative\roboot64.exe
[!] Datei nicht gelöscht: C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[-] Datei gelöscht: C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
[-] Datei gelöscht: C:\WINDOWS\SysNative\drivers\iSafeKrnlBoot.sys
[-] Datei gelöscht: C:\WINDOWS\SysNative\drivers\iSafeNetFilter.sys
[-] Datei gelöscht: C:\Users\Public\Desktop\Facebook.lnk
[-] Datei gelöscht: C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
[-] Datei gelöscht: C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
[-] Datei gelöscht: C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****



***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.001
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.7z
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.arj
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.bz2
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.bzip2
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.cab
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.cpio
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.deb
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.dmg
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.fat
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.gz
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.gzip
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.hfs
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.iso
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.lha
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.lzh
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.lzma
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.ntfs
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.rar
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.rpm
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.squashfs
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.swm
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.tar
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.taz
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.tbz
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.tbz2
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.tgz
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.tpz
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.txz
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.vhd
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.wim
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.xar
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.xz
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.z
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\WinZippers.zip
[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\uus3url-pl
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{E6E66045-E911-4C01-961D-32387BF12768}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC727A8C-7582-483C-A1C2-2B885F099BB5}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6E66045-E911-4C01-961D-32387BF12768}
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E6E66045-E911-4C01-961D-32387BF12768}
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E6E66045-E911-4C01-961D-32387BF12768}
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\WebDiscoverBrowser
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Schlüssel gelöscht: HKU\.DEFAULT\Software\WebDiscoverBrowser
[-] Schlüssel gelöscht: HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Schlüssel gelöscht: HKU\.DEFAULT\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Mozilla\Extends
[-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\OCS
[-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\ParetoLogic
[-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\PRODUCTSETUP
[-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Softonic
[-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\WajIEnhance
[-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\WaNetworkEnhance
[-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\WebDiscoverBrowser
[-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\BandwidthStat
[-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Uncheckit
[-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\BandwidthStat
[#] Schlüssel mit Neustart gelöscht: HKU\S-1-5-18\Software\WebDiscoverBrowser
[#] Schlüssel mit Neustart gelöscht: HKU\S-1-5-18\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[#] Schlüssel mit Neustart gelöscht: HKU\S-1-5-18\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Mozilla\Extends
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\OCS
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\ParetoLogic
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\PRODUCTSETUP
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Softonic
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\WajIEnhance
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\WaNetworkEnhance
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\WebDiscoverBrowser
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\BandwidthStat
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Uncheckit
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Elex-tech
[-] Schlüssel gelöscht: HKLM\SOFTWARE\hdcode
[-] Schlüssel gelöscht: HKLM\SOFTWARE\mystartsearchSoftware
[-] Schlüssel gelöscht: HKLM\SOFTWARE\ParetoLogic
[-] Schlüssel gelöscht: HKLM\SOFTWARE\WaNetworkEnhance
[-] Schlüssel gelöscht: HKLM\SOFTWARE\yessearchesSoftware
[-] Schlüssel gelöscht: HKLM\SOFTWARE\qkseeSvc
[-] Schlüssel gelöscht: HKLM\SOFTWARE\qksee
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Schlüssel gelöscht: HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Uncheckit
[-] Schlüssel gelöscht: HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\BandwidthStat
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser-Security
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WaNetworkEnhance
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qksee
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uncheckit
[-] Daten  wiederhergestellt: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Daten  wiederhergestellt: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Daten  wiederhergestellt: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Daten  wiederhergestellt: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Daten  wiederhergestellt: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Daten  wiederhergestellt: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Daten  wiederhergestellt: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Daten  wiederhergestellt: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Daten  wiederhergestellt: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Daten  wiederhergestellt: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Daten  wiederhergestellt: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Daten  wiederhergestellt: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Daten  wiederhergestellt: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Daten  wiederhergestellt: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Schlüssel gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Daten  wiederhergestellt: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Daten  wiederhergestellt: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Daten  wiederhergestellt: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [Default]
[-] Daten  wiederhergestellt: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [Default]
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
[-] Wert gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Windows\CurrentVersion\Run [safe_url__2]
[#] Wert mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [safe_url__2]
[-] Wert gelöscht: HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[#] Wert mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Schlüssel gelöscht: HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\s
[-] Schlüssel gelöscht: HKCU\Software\Classes\Applications\bandwidthstat.exe
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[-] Schlüssel gelöscht: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com


***** [ Browser ] *****



*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
:: Hosts-Datei wiederhergestellt

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [22358 Bytes] - [29/08/2016 11:20:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [22756 Bytes] - [29/08/2016 11:13:04]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [22506 Bytes] ##########

MBAM:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 29.08.2016
Suchlaufzeit: 11:43
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.08.29.03
Rootkit-Datenbank: v2016.08.15.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Martin

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 409247
Abgelaufene Zeit: 1 Std., 52 Min., 22 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64 
Ran by Martin (Administrator) on 29.08.2016 at 13:51:03,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 7 

Successfully deleted: C:\Users\Martin\AppData\Local\{04437A0A-2B4D-4E22-A6D0-DFF33C4B61D3} (Empty Folder)
Successfully deleted: C:\Users\Martin\AppData\Local\{209E69BC-ECF4-497C-9533-060317B10B8E} (Empty Folder)
Successfully deleted: C:\Users\Martin\AppData\Local\{82E69C8E-BAC8-4EC2-AAC6-D695E0700D07} (Empty Folder)
Successfully deleted: C:\Users\Martin\AppData\Local\{989AA551-3E06-4722-BD13-FE54C3D04783} (Empty Folder)
Successfully deleted: C:\Users\Martin\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\searchplugins\avast-search.xml (File) 
Successfully deleted: C:\WINDOWS\SysWOW64\RENAD72.tmp (File) 

Deleted the following from C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\prefs.js
user_pref(browser.search.searchengine.alias, mystartsearch);
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.iconURL, hxxp://www.mystartsearch.com/favicon.ico);
user_pref(browser.search.searchengine.name, mystartsearch);
user_pref(browser.search.searchengine.ptid, cor);
user_pref(browser.search.searchengine.uid, ST500LM012XHN-M500MBB_S2SVJ9ECA09668);
user_pref(browser.search.searchengine.url, hxxp://www.mystartsearch.com/web/?type=ds&ts=1429767349&from=cor&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668&q={searchTerms});
user_pref(extensions.quick_start.enable_search1, false);
user_pref(extensions.quick_start.sd.closeWindowWithLastTab_prev_state, false);
user_pref(extensions.toolbar.mindspark._dzMembers_.browser.version.last, 40.0);
user_pref(extensions.toolbar.mindspark._dzMembers_.firstKnownVersion, 7.18.7.64289);
user_pref(extensions.toolbar.mindspark._dzMembers_.homepage, hxxp://home.tb.ask.com/index.jhtml?ptb=455E3377-B591-472A-9092-E71BA2DBE4C7&n=781bb99a&p2=^BYC^xdm001^YYA^de);
user_pref(extensions.toolbar.mindspark._dzMembers_.initialized, true);
user_pref(extensions.toolbar.mindspark._dzMembers_.installKeysSource, Cookies);
user_pref(extensions.toolbar.mindspark._dzMembers_.installType, XPI);
user_pref(extensions.toolbar.mindspark._dzMembers_.installation.contextKey, );
user_pref(extensions.toolbar.mindspark._dzMembers_.installation.dlpCountryCode, DE);
user_pref(extensions.toolbar.mindspark._dzMembers_.installation.installDate, 2015082906);
user_pref(extensions.toolbar.mindspark._dzMembers_.installation.partnerId, ^BYC^xdm001^YYA^de);
user_pref(extensions.toolbar.mindspark._dzMembers_.installation.partnerSubId, );
user_pref(extensions.toolbar.mindspark._dzMembers_.installation.pixelUrl, hxxp://www.pconverter.com/install_pixels.jhtml?partner=^BYC^xdm001^YYA^de&coId=16f3daae47a34b8588a
user_pref(extensions.toolbar.mindspark._dzMembers_.installation.success, true);
user_pref(extensions.toolbar.mindspark._dzMembers_.installation.toolbarId, 455E3377-B591-472A-9092-E71BA2DBE4C7);
user_pref(extensions.toolbar.mindspark._dzMembers_.isCompliantUninstallImplementation, true);
user_pref(extensions.toolbar.mindspark._dzMembers_.lastActivePing, 1440865853434);
user_pref(extensions.toolbar.mindspark._dzMembers_.lastKnownVersion, 7.18.7.64289);
user_pref(extensions.toolbar.mindspark._dzMembers_.options.defaultSearch, false);
user_pref(extensions.toolbar.mindspark._dzMembers_.options.homePageEnabled, false);
user_pref(extensions.toolbar.mindspark._dzMembers_.options.keywordEnabled, false);
user_pref(extensions.toolbar.mindspark._dzMembers_.options.tabEnabled, false);
user_pref(extensions.toolbar.mindspark._dzMembers_.partnerPixelFired, true);
user_pref(extensions.toolbar.mindspark._dzMembers_.successUrl, hxxp://www.pconverter.com/installComplete.jhtml);
user_pref(extensions.toolbar.mindspark._dzMembers_.toolbarCollapsed, false);
user_pref(extensions.toolbar.mindspark.lastInstalled, pconverter@mindspark.com);



Registry: 2 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{470BE3E6-2099-4F7E-84F1-F3DA4739DF9A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{470BE3E6-2099-4F7E-84F1-F3DA4739DF9A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.08.2016 at 13:57:13,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 28-08-2016
durchgeführt von Martin (Administrator) auf LAPTOP-MARTIN (29-08-2016 14:00:46)
Gestartet von C:\Users\Martin\Desktop
Geladene Profile: Martin (Verfügbare Profile: Martin)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\CLIQZ\CLIQZ.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Cliqz GmbH) C:\Program Files (x86)\CLIQZ\CLIQZ.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-08] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-09-16] (Memeo Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-28] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23889496 2016-08-24] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.)
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\RunOnce: [Uninstall C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64"
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [150528 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-28] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [Symbol-Overlay-Steuerprogramm für AutoCAD Digitale Signaturen] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-08-29]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2016-08-29]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wecker für Windows 6.lnk [2016-08-29]
ShortcutTarget: Wecker für Windows 6.lnk -> C:\Program Files (x86)\Wecker6\Wecker.exe (Christoph Bünger Software)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 10.156.33.53 129.187.5.1
Tcpip\..\Interfaces\{150b5080-ac93-4272-ac4a-bffe13d172bd}: [DhcpNameServer] 0.0.0.0
Tcpip\..\Interfaces\{2c2232f8-8dd7-42dd-88e1-2d818924d50a}: [DhcpNameServer] 10.156.33.53 129.187.5.1
Tcpip\..\Interfaces\{66c1b00a-7100-4e92-ac46-811fd2d50492}: [DhcpNameServer] 192.168.34.3 129.187.5.1
Tcpip\..\Interfaces\{83fbec75-ff09-4692-a92d-4201c2743b42}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?PC=AV01
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT13/4
SearchScopes: HKLM -> {470BE3E6-2099-4F7E-84F1-F3DA4739DF9A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-21] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-21] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Kein Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> Keine Datei
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-12-20] (Hewlett-Packard Company)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Keine Datei
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> hxxp://www.nuesearch.com/?type=hp&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Profiles\zocbhc16.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-11-27] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-205815100-794779995-1947703700-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-03-17] (Ubisoft)
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\searchplugins\bing-lavasoft.xml [2015-12-04]
FF Extension: (Cliqz) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\Extensions\cliqz@cliqz.com.xpi [2015-11-28] [ist nicht signiert]
FF Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-28]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-28]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\extensions\cliqz@cliqz.com => nicht gefunden

Chrome: 
=======
CHR HomePage: ChromeDefaultData -> hxxp://www.nicesearches.com?type=hp&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z
CHR RestoreOnStartup: ChromeDefaultData -> "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bcr-is__alt__ddc_dsssyc_bd_com"
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.nicesearches.com?type=hp&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z" 
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> nice
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => Keine Datei
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
CHR Extension: (Dealbeaver) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bhldmkghjkldhclddpjebfjpaijaajmm [2016-05-20]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-11]
CHR Extension: (Google-Suche) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-11]
CHR Extension: (Avast Online Security) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-12]
CHR Extension: (Skype) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-22]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12]
CHR Extension: (Google Mail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-28]
StartMenuInternet: Google Chrome - Chrome.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [Datei ist nicht signiert]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-28] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-24] (Dropbox, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2015-10-30] (HP Inc.) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2015-10-30] (HP Inc.) [Datei ist nicht signiert]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [82664 2015-12-16] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-28] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2014-07-14] ()
S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [111616 2015-10-30] (ASIX Electronics Corp.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Windows (R) Win 7 DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2014-07-14] ()
R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2504192 2015-10-30] (MediaTek Inc.)
R3 pelmouse; C:\Windows\system32\DRIVERS\pelmouse.sys [23040 2015-12-17] (TPMX Electronics Ltd.)
R3 pelusblf; C:\Windows\system32\DRIVERS\pelusblf.sys [35328 2015-12-22] (TPMX Electronics Ltd.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S3 SKYNETU2C; C:\Windows\System32\drivers\SkyNetU2C_AMD64.SYS [270424 2010-05-10] (TechniSat Digital, S.A.)
S3 SkyNetU2CBDA_AMD64; C:\Windows\system32\DRIVERS\SkyNetU2CBDA_AMD64.sys [346200 2011-05-10] (TechniSat Digital, S.A.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-28] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-29 14:00 - 2016-08-29 14:00 - 00000000 ____D C:\Users\Martin\Desktop\FRST-OlderVersion
2016-08-29 13:57 - 2016-08-29 13:57 - 00004681 _____ C:\Users\Martin\Desktop\JRT.txt
2016-08-29 13:50 - 2016-08-29 13:50 - 01610560 _____ (Malwarebytes) C:\Users\Martin\Desktop\JRT.exe
2016-08-29 13:50 - 2016-08-29 13:50 - 00001205 _____ C:\Users\Martin\Desktop\mbam.txt
2016-08-29 13:39 - 2016-08-29 13:40 - 00000004 ____H C:\ProgramData\cm-lock
2016-08-29 11:42 - 2016-08-29 13:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-29 11:41 - 2016-08-29 13:43 - 00000738 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-08-29 11:41 - 2016-08-29 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-08-29 11:41 - 2016-08-29 11:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-29 11:41 - 2016-08-29 11:41 - 00000000 ____D C:\ Malwarebytes Anti-Malware 
2016-08-29 11:41 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-29 11:41 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-29 11:41 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-29 11:37 - 2016-08-29 11:37 - 22851472 _____ (Malwarebytes ) C:\Users\Martin\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-29 11:34 - 2016-08-29 11:20 - 00022642 _____ C:\Users\Martin\Desktop\AdwCleaner[C0].txt
2016-08-29 11:06 - 2016-08-29 11:20 - 00000000 ____D C:\AdwCleaner
2016-08-29 11:05 - 2016-08-29 11:05 - 03826240 _____ C:\Users\Martin\Desktop\AdwCleaner_6.010.exe
2016-08-28 16:41 - 2016-08-28 16:52 - 00097628 _____ C:\Users\Martin\Desktop\TDSSKiller.3.1.0.11_28.08.2016_16.41.53_log.txt
2016-08-28 16:35 - 2016-08-28 16:37 - 00077710 _____ C:\Users\Martin\Desktop\Addition.txt
2016-08-28 16:33 - 2016-08-29 14:02 - 00031834 _____ C:\Users\Martin\Desktop\FRST.txt
2016-08-28 16:32 - 2016-08-29 14:00 - 00000000 ____D C:\FRST
2016-08-28 16:32 - 2016-08-28 16:32 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Martin\Desktop\tdsskiller.exe
2016-08-28 16:31 - 2016-08-29 14:00 - 02396672 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2016-08-24 09:03 - 2016-08-24 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-23 22:12 - 2016-08-23 22:12 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_429687859.html
2016-08-23 22:12 - 2016-08-23 22:12 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_429687562.html
2016-08-23 13:58 - 2016-08-23 13:58 - 00003342 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-23 09:39 - 2016-08-29 13:36 - 00000000 ____D C:\Program Files (x86)\_SSpm
2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_384540046.html
2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_384539921.html
2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_384533328.html
2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\de_384533078.html
2016-08-15 10:34 - 2016-08-22 10:42 - 00000000 ____D C:\Users\Martin\AppData\Roaming\setup1
2016-08-10 10:51 - 2016-08-03 12:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 10:51 - 2016-08-03 12:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 10:51 - 2016-08-03 12:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 10:51 - 2016-08-03 12:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 10:51 - 2016-08-03 11:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 10:51 - 2016-08-03 11:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 10:51 - 2016-08-03 11:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 10:51 - 2016-08-03 11:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 10:51 - 2016-08-03 11:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 10:51 - 2016-08-03 11:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 10:51 - 2016-08-03 11:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 10:51 - 2016-08-03 11:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 10:51 - 2016-08-03 11:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 10:51 - 2016-08-03 11:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 10:51 - 2016-08-03 11:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 10:51 - 2016-08-03 11:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 10:51 - 2016-08-03 11:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 10:51 - 2016-08-03 07:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 10:51 - 2016-08-03 07:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 10:51 - 2016-08-03 07:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 10:51 - 2016-08-03 07:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 10:51 - 2016-08-03 06:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 10:51 - 2016-08-03 06:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 10:51 - 2016-08-03 06:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 10:51 - 2016-08-03 06:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 10:51 - 2016-08-03 06:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 10:51 - 2016-08-03 06:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-10 10:50 - 2016-08-03 13:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 10:50 - 2016-08-03 13:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 10:50 - 2016-08-03 13:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 10:50 - 2016-08-03 12:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 10:50 - 2016-08-03 12:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 10:50 - 2016-08-03 12:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 10:50 - 2016-08-03 12:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 10:50 - 2016-08-03 12:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 10:50 - 2016-08-03 12:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 10:50 - 2016-08-03 12:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 10:50 - 2016-08-03 12:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 10:50 - 2016-08-03 12:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 10:50 - 2016-08-03 12:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 10:50 - 2016-08-03 12:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 10:50 - 2016-08-03 12:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 10:50 - 2016-08-03 12:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 10:50 - 2016-08-03 12:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 10:50 - 2016-08-03 12:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 10:50 - 2016-08-03 12:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 10:50 - 2016-08-03 12:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 10:50 - 2016-08-03 12:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 10:50 - 2016-08-03 12:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 10:50 - 2016-08-03 11:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 10:50 - 2016-08-03 11:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 10:50 - 2016-08-03 11:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 10:50 - 2016-08-03 11:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 10:50 - 2016-08-03 11:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 10:50 - 2016-08-03 11:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 10:50 - 2016-08-03 11:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 10:50 - 2016-08-03 11:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 10:50 - 2016-08-03 11:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 10:50 - 2016-08-03 11:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 10:50 - 2016-08-03 11:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 10:50 - 2016-08-03 11:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 10:50 - 2016-08-03 11:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 10:50 - 2016-08-03 11:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 10:50 - 2016-08-03 11:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 10:50 - 2016-08-03 11:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 10:50 - 2016-08-03 11:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 10:50 - 2016-08-03 11:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 10:50 - 2016-08-03 11:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 10:50 - 2016-08-03 11:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 10:50 - 2016-08-03 11:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 10:50 - 2016-08-03 11:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 10:50 - 2016-08-03 11:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 10:50 - 2016-08-03 11:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 10:50 - 2016-08-03 11:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 10:50 - 2016-08-03 11:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 10:50 - 2016-08-03 11:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 10:50 - 2016-08-03 11:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 10:50 - 2016-08-03 11:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 10:50 - 2016-08-03 11:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 10:50 - 2016-08-03 11:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 10:50 - 2016-08-03 11:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 10:50 - 2016-08-03 11:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 10:50 - 2016-08-03 11:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 10:50 - 2016-08-03 11:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 10:50 - 2016-08-03 11:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 10:50 - 2016-08-03 11:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 10:50 - 2016-08-03 11:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 10:50 - 2016-08-03 11:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 10:50 - 2016-08-03 11:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 10:50 - 2016-08-03 11:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 10:50 - 2016-08-03 11:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 10:50 - 2016-08-03 11:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 10:50 - 2016-08-03 11:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 10:50 - 2016-08-03 11:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 10:50 - 2016-08-03 11:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 10:50 - 2016-08-03 11:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 10:50 - 2016-08-03 07:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 10:50 - 2016-08-03 07:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 10:50 - 2016-08-03 07:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 10:50 - 2016-08-03 07:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 10:50 - 2016-08-03 07:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 10:50 - 2016-08-03 07:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 10:50 - 2016-08-03 06:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 10:50 - 2016-08-03 06:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 10:50 - 2016-08-03 06:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 10:50 - 2016-08-03 06:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 10:50 - 2016-08-03 06:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 10:50 - 2016-08-03 06:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 10:50 - 2016-08-03 06:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 10:50 - 2016-08-03 06:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 10:50 - 2016-08-03 06:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 10:50 - 2016-08-03 06:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 10:50 - 2016-08-03 06:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 10:50 - 2016-08-03 06:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 10:50 - 2016-08-03 06:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 10:50 - 2016-08-03 06:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 10:50 - 2016-08-03 06:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 10:50 - 2016-08-03 06:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 10:50 - 2016-08-03 06:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 10:50 - 2016-08-03 06:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 10:50 - 2016-08-03 06:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 10:50 - 2016-08-03 06:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 10:50 - 2016-08-03 06:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 10:50 - 2016-08-03 06:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 10:50 - 2016-08-03 06:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 10:50 - 2016-08-03 06:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 10:50 - 2016-08-03 06:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 10:50 - 2016-08-03 06:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 10:50 - 2016-08-03 06:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-09 15:54 - 2016-08-29 13:43 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLIQZ.lnk
2016-08-09 15:54 - 2016-08-29 13:43 - 00001130 _____ C:\Users\Public\Desktop\CLIQZ.lnk
2016-08-09 15:54 - 2016-08-26 08:43 - 00000000 ____D C:\Program Files (x86)\CLIQZ
2016-08-09 15:54 - 2016-08-09 16:02 - 00000000 ____D C:\Users\Martin\AppData\Local\CLIQZ
2016-08-09 15:54 - 2016-08-09 15:54 - 00000000 ____D C:\Users\Martin\AppData\Roaming\CLIQZ
2016-08-09 15:53 - 2016-08-09 15:53 - 01474568 _____ C:\Users\Martin\Downloads\CLIQZ14.de.win32.installer - CHIP-Installer.exe
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224665812.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224665187.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224665062.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224664343.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224664203.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224663390.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224663281.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224659500.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224659375.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224647796.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224647640.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224646203.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224646078.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224640531.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\de_224640156.html
2016-08-07 11:50 - 2016-08-07 11:50 - 00000000 ____D C:\Users\Martin\AppData\LocalLow\Temp
2016-08-05 18:50 - 2016-08-05 18:50 - 00003726 _____ C:\WINDOWS\System32\Tasks\UpdaterTask
2016-08-03 18:43 - 2015-12-22 11:33 - 00035328 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\pelusblf.sys
2016-08-03 18:43 - 2015-12-17 13:48 - 00023040 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\PELMOUSE.SYS
2016-08-03 18:43 - 2009-11-02 16:36 - 00011776 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\PELVENDR.SYS
2016-08-03 16:31 - 2016-08-03 16:31 - 00410983 _____ C:\Users\Martin\Downloads\259912_PFEIFER_Lastbock-Gewinde-LBP_M48_20_0t.zip
2016-08-03 13:21 - 2016-08-03 13:21 - 00049492 _____ C:\Users\Martin\Downloads\neukollner_entwicklung_zusammenfassung_2008.pdf
2016-08-01 22:31 - 2016-08-01 22:31 - 00128000 _____ C:\Users\Martin\Documents\Inhaltsverzeichnisv-Aktuell 06.2016.xls
2016-08-01 14:03 - 2016-08-01 14:03 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659675625.html
2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659640875.html
2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659610734.html
2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659610531.html
2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659606812.html
2016-08-01 14:01 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659606671.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659591546.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659591343.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659590296.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659590171.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659582390.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\de_1659582203.html
2016-08-01 10:42 - 2016-08-01 10:42 - 00000000 ____D C:\Program Files (x86)\zffvjegf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-29 13:50 - 2014-01-23 23:57 - 00000576 _____ C:\WINDOWS\Tasks\MATLAB R2013b Startup Accelerator.job
2016-08-29 13:48 - 2013-12-23 17:35 - 00000000 ___RD C:\Users\Martin\Dropbox
2016-08-29 13:48 - 2013-10-21 17:30 - 00000000 ____D C:\Users\Martin\AppData\Local\Akamai
2016-08-29 13:43 - 2016-04-18 16:17 - 00002048 _____ C:\Users\Public\Desktop\Revit 2016.lnk
2016-08-29 13:43 - 2016-04-18 14:22 - 00002433 _____ C:\Users\Public\Desktop\SOFiCAD-OEM 2014.lnk
2016-08-29 13:43 - 2016-04-18 14:19 - 00002027 _____ C:\Users\Public\Desktop\SOFiSTiK Sonar.lnk
2016-08-29 13:43 - 2016-03-26 15:26 - 00002386 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-29 13:43 - 2016-03-26 13:33 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-29 13:43 - 2016-03-15 14:16 - 00001222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-08-29 13:43 - 2016-03-15 14:16 - 00001125 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-08-29 13:43 - 2016-01-16 21:48 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-29 13:43 - 2016-01-16 21:48 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-08-29 13:43 - 2015-08-29 18:56 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2016-08-29 13:43 - 2015-04-03 17:17 - 00002913 _____ C:\Users\Public\Desktop\Nero 2015.lnk
2016-08-29 13:43 - 2015-04-03 16:33 - 00001532 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2016-08-29 13:43 - 2014-12-29 13:39 - 00001968 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-08-29 13:43 - 2014-07-21 13:54 - 00000662 _____ C:\Users\Public\Desktop\Cremer Commander.lnk
2016-08-29 13:43 - 2014-07-08 23:02 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
2016-08-29 13:43 - 2014-04-21 19:55 - 00001162 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-08-29 13:43 - 2014-04-20 10:58 - 00000960 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-08-29 13:43 - 2014-01-23 23:58 - 00001295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2013b.lnk
2016-08-29 13:43 - 2013-09-25 14:49 - 00002305 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SD card.lnk
2016-08-29 13:43 - 2013-09-25 14:49 - 00002305 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SD card (2).lnk
2016-08-29 13:43 - 2013-05-04 15:39 - 00002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-29 13:43 - 2013-05-04 15:39 - 00002490 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-29 13:43 - 2013-02-24 11:50 - 00002140 _____ C:\Users\Public\Desktop\MEDION NAS TOOL.lnk
2016-08-29 13:43 - 2013-02-24 11:50 - 00001161 _____ C:\Users\Public\Desktop\Memeo Instant Backup.lnk
2016-08-29 13:43 - 2013-01-20 16:55 - 00001191 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVBViewer TE2.lnk
2016-08-29 13:43 - 2013-01-18 14:11 - 00000291 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Computer.lnk
2016-08-29 13:43 - 2013-01-17 18:30 - 00001263 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader 5.0.lnk
2016-08-29 13:43 - 2013-01-17 18:30 - 00001251 _____ C:\Users\Public\Desktop\Acrobat Reader 5.0.lnk
2016-08-29 13:43 - 2012-11-15 03:08 - 00001361 _____ C:\Users\Public\Desktop\CyberLink YouCam.lnk
2016-08-29 13:43 - 2012-08-31 23:03 - 00001495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Universal Music Group.lnk
2016-08-29 13:43 - 2012-08-31 23:03 - 00001483 _____ C:\Users\Public\Desktop\Connected Music powered by Universal Music Group.lnk
2016-08-29 13:43 - 2012-08-31 23:03 - 00001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Meridian.lnk
2016-08-29 13:43 - 2012-08-31 22:59 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-08-29 13:43 - 2012-08-31 22:59 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-08-29 13:43 - 2012-08-31 22:54 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2016-08-29 13:42 - 2016-04-18 16:27 - 00002003 _____ C:\Users\Martin\Desktop\Autodesk Revit 2016 jetzt installieren.lnk
2016-08-29 13:42 - 2015-12-05 18:05 - 00001314 _____ C:\Users\Martin\Desktop\Easy Audio Cutter.lnk
2016-08-29 13:42 - 2015-12-05 18:05 - 00001298 _____ C:\Users\Martin\Desktop\Free CD Ripper.lnk
2016-08-29 13:42 - 2015-12-05 18:05 - 00001296 _____ C:\Users\Martin\Desktop\Free Mp3 Wma Converter.lnk
2016-08-29 13:42 - 2014-06-11 14:35 - 00001798 _____ C:\Users\Martin\Desktop\Wecker für Windows.lnk
2016-08-29 13:42 - 2013-12-23 17:35 - 00001299 _____ C:\Users\Martin\Desktop\Dropbox.lnk
2016-08-29 13:42 - 2013-08-08 20:10 - 00002265 _____ C:\Users\Martin\Desktop\Carcasonne - Verknüpfung.lnk
2016-08-29 13:41 - 2016-03-26 18:04 - 00000000 __SHD C:\Users\Martin\IntelGraphicsProfiles
2016-08-29 13:40 - 2016-05-24 10:01 - 00001238 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-29 13:40 - 2016-04-19 14:51 - 00000068 __RSH C:\WINDOWS\system32\Drivers\WSDPrint.winsecurity
2016-08-29 13:40 - 2016-04-19 14:51 - 00000068 __RSH C:\WINDOWS\system32\Drivers\WdiWiFi.winsecurity
2016-08-29 13:40 - 2016-04-18 17:34 - 00000068 __RSH C:\WINDOWS\system32\Drivers\winverbs.winsecurity
2016-08-29 13:40 - 2016-04-18 17:34 - 00000068 __RSH C:\WINDOWS\system32\Drivers\wfplwfs.winsecurity
2016-08-29 13:40 - 2016-04-18 12:45 - 00000068 __RSH C:\WINDOWS\system32\Drivers\xinputhid.winsecurity
2016-08-29 13:40 - 2016-04-18 12:45 - 00000068 __RSH C:\WINDOWS\system32\Drivers\wof.winsecurity
2016-08-29 13:40 - 2013-05-04 15:33 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-29 13:39 - 2016-02-13 19:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-29 13:39 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-29 13:38 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-29 12:16 - 2014-12-04 17:02 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-29 12:06 - 2016-05-24 10:01 - 00001242 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-29 11:30 - 2013-09-15 12:56 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-08-29 11:20 - 2015-05-13 10:16 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-08-29 11:19 - 2016-05-26 14:04 - 00000000 ____D C:\WINDOWS\system32\log
2016-08-29 11:18 - 2016-06-16 12:44 - 00000000 ____D C:\Program Files (x86)\WinZipper
2016-08-29 11:18 - 2015-12-04 12:36 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-08-29 11:17 - 2015-12-04 12:37 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Lavasoft
2016-08-29 11:17 - 2015-12-04 12:36 - 00000000 ____D C:\ProgramData\Lavasoft
2016-08-29 11:02 - 2013-01-19 12:27 - 00000000 ____D C:\Users\Martin\Documents\Outlook-Dateien
2016-08-29 07:55 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-28 08:35 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-27 23:21 - 2016-03-26 13:19 - 00000000 ____D C:\Users\Martin
2016-08-26 18:36 - 2016-05-26 13:59 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-08-25 07:26 - 2016-07-12 10:53 - 00000000 ____D C:\WINDOWS\SysWOW64\_SSpm
2016-08-24 09:03 - 2016-05-24 10:01 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-24 00:34 - 2016-05-20 22:40 - 00000000 ____D C:\Program Files (x86)\Drecuied
2016-08-23 13:58 - 2016-03-26 15:26 - 00000000 ___RD C:\Users\Martin\OneDrive
2016-08-22 16:21 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-20 08:46 - 2013-05-04 15:33 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-19 08:39 - 2013-11-28 19:04 - 00000000 ____D C:\Users\Martin\Documents\Uni
2016-08-13 11:13 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-10 18:40 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-10 17:21 - 2016-02-13 19:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-10 17:11 - 2016-02-13 19:12 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-10 17:11 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-10 11:49 - 2016-03-26 19:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 11:49 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 11:49 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 11:37 - 2013-01-24 16:53 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 14:51 - 2015-12-06 19:30 - 00000000 ____D C:\Users\Martin\AppData\Local\Risen2
2016-08-08 09:47 - 2016-03-26 13:18 - 02011910 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-08 09:47 - 2016-02-13 18:59 - 00857262 _____ C:\WINDOWS\system32\perfh007.dat
2016-08-08 09:47 - 2016-02-13 18:59 - 00188952 _____ C:\WINDOWS\system32\perfc007.dat
2016-08-05 12:00 - 2013-09-15 12:56 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-07-30 22:50 - 2013-05-04 15:33 - 00004204 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-30 22:50 - 2013-05-04 15:33 - 00003972 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-30 22:50 - 2013-05-04 15:33 - 00001146 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-08-13 10:29 - 2014-08-13 10:29 - 154565521 _____ () C:\Program Files (x86)\openoffice1.cab
2014-08-13 10:27 - 2014-08-13 10:27 - 2314240 _____ () C:\Program Files (x86)\openoffice411.msi
2014-08-13 10:27 - 2014-08-13 10:27 - 0478720 _____ () C:\Program Files (x86)\setup.exe
2014-08-13 10:27 - 2014-08-13 10:27 - 0000279 _____ () C:\Program Files (x86)\setup.ini
2015-04-03 16:31 - 2015-04-03 16:31 - 0385602 _____ () C:\Users\Martin\AppData\Local\5D515C96_stp.CIS
2015-04-03 16:31 - 2015-04-03 16:31 - 0000220 _____ () C:\Users\Martin\AppData\Local\5D515C96_stp.CIS.part
2015-04-03 16:32 - 2015-04-03 16:32 - 1509462 _____ () C:\Users\Martin\AppData\Local\69DD7379_stp.CIS
2015-04-03 16:32 - 2015-04-03 16:32 - 0000295 _____ () C:\Users\Martin\AppData\Local\69DD7379_stp.CIS.part
2015-04-03 16:32 - 2015-04-03 16:32 - 0192979 _____ () C:\Users\Martin\AppData\Local\741E72B5_stp.CIS
2015-04-03 16:32 - 2015-04-03 16:32 - 0000290 _____ () C:\Users\Martin\AppData\Local\741E72B5_stp.CIS.part
2015-11-21 00:56 - 2015-11-21 01:01 - 0007680 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-29 13:39 - 2016-08-29 13:40 - 0000004 ____H () C:\ProgramData\cm-lock
ZeroAccess:
C:\Users\Martin\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Einige Dateien in TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\AcDeltree.exe
C:\Users\Martin\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Martin\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Martin\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Martin\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Martin\AppData\Local\Temp\libeay32.dll
C:\Users\Martin\AppData\Local\Temp\msvcr120.dll
C:\Users\Martin\AppData\Local\Temp\SettingUpdate.exe
C:\Users\Martin\AppData\Local\Temp\sphpsa.exe
C:\Users\Martin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-08-24 09:30

==================== Ende von FRST.txt ============================

Martin.9008 · 29.08.2016, 13:13

FRST Addition:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 28-08-2016
durchgeführt von Martin (29-08-2016 14:02:38)
Gestartet von C:\Users\Martin\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-26 13:14:15)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-205815100-794779995-1947703700-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-205815100-794779995-1947703700-503 - Limited - Disabled)
Gast (S-1-5-21-205815100-794779995-1947703700-501 - Limited - Disabled)
Martin (S-1-5-21-205815100-794779995-1947703700-1001 - Administrator - Enabled) => C:\Users\Martin

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (Version: 20.2.1 - HP Inc.) Hidden
Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{588B7DD2-3480-4A89-A8F6-C6781CBFAD56}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.8 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Age of Mythology - The Titans Expansion (HKLM-x32\...\Age of Mythology Expansion Pack 1.0) (Version:  - )
Age of Mythology (HKLM-x32\...\Age of Mythology 1.0) (Version:  - )
Akamai NetSession Interface (HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{5977D04D-1D6A-952C-97AF-04D9D4C0AE56}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
ANALYSIS_30_Common (x32 Version: 14.1 - SOFiSTiK AG) Hidden
ANALYSIS_30_x64_Common (x32 Version: 14.1 - SOFiSTiK AG) Hidden
ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft)
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.04 - Sunflowers)
AutoCAD Architecture 2014 - Deutsch (German) (Version: 7.5.106.0 - Autodesk) Hidden
AutoCAD Architecture 2014 - Deutsch (German) (Version: 7.5.17.0 - Autodesk) Hidden
AutoCAD Architecture 2014 - Deutsch (German) SP 1 (HKLM\...\AutoCAD Architecture 2014 - Deutsch (German) SP 1) (Version: 1 - Autodesk)
AutoCAD Architecture 2014 Language Pack - Deutsch (Version: 7.5.17.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.2.3.1000 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD Architecture 2014 - Deutsch (German) (HKLM\...\AutoCAD Architecture 2014 - Deutsch (German)) (Version: 7.5.17.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2016 (HKLM-x32\...\{FA5DF4D1-CD59-4183-B3D4-779A56498786}) (Version: 6.3.0.18 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk Revit 2016 (HKLM\...\Autodesk Revit 2016) (Version: 16.0.490.0 - Autodesk)
Autodesk Workflows 2016 (HKLM\...\{535CDED0-D690-4738-83EE-09056A365BAC}) (Version: 6.3.0.18 - Autodesk, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software)
AX88772C (HKLM-x32\...\{48C1584F-E022-4C21-9072-0BA886976B4F}) (Version: 1.01 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bullzip PDF Printer 10.6.0.2267 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.6.0.2267 - Bullzip)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
CLIQZ 1.6.1 (x86 de) (HKLM-x32\...\CLIQZ 1.6.1 (x86 de)) (Version: 1.6.1 - Cliqz GmbH)
cloudfront - Uninstall (HKLM-x32\...\{54C3021D-55CA-44E8-899F-C102D92DD517}) (Version:  - ) <==== ACHTUNG
CodeMeter Runtime Kit v6.10a (HKLM\...\{4FF3EB53-5576-4B11-A08F-605C1938176A}) (Version: 6.10.2018.501 - WIBU-SYSTEMS AG)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DIE SIEDLER - Aufstieg eines Königreichs (HKLM-x32\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft)
Die Siedler 7 (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
Die Siedler II - Die nächste Generation (HKLM-x32\...\S2TNG) (Version:  - )
Die Siedler IV (HKLM-x32\...\S4Uninst) (Version:  - )
Dot4 (HKLM\...\{DD411225-A527-4C56-91BE-15D888B3CCDE}) (Version: 1.0.0.0 - HP)
Dropbox (HKLM-x32\...\Dropbox) (Version: 8.4.21 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.41.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.12.57.324 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.57.324 - DVDVideoSoft Ltd.)
G2-Classic-Mod (HKLM-x32\...\G2-Classic-Mod) (Version: 1.1 - Sargon)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Gothic (HKLM-x32\...\{BBF10B37-4ED3-11D5-A818-00500435FC18}) (Version:  - )
Gothic 2 Gold (HKLM-x32\...\{40FE74B5-71A1-4393-A0AB-21D6E1DA5A66}) (Version: 1.0.0 - JoWood)
GOTHIC2 - Die Nacht des Raben - 'System-Paket' (HKLM-x32\...\GOTHIC2 - Die Nacht des Raben - 'System-Paket') (Version: 1.1 - World of Gothic RU © 2014)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{A38E954F-9043-42BD-9DE9-246ED183791D}) (Version: 12.5.26.37 - HP)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
MainConcept DTV Decoder Pro (HKLM-x32\...\{793FCE60-DE5E-4977-A942-A7B69A45B17D}) (Version: 1.5.0.2 - MainConcept GmbH)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MATLAB R2013b (HKLM\...\Matlab R2013b) (Version: 8.2 - The MathWorks, Inc.)
MEDION NAS TOOL (HKLM-x32\...\MEDION NAS TOOL) (Version:  - MEDION)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7939 - Memeo Inc.)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{A047101C-A3AE-4FAD-802F-01C965079F66}) (Version: 11.1.3010.3 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Nero 2015 (HKLM-x32\...\{F9592BA0-AA0D-454C-95AA-9782DF00CB4B}) (Version: 16.0.04000 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Pontifex Demo 10.19.01 (HKLM-x32\...\Pontifex Demo_is1) (Version:  - Chronic Logic LLC)
Prerequisite installer (x32 Version: 16.0.0003 - Nero AG) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Revit 2016 (Version: 16.0.490.0 - Autodesk) Hidden
Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)
Risen 2 - Dark Waters (HKLM-x32\...\{CC4473E6-AB7D-406B-ADAE-BF9C61CEC5FE}) (Version: 1.00 - Deep Silver)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SimCity 4 Deluxe (HKLM-x32\...\{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}) (Version:  - )
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
SOFiCAD-OEM 2014 (HKLM-x32\...\SOFiCADOEM 2014) (Version: 20.14.0.0 - SOFiSTiK AG)
SOFiCAD-OEM 2014 (Version: 19.1.18.0 - SOFiSTiK) Hidden
SOFiCAD-OEM 2014 (x32 Version: 19.1.0 - SOFiSTiK AG) Hidden
SOFiSTiK 2014 19.1 64Bit Object Enabler (HKLM\...\{50F1571C-50FD-2014-3064-191000000000}) (Version: 19.1.1.0 - SOFiSTiK AG)
SOFiSTiK 2014 Documenation SOFiCAD (x32 Version: 1.00.0000 - Your Company Name) Hidden
SOFiSTiK Reinforcement Detailing 2016 (HKLM\...\{50F1571C-50F6-2016-3364-201600201405}) (Version: 5.0.0 - SOFiSTiK AG)
SOFiSTiK Sonar (HKLM-x32\...\{50F1571C-50F1-2014-3032-000000150000}) (Version: 15.00 - SOFiSTiK AG)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.3 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Web Companion (HKLM-x32\...\{d35d79f6-850b-4d3b-b3df-f052f842b2da}) (Version: 2.1.1199.2443 - Lavasoft)
Wecker für Windows 6.5 (HKLM-x32\...\{FFDC4005-E968-498D-93C8-CC148742167D}}_is1) (Version: 6.5 - Christoph Bünger Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinZip (HKLM-x32\...\WinZip) (Version: 2.2.25 - Winzipper Pvt Ltd.) <==== ACHTUNG
Worms 4 Mayhem (HKLM-x32\...\{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}) (Version: 1.00.0000 - Codemasters)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E100-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E101-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E102-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7F8-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7F9-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FA-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FB-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FC-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FD-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FE-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FF-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\de-DE\sofc191ficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{5D8A052B-FFEE-4B2D-ADD8-EDCDA13C0763}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofiaxis_com.dll (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{5D8A052C-FFEE-4B2D-ADD8-EDCDA13C0763}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofiaxis_com.dll (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofc191.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{6AC79303-DBF3-4BE2-9F8E-0349FDC88E19}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofidc.arx (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{8258CC73-933A-4A76-88B1-43A5468A09F7}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\SOF_BAMTEC191_x64.DBX (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{9874959D-2021-4F77-AA2E-7E787954ADD7}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBFE_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176366-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176367-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176368-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176369-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B517636A-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B517636B-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\de-DE\acadficn.dll (Autodesk, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {1E041551-E3E9-4775-945B-473FF6FE41BD} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3383E5C5-2D9A-4B13-9190-937420612144} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3C33CD03-7609-44AF-9710-CAA445D6BF10} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {5D31EF85-8E68-45F5-9535-7258083FD944} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {713A80B6-4080-406C-A767-1FB30E7CD27C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-24] (Dropbox, Inc.)
Task: {82ABDCB9-8CDD-4730-AD92-AC4E496A1760} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {92C847DC-B226-4C5A-A8AB-184E4A601340} - System32\Tasks\UpdaterTask => C:\Users\Martin\AppData\Local\Temp\avdrhxythrag [Argument = /p=27 /i=1] <==== ACHTUNG
Task: {95EEB00E-6D66-4872-8E1E-CCBCD0748013} - System32\Tasks\{C8599BEC-8541-4730-9C00-8B636C6E2D46} => pcalua.exe -a "C:\Program Files (x86)\Star Wars Battlefront II\LaunchBFII.exe" -d "C:\Program Files (x86)\Star Wars Battlefront II"
Task: {96FB385F-013A-4BAF-8A22-44C9CB47F9E0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {A8C2E264-6122-426B-B842-15D6E9E9638C} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {AB1ADFC6-1114-4C46-8132-A482BD53D16A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-23] (Microsoft Corporation)
Task: {AB96C6F0-FEBE-4160-9998-E59661C9B7A6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-28] (AVAST Software)
Task: {AB9AA26C-745D-477B-9D28-44FF4E0063F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {B751D1AA-9672-4CF1-9F9F-C640883ADE15} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-24] (Dropbox, Inc.)
Task: {C07DD9EA-28FF-49F5-AE6E-0DE21DBC55A6} - System32\Tasks\SafeZone scheduled Autoupdate 1458044218 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {CE92AEDC-30F0-47B5-89E5-7D4DE9C3EBC7} - System32\Tasks\MATLAB R2013b Startup Accelerator => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe [2013-08-05] ()
Task: {D4179342-5F5B-4002-BE34-CB835DFE5811} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {D7374E94-A9BA-4100-977D-F0B34BED0BDA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2013b Startup Accelerator.job => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{E642CB23-6186-418C-9B97-D12D8B681FC4}\SupportTasks\1\Support.lnk -> hxxp://www.microsoft.com/support/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{E642CB23-6186-418C-9B97-D12D8B681FC4}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.ensemblestudios.com/aom/index.html/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{CE4F9AA0-B50E-4509-87B3-312B473AA74C}\SupportTasks\1\Support.lnk -> hxxp://www.piranha-bytes.com/gothic1/gothic1_faq_english.html/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{CE4F9AA0-B50E-4509-87B3-312B473AA74C}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.piranha-bytes.com/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{B86065B3-F461-46B3-A9F7-397F53DAC8C2}\SupportTasks\1\Support.lnk -> hxxp://support.lucasarts.com/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{B86065B3-F461-46B3-A9F7-397F53DAC8C2}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.swbattlefront2.com/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{42BB19A3-BB52-4B1C-8A47-566A70503079}\SupportTasks\1\Support.lnk -> hxxp://support.microsoft.com/directory/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{42BB19A3-BB52-4B1C-8A47-566A70503079}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.microsoft.com/games/age2/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{296AA790-7BF8-4BC9-8766-432ECEAD9ACB}\SupportTasks\1\Support.lnk -> hxxp://www.atarisupport.com/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{296AA790-7BF8-4BC9-8766-432ECEAD9ACB}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.piranha-bytes.com/gothic2/content_english/news_press.php/

ShortcutWithArgument: C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->                                                                                                                       
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->                                                                                                                       
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->                                                                                                                       

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-05-28 15:10 - 2016-05-28 15:10 - 00137920 _____ () C:\Program Files\AVAST Software\Avast\x64\log.dll
2016-07-12 20:54 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 20:54 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-19 08:18 - 2016-04-19 08:19 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-13 19:02 - 2016-02-13 19:02 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 20:56 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 20:54 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 20:54 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 20:54 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 20:54 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-28 15:10 - 2016-05-28 15:10 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-28 15:10 - 2016-05-28 15:10 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-29 11:29 - 2016-08-29 11:29 - 03016192 _____ () C:\Program Files\AVAST Software\Avast\defs\16082900\algo.dll
2016-05-28 15:10 - 2016-05-28 15:10 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-05-28 15:10 - 2016-05-28 15:10 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-04-19 08:18 - 2016-04-19 08:19 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-03-15 14:12 - 2016-03-15 14:12 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-11-15 02:53 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows:CM_07bdf4a8c4c490ca7919611231e13eb670e4a0ad29869dd8f2e869bc87f6c3a8 [74]
AlternateDataStreams: C:\Windows:CM_25c0d7379373529ead846cb4332cac331743f799884338c630de8d6bc5a9ad77 [74]
AlternateDataStreams: C:\Windows:CM_2fbc7cacfd828b791562c9690c61bb830aeeeae72f86bd829562576f9fc1fe83 [74]
AlternateDataStreams: C:\Windows:CM_9015d22b2a6b3f6bdfbfec9cc8a460230758574f203752df19168f533c7fb302 [74]
AlternateDataStreams: C:\Windows:CM_cdfdf49505024624d2decf3e9557d51162be6aba9545d69de4a936f7ba6139f4 [74]
AlternateDataStreams: C:\Windows:CM_d1cca5b43b23e7a102fa897d892102fdacb2faaf6f5875efce3bd0a2c56874f8 [74]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Classes\.scr: SOFiCAD-OEMScriptFile => C:\WINDOWS\system32\notepad.exe "%1" <===== ACHTUNG

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\localhost -> localhost

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2012-07-26 07:26 - 2016-08-29 11:20 - 00000832 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-205815100-794779995-1947703700-1001\Control Panel\Desktop\\Wallpaper -> c:\users\martin\pictures\carcasonne.jpg
DNS Servers: 10.156.33.53 - 129.187.5.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{6A219EAC-A8C9-4714-A40C-4B1E675DA9A5}C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe] => (Allow) C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe
FirewallRules: [UDP Query User{14B44FB0-F9E5-4BF6-9334-B6BE4CE1D514}C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe] => (Allow) C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe
FirewallRules: [{A88975B8-BBFD-477E-9DC2-5236F5A941BD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{3F3A4D03-C443-4145-84BF-83523DF57C2D}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{AF9C9E7C-E573-4295-9FCB-8ACFAD7FC8F2}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{F138714E-9316-4A72-9797-E4514582BC93}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{0D91FB41-C9AB-40A5-A51E-C6BE6A9CCDEA}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{3E537FF1-097F-4C80-B334-DBAC95E65F32}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{2C1F9E7C-BD53-492A-9B41-50335850F173}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe
FirewallRules: [UDP Query User{32EAEC46-63B7-4D3F-8CB1-FEB6FFFAFCF3}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe
FirewallRules: [{8A367C20-C7E1-4CF4-89F5-014469534249}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{30D99AD4-8229-4E56-966D-245501088E8D}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{A09EB9EB-05F5-445D-855D-1C3B2B1C395A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4CAA78A7-C705-4920-A218-EEFE8BBFA3D0}] => (Allow) C:\Program Files (x86)\Legpat\Update\LegpatUpdate.exe
FirewallRules: [{EC294C97-2178-4F12-B7F5-D2E08D380816}] => (Allow) C:\Program Files (x86)\Legpat\Application\chrome.exe
FirewallRules: [{237E438F-F612-442D-B6F1-028C41382D9D}] => (Allow) C:\ProgramData\Legpat\Legpat.exe
FirewallRules: [{BD4C73AA-4A79-4087-BC07-79477408C425}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B2D7DCAF-91F3-4D50-9DDF-B79AB22CE482}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9BE540DB-ABBB-4FBF-A772-118C53E7EFF5}] => (Allow) C:\Program Files (x86)\CLIQZ\CLIQZ.exe
FirewallRules: [{0981E983-07AE-4243-A739-73165D224A54}] => (Allow) C:\Program Files (x86)\CLIQZ\CLIQZ.exe
FirewallRules: [{31958BF8-D377-4CD8-811E-2E0A87DBD93F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Wiederherstellungspunkte =========================

10-08-2016 09:32:46 Geplanter Prüfpunkt
19-08-2016 10:38:33 Geplanter Prüfpunkt
24-08-2016 09:01:40 Windows Update
29-08-2016 13:51:10 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/29/2016 01:51:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (08/29/2016 01:48:43 PM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (08/29/2016 01:48:21 PM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (08/29/2016 01:46:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Laptop-Martin)
Description: Bei der Aktivierung der App „Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/29/2016 01:35:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Laptop-Martin)
Description: Bei der Aktivierung der App „Microsoft.Windows.Photos_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/29/2016 11:44:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "c:\program files\autodesk\revit 2016\FaroImporter.exe".
Die abhängige Assemblierung "FARO.LS,processorArchitecture="x86",publicKeyToken="1d23f5635ba800ab",type="win32",version="1.1.408.2"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (08/29/2016 07:47:08 AM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (08/29/2016 07:46:46 AM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (08/28/2016 06:22:25 PM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (08/28/2016 06:22:09 PM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.


Systemfehler:
=============
Error: (08/29/2016 01:50:14 PM) (Source: DCOM) (EventID: 10016) (User: Laptop-Martin)
Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "Laptop-Martin\Martin" (SID: S-1-5-21-205815100-794779995-1947703700-1001) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (08/29/2016 01:48:37 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Manager für heruntergeladene Karten" wurde nicht richtig gestartet.

Error: (08/29/2016 01:44:32 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Übermittlungsoptimierung" wurde nicht richtig gestartet.

Error: (08/29/2016 01:44:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht.

Error: (08/29/2016 01:40:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MemeoBackgroundService" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (08/29/2016 01:40:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MemeoBackgroundService erreicht.

Error: (08/29/2016 01:38:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_30e75" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/29/2016 01:38:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _30e75" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/29/2016 01:38:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_30e75" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/29/2016 01:38:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_30e75" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2016-08-29 11:40:30.183
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-29 11:40:30.120
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-29 11:40:30.019
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-29 11:40:29.956
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-29 11:40:26.774
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-29 11:40:26.701
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-29 11:39:52.811
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-29 11:39:52.758
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-29 11:39:49.635
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-29 11:39:49.334
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 29%
Installierter physikalischer RAM: 8084.27 MB
Verfügbarer physikalischer RAM: 5717.57 MB
Summe virtueller Speicher: 9364.27 MB
Verfügbarer virtueller Speicher: 7205.19 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:448.21 GB) (Free:137.87 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (RECOVERY) (Fixed) (Total:16.79 GB) (Free:2.14 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (UNSERE_ERDE) (CDROM) (Total:6.87 GB) (Free:0 GB) UDF

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9EC65A10)

Partition: GPT.

==================== Ende von Addition.txt ============================

M-K-D-B · 29.08.2016, 19:26

Servus,

sehr gut gemacht.

Deine Logdateien sehen schon VIEL besser aus.

AdwCleaner müssen wir allerdings nochmal ausführen, weil du eine Option nicht gesetzt hattest (Chrome Einstellungen).

So geht es weiter:

Schritt 1

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel
- "Prefetch" Dateien
- Winsock
- Chrome Richtlinien
- Chrome Einstellungen
Bestätige die Auswahl mit Ok.
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Policies\Explorer: [] 
BHO-x32: Kein Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> Keine Datei
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Keine Datei
Edge HomeButtonPage: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> hxxp://www.nuesearch.com/?type=hp&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668
FF HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\extensions\cliqz@cliqz.com => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => nicht gefunden
Unlock: C:\Program Files (x86)\WinZipper
C:\Program Files (x86)\WinZipper
C:\Program Files (x86)\setup.exe
C:\Program Files (x86)\setup.ini
C:\Users\Martin\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
Task: {92C847DC-B226-4C5A-A8AB-184E4A601340} - System32\Tasks\UpdaterTask => C:\Users\Martin\AppData\Local\Temp\avdrhxythrag [Argument = /p=27 /i=1] <==== ACHTUNG
Task: {A8C2E264-6122-426B-B842-15D6E9E9638C} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
AlternateDataStreams: C:\Windows:CM_07bdf4a8c4c490ca7919611231e13eb670e4a0ad29869dd8f2e869bc87f6c3a8 [74]
AlternateDataStreams: C:\Windows:CM_25c0d7379373529ead846cb4332cac331743f799884338c630de8d6bc5a9ad77 [74]
AlternateDataStreams: C:\Windows:CM_2fbc7cacfd828b791562c9690c61bb830aeeeae72f86bd829562576f9fc1fe83 [74]
AlternateDataStreams: C:\Windows:CM_9015d22b2a6b3f6bdfbfec9cc8a460230758574f203752df19168f533c7fb302 [74]
AlternateDataStreams: C:\Windows:CM_cdfdf49505024624d2decf3e9557d51162be6aba9545d69de4a936f7ba6139f4 [74]
AlternateDataStreams: C:\Windows:CM_d1cca5b43b23e7a102fa897d892102fdacb2faaf6f5875efce3bd0a2c56874f8 [74]
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Classes\.scr: SOFiCAD-OEMScriptFile => C:\WINDOWS\system32\notepad.exe "%1" <===== ACHTUNG
Unlock: C:\ProgramData\cm-lock
Folder: C:\ProgramData\cm-lock
Folder: C:\Program Files (x86)\_SSpm
Folder: C:\Program Files (x86)\zffvjegf
Folder: C:\WINDOWS\SysWOW64\_SSpm
CMD: dir "C:\Program Files (x86)"
CMD: dir "C:\ProgramData"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 3

Starte FRST erneut.

Kopiere den Inhalt der folgenden Code-Box in die Zeile "Suche":

Code:

ATTFilter

iSafe;winziper;qksee;Legpat;Uncheckit;Browser-Security;DriverCure;Elex-tech;ParetoLogic;Solvusoft;web companion;BandwidthStat;ChelfNotify;WaNetworkEnhance;PC Speed Maximizer;Wajam;QQBrowser;SoftUpgrade;TXQQBrowser;WinSaber;SoEasySvc;mindspark;

Drücke auf Registry-Suche.
FRST beginnt mit dem Suchlauf. Dies kann einige Zeit dauern.
Am Ende erstellt FRST eine Textdatei SearchReg.txt.
Poste mir deren Inhalt mit deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei des FRST-Fix,
die neue Logdatei von FRST (SearchReg.txt),
die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt).

Martin.9008 · 30.08.2016, 08:15

Leider konnte ich Schritt 2 nicht ausführen, da sich bei mir mit Strg + R nur dieses Fenster öffnet:

Wenn ich da versuche den Text einzufügen, dann wird nur die erste Zeile eingefügt. Was mache ich falsch?

M-K-D-B · 30.08.2016, 09:59

Zitat:

Zitat von Martin.9008

Leider konnte ich Schritt 2 nicht ausführen, da sich bei mir mit Strg + R nur dieses Fenster öffnet:

Wenn ich da versuche den Text einzufügen, dann wird nur die erste Zeile eingefügt. Was mache ich falsch?

dort gibst du "notepad" ein und drückst auf ok ... steht aber eigentlich in der Anleitung...

Dann öffnet sich ein leeres Textdokument und dort fügst du alle Zeilen für den FRST-Fix ein.

Du schaffst das

Martin.9008 · 30.08.2016, 12:56

Ja.... wer lesen kann ist klar im Vorteil

Vielen Dank für deine schnellen Antworten! Es ist echt toll, was ihr hier ehrenamtlich macht!

AdwareCleaner[C2]

Code:

ATTFilter

# AdwCleaner v6.010 - Bericht erstellt am 30/08/2016 um 08:58:16
# Aktualisiert am 12/08/2016 von ToolsLib
# Datenbank : 2016-08-30.1 [Server]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : Martin - LAPTOP-MARTIN
# Gestartet von : C:\Users\Martin\Desktop\AdwCleaner_6.010.exe
# Modus: Löschen
# Unterstützung : https://toolslib.net/forum



***** [ Dienste ] *****



***** [ Ordner ] *****

[-] Ordner gelöscht: C:\Program Files (x86)\WinZipper


***** [ Dateien ] *****

[-] Datei gelöscht: C:\WINDOWS\SysNative\LavasoftTcpService64.dll


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****



***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht: HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}


***** [ Browser ] *****



*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
:: Hosts-Datei wiederhergestellt

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [22642 Bytes] - [29/08/2016 11:20:48]
C:\AdwCleaner\AdwCleaner[C2].txt - [1264 Bytes] - [30/08/2016 08:58:16]
C:\AdwCleaner\AdwCleaner[S0].txt - [22756 Bytes] - [29/08/2016 11:13:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [1569 Bytes] - [30/08/2016 08:55:47]
C:\AdwCleaner\AdwCleaner[S2].txt - [1642 Bytes] - [30/08/2016 08:57:17]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1557 Bytes] ##########

AdwareCleaner[S2]

Code:

ATTFilter

# AdwCleaner v6.010 - Bericht erstellt am 30/08/2016 um 08:57:17
# Aktualisiert am 12/08/2016 von ToolsLib
# Datenbank : 2016-08-30.1 [Server]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : Martin - LAPTOP-MARTIN
# Gestartet von : C:\Users\Martin\Desktop\AdwCleaner_6.010.exe
# Modus: Suchlauf
# Unterstützung : https://toolslib.net/forum



***** [ Dienste ] *****

Keine schädlichen Dienste gefunden.


***** [ Ordner ] *****

Ordner Gefunden: C:\Program Files (x86)\WinZipper


***** [ Dateien ] *****

Datei Gefunden: C:\WINDOWS\SysNative\LavasoftTcpService64.dll


***** [ DLL ] *****

Keine infizierten DLLs gefunden.


***** [ WMI ] *****

Keine schädlichen Schlüssel gefunden.


***** [ Verknüpfungen ] *****

Keine infizierten Verknüpfungen gefunden.


***** [ Aufgabenplanung ] *****

Aufgabe Gefunden: UpdaterTask
Aufgabe Gefunden: AVGPCTuneUp_Task_BkGndMaintenance


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden: HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}


***** [ Internetbrowser ] *****

Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [22642 Bytes] - [29/08/2016 11:20:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [22756 Bytes] - [29/08/2016 11:13:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [1569 Bytes] - [30/08/2016 08:55:47]
C:\AdwCleaner\AdwCleaner[S2].txt - [1490 Bytes] - [30/08/2016 08:57:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1563 Bytes] ##########

Fixlog:

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 29-08-2016
durchgeführt von Martin (30-08-2016 13:15:02) Run:1
Gestartet von C:\Users\Martin\Desktop
Geladene Profile: Martin (Verfügbare Profile: Martin)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Policies\Explorer: [] 
BHO-x32: Kein Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> Keine Datei
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Keine Datei
Edge HomeButtonPage: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> hxxp://www.nuesearch.com/?type=hp&ts=1468313588&z=bc963835c4286402d460deegez9q6bbc6gac4qeebg&from=wpm0616&uid=ST500LM012XHN-M500MBB_S2SVJ9ECA09668
FF HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\extensions\cliqz@cliqz.com => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => nicht gefunden
Unlock: C:\Program Files (x86)\WinZipper
C:\Program Files (x86)\WinZipper
C:\Program Files (x86)\setup.exe
C:\Program Files (x86)\setup.ini
C:\Users\Martin\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
Task: {92C847DC-B226-4C5A-A8AB-184E4A601340} - System32\Tasks\UpdaterTask => C:\Users\Martin\AppData\Local\Temp\avdrhxythrag [Argument = /p=27 /i=1] <==== ACHTUNG
Task: {A8C2E264-6122-426B-B842-15D6E9E9638C} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
AlternateDataStreams: C:\Windows:CM_07bdf4a8c4c490ca7919611231e13eb670e4a0ad29869dd8f2e869bc87f6c3a8 [74]
AlternateDataStreams: C:\Windows:CM_25c0d7379373529ead846cb4332cac331743f799884338c630de8d6bc5a9ad77 [74]
AlternateDataStreams: C:\Windows:CM_2fbc7cacfd828b791562c9690c61bb830aeeeae72f86bd829562576f9fc1fe83 [74]
AlternateDataStreams: C:\Windows:CM_9015d22b2a6b3f6bdfbfec9cc8a460230758574f203752df19168f533c7fb302 [74]
AlternateDataStreams: C:\Windows:CM_cdfdf49505024624d2decf3e9557d51162be6aba9545d69de4a936f7ba6139f4 [74]
AlternateDataStreams: C:\Windows:CM_d1cca5b43b23e7a102fa897d892102fdacb2faaf6f5875efce3bd0a2c56874f8 [74]
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Classes\.scr: SOFiCAD-OEMScriptFile => C:\WINDOWS\system32\notepad.exe "%1" <===== ACHTUNG
Unlock: C:\ProgramData\cm-lock
Folder: C:\ProgramData\cm-lock
Folder: C:\Program Files (x86)\_SSpm
Folder: C:\Program Files (x86)\zffvjegf
Folder: C:\WINDOWS\SysWOW64\_SSpm
CMD: dir "C:\Program Files (x86)"
CMD: dir "C:\ProgramData"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************

Prozess erfolgreich geschlossen.
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => Wert erfolgreich entfernt
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" => Schlüssel erfolgreich entfernt
HKCR\Wow6432Node\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Wert erfolgreich entfernt
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => Wert erfolgreich entfernt
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Mozilla\Firefox\Extensions\\cliqz@cliqz.com => Wert erfolgreich entfernt
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} => Wert erfolgreich entfernt
"C:\Program Files (x86)\WinZipper" => nicht gefunden.
"C:\Program Files (x86)\WinZipper" => nicht gefunden.
C:\Program Files (x86)\setup.exe => erfolgreich verschoben
C:\Program Files (x86)\setup.ini => erfolgreich verschoben
C:\Users\Martin\AppData\Local\Google\Desktop\Install => erfolgreich verschoben
C:\Program Files (x86)\Google\Desktop\Install => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92C847DC-B226-4C5A-A8AB-184E4A601340} => Schlüssel nicht gefunden. 
C:\WINDOWS\System32\Tasks\UpdaterTask => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterTask => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8C2E264-6122-426B-B842-15D6E9E9638C} => Schlüssel nicht gefunden. 
C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGPCTuneUp_Task_BkGndMaintenance => Schlüssel nicht gefunden. 
C:\Windows => ":CM_07bdf4a8c4c490ca7919611231e13eb670e4a0ad29869dd8f2e869bc87f6c3a8" ADS erfolgreich entfernt.
C:\Windows => ":CM_25c0d7379373529ead846cb4332cac331743f799884338c630de8d6bc5a9ad77" ADS erfolgreich entfernt.
C:\Windows => ":CM_2fbc7cacfd828b791562c9690c61bb830aeeeae72f86bd829562576f9fc1fe83" ADS erfolgreich entfernt.
C:\Windows => ":CM_9015d22b2a6b3f6bdfbfec9cc8a460230758574f203752df19168f533c7fb302" ADS erfolgreich entfernt.
C:\Windows => ":CM_cdfdf49505024624d2decf3e9557d51162be6aba9545d69de4a936f7ba6139f4" ADS erfolgreich entfernt.
C:\Windows => ":CM_d1cca5b43b23e7a102fa897d892102fdacb2faaf6f5875efce3bd0a2c56874f8" ADS erfolgreich entfernt.
"HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Classes\SOFiCAD-OEMScriptFile" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Classes\.scr" => Schlüssel erfolgreich entfernt
"C:\ProgramData\cm-lock" => nicht gefunden.

========================= Folder: C:\ProgramData\cm-lock ========================

nicht gefunden.

====== Ende von Folder: ======


========================= Folder: C:\Program Files (x86)\_SSpm ========================

2016-08-22 12:34 - 2016-06-21 07:25 - 0000484 _____ () C:\Program Files (x86)\_SSpm\39.json
2016-08-22 12:34 - 2016-08-18 10:10 - 0813796 _____ () C:\Program Files (x86)\_SSpm\DataBase
2016-08-22 12:34 - 2014-08-12 18:00 - 0131640 _____ (Tencent Inc.) C:\Program Files (x86)\_SSpm\QQBrowser.exe
2016-08-22 12:34 - 2016-07-06 08:33 - 0100864 _____ (Skytech) C:\Program Files (x86)\_SSpm\QQBrowserFrame.dll
2016-08-22 12:34 - 2016-08-22 08:13 - 0355608 _____ () C:\Program Files (x86)\_SSpm\saber.exe
2016-08-22 12:34 - 2016-06-08 10:22 - 0085504 _____ () C:\Program Files (x86)\_SSpm\UnEverything.exe
2016-08-23 07:45 - 2016-08-23 05:43 - 0160304 _____ () C:\Program Files (x86)\_SSpm\winzipper.exe
2016-08-22 12:34 - 2016-08-18 10:04 - 0541416 _____ (WFini LIMITED) C:\Program Files (x86)\_SSpm\wpm.exe

====== Ende von Folder: ======


========================= Folder: C:\Program Files (x86)\zffvjegf ========================


====== Ende von Folder: ======


========================= Folder: C:\WINDOWS\SysWOW64\_SSpm ========================

2016-06-21 13:25 - 2016-06-21 13:25 - 0000484 _____ () C:\WINDOWS\SysWOW64\_SSpm\39.json
2016-07-06 14:10 - 2016-07-06 14:10 - 0816132 _____ () C:\WINDOWS\SysWOW64\_SSpm\DataBase
2016-08-08 11:11 - 2016-08-08 11:11 - 0275672 _____ () C:\WINDOWS\SysWOW64\_SSpm\qks.exe
2014-08-13 00:00 - 2014-08-13 00:00 - 0131640 _____ (Tencent Inc.) C:\WINDOWS\SysWOW64\_SSpm\QQBrowser.exe
2016-07-06 14:33 - 2016-07-06 14:33 - 0100864 _____ (Skytech) C:\WINDOWS\SysWOW64\_SSpm\QQBrowserFrame.dll
2016-06-08 16:22 - 2016-06-08 16:22 - 0085504 _____ () C:\WINDOWS\SysWOW64\_SSpm\UnEverything.exe

====== Ende von Folder: ======


========= dir "C:\Program Files (x86)" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: CC6E-7394

 Verzeichnis von C:\Program Files (x86)

30.08.2016  13:15    <DIR>          .
30.08.2016  13:15    <DIR>          ..
16.01.2016  21:48    <DIR>          Adobe
08.07.2014  23:02    <DIR>          Adobe Download Assistant
15.11.2012  02:52    <DIR>          AMD APP
12.11.2013  15:36    <DIR>          ANNO 1404 - K”nigsedition
14.07.2014  15:54    <DIR>          Anno 1701
26.03.2016  13:37    <DIR>          ATI Technologies
21.10.2013  17:37    <DIR>          Autodesk
22.05.2016  15:07    <DIR>          AVG
03.02.2016  14:59    <DIR>          AX88772C
15.11.2012  02:57    <DIR>          Bonjour
28.06.2016  08:42    <DIR>          c9ikp9in
26.08.2016  08:43    <DIR>          CLIQZ
12.05.2016  09:01    <DIR>          CodeMeter
29.08.2016  11:19    <DIR>          Common Files
31.08.2012  23:03    <DIR>          Connected Music powered by Universal Music Group
18.08.2013  20:21    <DIR>          CyberLink
06.12.2015  19:09    <DIR>          Deep Silver
24.08.2016  00:34    <DIR>          Drecuied
24.08.2016  09:03    <DIR>          Dropbox
03.04.2015  16:33    <DIR>          DVDVideoSoft
03.04.2015  16:33    <DIR>          Free Codec Pack
05.12.2015  18:05    <DIR>          Free mp3 Wma Converter
22.05.2013  14:38    <DIR>          GameSpy Arcade
20.05.2016  22:42    <DIR>          Ghokaphlbeward
20.08.2016  08:46    <DIR>          Google
11.04.2015  13:42    <DIR>          Gothic II Gold
04.07.2014  17:05    <DIR>          Handbuch und FAQ
29.03.2016  09:45    <DIR>          Hewlett-Packard
27.10.2013  11:55    <DIR>          HP
31.08.2012  23:03    <DIR>          HPConnectedMusic
26.03.2016  15:40    <DIR>          Intel
10.08.2016  17:11    <DIR>          Internet Explorer
13.10.2015  16:43    <DIR>          Java
29.08.2016  11:18    <DIR>          Lavasoft
29.08.2015  18:53    <DIR>          licenses
18.01.2013  14:16    <DIR>          MainConcept
26.09.2013  10:36    <DIR>          Maxis
24.02.2013  11:49    <DIR>          MEDION
24.02.2013  11:50    <DIR>          Memeo
19.01.2013  11:33    <DIR>          Microsoft Analysis Services
09.01.2016  13:06    <DIR>          Microsoft Games
19.01.2013  11:37    <DIR>          Microsoft Office
18.04.2016  12:45    <DIR>          Microsoft SDKs
26.06.2016  01:48    <DIR>          Microsoft Silverlight
18.04.2016  12:45    <DIR>          Microsoft SQL Server
19.01.2013  11:37    <DIR>          Microsoft SQL Server Compact Edition
19.01.2013  11:37    <DIR>          Microsoft Sync Framework
19.01.2013  11:37    <DIR>          Microsoft Synchronization Services
19.01.2013  11:35    <DIR>          Microsoft Visual Studio 8
26.03.2016  13:24    <DIR>          Microsoft.NET
26.03.2016  13:37    <DIR>          MSBuild
27.06.2016  12:42    <DIR>          nc0gtqtf
03.04.2015  17:17    <DIR>          Nero
06.12.2015  19:26    <DIR>          NVIDIA Corporation
17.01.2013  15:23    <DIR>          Online Services
29.08.2015  18:55    <DIR>          OpenOffice 4
13.08.2014  10:29       154.565.521 openoffice1.cab
13.08.2014  10:27         2.314.240 openoffice411.msi
08.09.2013  12:31    <DIR>          PiranhaBytes
12.11.2014  12:35    <DIR>          Pontifex Demo
29.08.2015  18:53    <DIR>          readmes
15.11.2012  02:56    <DIR>          Realtek
29.08.2015  18:53    <DIR>          redist
26.03.2016  12:58    <DIR>          Reference Assemblies
26.09.2013  10:34    <DIR>          SimCity 4 Deluxe
18.04.2016  14:19    <DIR>          SOFiSTiK
07.04.2016  10:36    <DIR>          Software Treiber SkyStar
12.04.2016  15:24    <DIR>          Star Wars Battlefront II
15.11.2012  03:20    <DIR>          SymSilent
21.04.2014  19:55    <DIR>          TeamSpeak 3 Client
29.03.2016  09:45    <DIR>          TechniSat DVB
10.05.2013  18:49    <DIR>          Ubi Soft
16.04.2016  18:13    <DIR>          Ubisoft
08.10.2014  18:34    <DIR>          VideoLAN
11.06.2014  14:35    <DIR>          Wecker6
13.07.2016  08:58    <DIR>          Windows Defender
31.08.2012  23:00    <DIR>          Windows Live
13.07.2016  08:58    <DIR>          Windows Mail
13.02.2016  18:58    <DIR>          Windows Media Player
26.03.2016  21:04    <DIR>          Windows Multimedia Platform
30.10.2015  09:24    <DIR>          Windows NT
13.07.2016  08:58    <DIR>          Windows Photo Viewer
26.03.2016  21:04    <DIR>          Windows Portable Devices
24.12.2014  17:06    <DIR>          Worms 4 Mayhem
12.02.2013  17:23    <DIR>          YOUTUBE Downloader
01.08.2016  10:42    <DIR>          zffvjegf
29.08.2016  13:36    <DIR>          _SSpm
               2 Datei(en),    156.879.761 Bytes
              87 Verzeichnis(se), 147.889.700.864 Bytes frei

========= Ende von CMD: =========


========= dir "C:\ProgramData" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: CC6E-7394

 Verzeichnis von C:\ProgramData

16.01.2016  21:48    <DIR>          Adobe
15.11.2012  02:57    <DIR>          Apple
26.03.2016  15:22    <DIR>          Application Data
26.03.2016  18:08    <DIR>          ATI
18.04.2016  17:16    <DIR>          Autodesk
15.03.2016  14:12    <DIR>          AVAST Software
22.05.2016  15:07    <DIR>          Avg
18.01.2013  14:32    <DIR>          CMUV
18.04.2016  12:41    <DIR>          CodeMeter
30.10.2015  09:24    <DIR>          Comms
23.03.2013  16:29    <DIR>          CyberLink
13.06.2015  09:25    <DIR>          Dropbox
18.06.2016  11:30    <DIR>          F-Secure
21.10.2013  18:48    <DIR>          FARO
18.04.2016  13:14    <DIR>          FLEXnet
04.05.2013  15:33    <DIR>          Google
11.05.2016  16:43    <DIR>          Hewlett-Packard
15.11.2012  03:09    <DIR>          install_clap
15.11.2012  02:54    <DIR>          Intel
29.08.2016  11:17    <DIR>          Lavasoft
29.08.2016  11:41    <DIR>          Malwarebytes
13.06.2015  09:32    <DIR>          McAfee
26.08.2013  11:10    <DIR>          Media Center Programs
24.08.2016  09:07    <DIR>          Microsoft Help
13.02.2016  19:31    <DIR>          Microsoft OneDrive
26.03.2016  10:10    <DIR>          Nero
19.01.2013  12:28    <DIR>          Norton
15.11.2012  03:18    <DIR>          NortonInstaller
21.07.2016  10:13    <DIR>          Oracle
18.04.2016  15:26    <DIR>          Package Cache
29.07.2014  13:09    <DIR>          PDF Writer
26.03.2016  13:25    <DIR>          PRICache
15.11.2012  02:57    <DIR>          Ralink Driver
13.02.2016  19:12    <DIR>          regid.1991-06.com.microsoft
20.06.2016  11:50    <DIR>          Skype
29.04.2016  18:22    <DIR>          SoftwareDistribution
26.09.2013  16:45    <DIR>          Solidshield
21.10.2013  18:18    <DIR>          Sun
15.11.2012  03:30    <DIR>          Synaptics
26.08.2013  10:48    <DIR>          Tages
18.01.2013  14:16    <DIR>          Technisat
15.11.2012  03:14    <DIR>          Temp
13.02.2016  19:26    <DIR>          USOPrivate
13.02.2016  19:26    <DIR>          USOShared
30.06.2016  12:47    <DIR>          W
05.05.2013  12:27    <DIR>          {9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
               0 Datei(en),              0 Bytes
              46 Verzeichnis(se), 147.889.696.768 Bytes frei

========= Ende von CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= Ende von CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= Ende von CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 583648 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13150391 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 2614108685 B
Edge => 71975986 B
Chrome => 749582 B
Firefox => 11443176 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 9777 B
LocalService => 7309528 B
NetworkService => 15876 B
Martin => 2830533315 B

RecycleBin => 24592564588 B
EmptyTemp: => 28.1 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 13:22:40 ====

SearchReg:

Code:

ATTFilter

Farbar Recovery Scan Tool (x64) Version: 29-08-2016
durchgeführt von Martin (30-08-2016 13:36:03)
Gestartet von C:\Users\Martin\Desktop
Start-Modus: Normal

================== Registry-Suche: "iSafe;winziper;qksee;Legpat;Uncheckit;Browser-Security;DriverCure;Elex-tech;ParetoLogic;Solvusoft;web companion;BandwidthStat;ChelfNotify;WaNetworkEnhance;PC Speed Maximizer;Wajam;QQBrowser;SoftUpgrade;TXQQBrowser;WinSaber;SoEasySvc;mindspark" ===========


===================== Suchergebnis für "iSafe" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03C3860D-86B7-4F36-924C-3B1AD93B4C79}]
""="ISafeReportItem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0A95BE2D-1543-46BE-AD6D-18653034BF87}]
""="ISafeMailItem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3120A5E4-552D-4EDF-8C48-70C5D5FF22D2}]
""="ISafeContactItem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31CE2164-4D5C-4508-BCA7-B10E11D08E6B}]
""="ISafeMAPIFolder"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35EFAD55-134A-47BF-912A-44A9D9FD556F}]
""="ISafeAppointmentItem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{49B868F0-D9F9-4F23-992D-A2A423F406E4}]
""="ISafeSaveHandleManager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C61669E-F0CE-4126-B365-316588E6228F}]
""="ISafeRecipient"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6A5D680A-8F9F-4752-A056-2C0273F60B4E}]
""="ISafePostItem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E4C6020-2932-4DDD-BDA8-998AE4CDF50D}]
""="ISafeInspector"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BB94DAAD-7836-4D62-9557-2A7B83839B7B}]
""="ISafeSaveHandleManager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CACB61E0-AEEA-404D-88E1-7F3BCA8B8726}]
""="ISafeRecipients"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CD5B9523-6EAF-4D63-8FE8-C081C51D1673}]
""="ISafeTable"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7E6FB7C-A22F-4A9D-A89D-653D1AA37324}]
""="ISafeCurrentUser"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D80AC53D-E102-4A55-A265-529A626515E5}]
""="ISafeItems"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DBCAD616-BFD4-4C72-8D87-C5926921D378}]
""="_ISafeItem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3EC74BB-5522-462D-A00F-2728C53FCA04}]
""="ISafeJournalItem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EBB4EBA9-D546-4C85-A05A-167BF875FB83}]
""="ISafeDistList"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F7919641-3978-4668-8388-7310329C800E}]
""="ISafeMeetingItem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F961CE9D-AE2B-4CFB-887C-3A055FF685C9}]
""="ISafeTaskItem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{03C3860D-86B7-4F36-924C-3B1AD93B4C79}]
""="ISafeReportItem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0A95BE2D-1543-46BE-AD6D-18653034BF87}]
""="ISafeMailItem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3120A5E4-552D-4EDF-8C48-70C5D5FF22D2}]
""="ISafeContactItem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31CE2164-4D5C-4508-BCA7-B10E11D08E6B}]
""="ISafeMAPIFolder"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35EFAD55-134A-47BF-912A-44A9D9FD556F}]
""="ISafeAppointmentItem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49B868F0-D9F9-4F23-992D-A2A423F406E4}]
""="ISafeSaveHandleManager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5C61669E-F0CE-4126-B365-316588E6228F}]
""="ISafeRecipient"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A5D680A-8F9F-4752-A056-2C0273F60B4E}]
""="ISafePostItem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6E4C6020-2932-4DDD-BDA8-998AE4CDF50D}]
""="ISafeInspector"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BB94DAAD-7836-4D62-9557-2A7B83839B7B}]
""="ISafeSaveHandleManager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CACB61E0-AEEA-404D-88E1-7F3BCA8B8726}]
""="ISafeRecipients"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CD5B9523-6EAF-4D63-8FE8-C081C51D1673}]
""="ISafeTable"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D7E6FB7C-A22F-4A9D-A89D-653D1AA37324}]
""="ISafeCurrentUser"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D80AC53D-E102-4A55-A265-529A626515E5}]
""="ISafeItems"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DBCAD616-BFD4-4C72-8D87-C5926921D378}]
""="_ISafeItem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3EC74BB-5522-462D-A00F-2728C53FCA04}]
""="ISafeJournalItem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EBB4EBA9-D546-4C85-A05A-167BF875FB83}]
""="ISafeDistList"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7919641-3978-4668-8388-7310329C800E}]
""="ISafeMeetingItem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F961CE9D-AE2B-4CFB-887C-3A055FF685C9}]
""="ISafeTaskItem"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"iSafeTray.exe"="0"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe"="0x534143500100000000000000070000002800000020CD0100566002000100000000000000000003067102000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000058350000000000000200000002000000"


===================== Suchergebnis für "winziper" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast\PUB-Removed]
"1d1fd987501f7d0"="
C:\Users\Martin\AppData\Roaming\WinZiper\update\wzp_update_v2.2.1.exe
>tools\unck.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast\PUB-Removed]
"1d1fd98755ef4b7"="
C:\Users\Martin\AppData\Roaming\WinZiper\update\wzp_update_v2.2.25.exe
>tools\chr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinZip]
"DisplayIcon"="C:\Program Files (x86)\WinZipper\winziper.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinZiper]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinZiper]
"svc"="winzipersvc"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinZiper]
"softuid"="Global\Winziper{78CA2E40-5C38-48EE-BB7F-599F29A6A13A}Winziper"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\WinZipper\winzipersvc.exe"="0x5341435001000000000000000700000028000000786A11004497110001000000000000000000000A7122000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000064190000000000000100000001000000"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\WinZipper\winziper.exe"="0x534143500100000000000000070000002800000098BE15003F9A160001000000000000000000000A7122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000CF7A0300000000000900000009000000"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WinZipper\winziper.exe.FriendlyAppName"="Winziper application"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\WinZipper\winziper.exe.ApplicationCompany"="Winziper Pvt Ltd."


===================== Suchergebnis für "qksee" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\PUB-Removed]
"1d1fd23c42f7e53"="
C:\Program Files (x86)\qksee\qkdup.exe"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\qksee\qkseeSvc.exe"="0x5341435001000000000000000700000028000000009E0B000000000001000000000000000000000A7122000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000007C080000000000000100000001000000"


===================== Suchergebnis für "Legpat" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Legpat]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Legpat]
"path"="C:\Program Files (x86)\Legpat\"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Legpat]
"publicdirectroy_dump"="C:\Program Files (x86)\Legpat\Reports\Dump"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML\Capabilities]
"ApplicationIcon"="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML\InstallInfo]
"HideIconsCommand"=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "-HideIconsCommand""

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML\InstallInfo]
"ReinstallCommand"=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "-ReinstallCommand""

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML\InstallInfo]
"ShowIconsCommand"=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "-ShowIconsCommand""

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML\shell\open\command]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Legpat]

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\34db7675_0]
""="{2}.\\?\hdaudio#func_01&ven_8086&dev_2806&subsys_80860101&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\intcdaudtopo_2_48_24_d0/00010001
\Device\HarddiskVolume4\Program Files (x86)\Legpat\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Legpat\Application\chrome.exe"="0x534143500100000000000000070000002800000098BF0F008C85100001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000001000000000000000000000000000000000D1B82801000000003D0000003D000000"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\Applications\chrome.exe\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\ChromeHTML\Application]
"ApplicationIcon"="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\ChromeHTML\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\ChromeHTML\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\ftp\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\ftp\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\http\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\http\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\https\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\https\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\irc\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\irc\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\mms\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\mms\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\news\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\news\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\nntp\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\nntp\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\sms\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\sms\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\smsto\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\smsto\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\urn\DefaultIcon]
""="C:\Program Files (x86)\Legpat\Application\chrome.exe,0"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Classes\urn\shell\open\command]
""=""C:\Program Files (x86)\Legpat\Application\chrome.exe" "%1""


===================== Suchergebnis für "Uncheckit" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast\PUB-Removed]
"1d1c8d34bd520cf"="
C:\Program Files (x86)\Uncheckit\InjectEx.dll"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Uncheckit\UncheckitHelper.exe"="0x5341435001000000000000000700000028000000000707007A7E070001000000000000000000000A7122000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000086090000000000000300000003000000"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Uncheckit\cktSvc.exe"="0x5341435001000000000000000700000028000000002F0400FD12050001000000000000000000000A7122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000D3040000000000000100000001000000"


===================== Suchergebnis für "Elex-tech" ==========

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe"="0x534143500100000000000000070000002800000020CD0100566002000100000000000000000003067102000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000058350000000000000200000002000000"


===================== Suchergebnis für "ParetoLogic" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
""="C:\Program Files (x86)\ParetoLogic\PCHA\noapp.exe %1"


===================== Suchergebnis für "web companion" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d35d79f6-850b-4d3b-b3df-f052f842b2da}]
"DisplayName"="Web Companion"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d35d79f6-850b-4d3b-b3df-f052f842b2da}]
"DisplayIcon"="C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionIcon.ico"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d35d79f6-850b-4d3b-b3df-f052f842b2da}]
"UninstallString"="C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe --uninstall"

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC]
"73"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Web Companion.lnk
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
"


===================== Suchergebnis für "BandwidthStat" ==========

[HKEY_USERS\S-1-5-21-205815100-794779995-1947703700-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Martin\AppData\Roaming\BandwidthStat\bandwidthstat.exe"="0x5341435001000000000000000700000028000000007C33000000000001000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000049010000000000000100000001000000"


===================== Suchergebnis für "WinSaber" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast\PUB-Removed]
"1d1fd92f82071ae"="
C:\Program Files (x86)\WinSaber\WinSaber.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinSaberSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinSaberSvc]
"svcpath"="C:\Program Files (x86)\WinSaber\"


===================== Suchergebnis für "SoEasySvc" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast\PUB-Removed]
"1d1fd90f045472d"="
C:\Program Files (x86)\SoEasySvc\SoEasySvc.exe"

====== Ende von Suche ======

Addition:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 29-08-2016
durchgeführt von Martin (30-08-2016 13:50:08)
Gestartet von C:\Users\Martin\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-26 13:14:15)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-205815100-794779995-1947703700-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-205815100-794779995-1947703700-503 - Limited - Disabled)
Gast (S-1-5-21-205815100-794779995-1947703700-501 - Limited - Disabled)
Martin (S-1-5-21-205815100-794779995-1947703700-1001 - Administrator - Enabled) => C:\Users\Martin

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (Version: 20.2.1 - HP Inc.) Hidden
Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{588B7DD2-3480-4A89-A8F6-C6781CBFAD56}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.8 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Age of Mythology - The Titans Expansion (HKLM-x32\...\Age of Mythology Expansion Pack 1.0) (Version:  - )
Age of Mythology (HKLM-x32\...\Age of Mythology 1.0) (Version:  - )
Akamai NetSession Interface (HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{5977D04D-1D6A-952C-97AF-04D9D4C0AE56}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
ANALYSIS_30_Common (x32 Version: 14.1 - SOFiSTiK AG) Hidden
ANALYSIS_30_x64_Common (x32 Version: 14.1 - SOFiSTiK AG) Hidden
ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft)
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.04 - Sunflowers)
AutoCAD Architecture 2014 - Deutsch (German) (Version: 7.5.106.0 - Autodesk) Hidden
AutoCAD Architecture 2014 - Deutsch (German) (Version: 7.5.17.0 - Autodesk) Hidden
AutoCAD Architecture 2014 - Deutsch (German) SP 1 (HKLM\...\AutoCAD Architecture 2014 - Deutsch (German) SP 1) (Version: 1 - Autodesk)
AutoCAD Architecture 2014 Language Pack - Deutsch (Version: 7.5.17.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.2.3.1000 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD Architecture 2014 - Deutsch (German) (HKLM\...\AutoCAD Architecture 2014 - Deutsch (German)) (Version: 7.5.17.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.18 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2016 (HKLM-x32\...\{FA5DF4D1-CD59-4183-B3D4-779A56498786}) (Version: 6.3.0.18 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk Revit 2016 (HKLM\...\Autodesk Revit 2016) (Version: 16.0.490.0 - Autodesk)
Autodesk Workflows 2016 (HKLM\...\{535CDED0-D690-4738-83EE-09056A365BAC}) (Version: 6.3.0.18 - Autodesk, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software)
AX88772C (HKLM-x32\...\{48C1584F-E022-4C21-9072-0BA886976B4F}) (Version: 1.01 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bullzip PDF Printer 10.6.0.2267 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.6.0.2267 - Bullzip)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
CLIQZ 1.6.1 (x86 de) (HKLM-x32\...\CLIQZ 1.6.1 (x86 de)) (Version: 1.6.1 - Cliqz GmbH)
cloudfront - Uninstall (HKLM-x32\...\{54C3021D-55CA-44E8-899F-C102D92DD517}) (Version:  - ) <==== ACHTUNG
CodeMeter Runtime Kit v6.10a (HKLM\...\{4FF3EB53-5576-4B11-A08F-605C1938176A}) (Version: 6.10.2018.501 - WIBU-SYSTEMS AG)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DIE SIEDLER - Aufstieg eines Königreichs (HKLM-x32\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft)
Die Siedler 7 (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
Die Siedler II - Die nächste Generation (HKLM-x32\...\S2TNG) (Version:  - )
Die Siedler IV (HKLM-x32\...\S4Uninst) (Version:  - )
Dot4 (HKLM\...\{DD411225-A527-4C56-91BE-15D888B3CCDE}) (Version: 1.0.0.0 - HP)
Dropbox (HKLM-x32\...\Dropbox) (Version: 8.4.21 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.41.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.12.57.324 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.57.324 - DVDVideoSoft Ltd.)
G2-Classic-Mod (HKLM-x32\...\G2-Classic-Mod) (Version: 1.1 - Sargon)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Gothic (HKLM-x32\...\{BBF10B37-4ED3-11D5-A818-00500435FC18}) (Version:  - )
Gothic 2 Gold (HKLM-x32\...\{40FE74B5-71A1-4393-A0AB-21D6E1DA5A66}) (Version: 1.0.0 - JoWood)
GOTHIC2 - Die Nacht des Raben - 'System-Paket' (HKLM-x32\...\GOTHIC2 - Die Nacht des Raben - 'System-Paket') (Version: 1.1 - World of Gothic RU © 2014)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{A38E954F-9043-42BD-9DE9-246ED183791D}) (Version: 12.5.26.37 - HP)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
MainConcept DTV Decoder Pro (HKLM-x32\...\{793FCE60-DE5E-4977-A942-A7B69A45B17D}) (Version: 1.5.0.2 - MainConcept GmbH)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MATLAB R2013b (HKLM\...\Matlab R2013b) (Version: 8.2 - The MathWorks, Inc.)
MEDION NAS TOOL (HKLM-x32\...\MEDION NAS TOOL) (Version:  - MEDION)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7939 - Memeo Inc.)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{A047101C-A3AE-4FAD-802F-01C965079F66}) (Version: 11.1.3010.3 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Nero 2015 (HKLM-x32\...\{F9592BA0-AA0D-454C-95AA-9782DF00CB4B}) (Version: 16.0.04000 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Pontifex Demo 10.19.01 (HKLM-x32\...\Pontifex Demo_is1) (Version:  - Chronic Logic LLC)
Prerequisite installer (x32 Version: 16.0.0003 - Nero AG) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Revit 2016 (Version: 16.0.490.0 - Autodesk) Hidden
Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)
Risen 2 - Dark Waters (HKLM-x32\...\{CC4473E6-AB7D-406B-ADAE-BF9C61CEC5FE}) (Version: 1.00 - Deep Silver)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SimCity 4 Deluxe (HKLM-x32\...\{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}) (Version:  - )
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
SOFiCAD-OEM 2014 (HKLM-x32\...\SOFiCADOEM 2014) (Version: 20.14.0.0 - SOFiSTiK AG)
SOFiCAD-OEM 2014 (Version: 19.1.18.0 - SOFiSTiK) Hidden
SOFiCAD-OEM 2014 (x32 Version: 19.1.0 - SOFiSTiK AG) Hidden
SOFiSTiK 2014 19.1 64Bit Object Enabler (HKLM\...\{50F1571C-50FD-2014-3064-191000000000}) (Version: 19.1.1.0 - SOFiSTiK AG)
SOFiSTiK 2014 Documenation SOFiCAD (x32 Version: 1.00.0000 - Your Company Name) Hidden
SOFiSTiK Reinforcement Detailing 2016 (HKLM\...\{50F1571C-50F6-2016-3364-201600201405}) (Version: 5.0.0 - SOFiSTiK AG)
SOFiSTiK Sonar (HKLM-x32\...\{50F1571C-50F1-2014-3032-000000150000}) (Version: 15.00 - SOFiSTiK AG)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.3 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Web Companion (HKLM-x32\...\{d35d79f6-850b-4d3b-b3df-f052f842b2da}) (Version: 2.1.1199.2443 - Lavasoft)
Wecker für Windows 6.5 (HKLM-x32\...\{FFDC4005-E968-498D-93C8-CC148742167D}}_is1) (Version: 6.5 - Christoph Bünger Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinZip (HKLM-x32\...\WinZip) (Version: 2.2.25 - Winzipper Pvt Ltd.) <==== ACHTUNG
Worms 4 Mayhem (HKLM-x32\...\{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}) (Version: 1.00.0000 - Codemasters)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E100-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E101-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E102-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7F8-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7F9-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FA-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FB-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FC-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FD-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FE-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{0053E7FF-3958-464B-8B6E-E7CF50709974}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBOLE.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\de-DE\sofc191ficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{5D8A052B-FFEE-4B2D-ADD8-EDCDA13C0763}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofiaxis_com.dll (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{5D8A052C-FFEE-4B2D-ADD8-EDCDA13C0763}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofiaxis_com.dll (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofc191.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{6AC79303-DBF3-4BE2-9F8E-0349FDC88E19}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\sofidc.arx (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{8258CC73-933A-4A76-88B1-43A5468A09F7}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\SOF_BAMTEC191_x64.DBX (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{9874959D-2021-4F77-AA2E-7E787954ADD7}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOFBFE_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176366-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176367-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176368-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B5176369-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B517636A-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{B517636B-6A16-40E8-BF5D-C6DABC4B962B}\InprocServer32 -> C:\Program Files (x86)\SOFiSTiK\2014\SOFiCAD-OEM_19.1_DEU_x64\SOF_COM.DLL (SOFiSTiK AG)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-205815100-794779995-1947703700-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\de-DE\acadficn.dll (Autodesk, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {1E041551-E3E9-4775-945B-473FF6FE41BD} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3383E5C5-2D9A-4B13-9190-937420612144} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3C33CD03-7609-44AF-9710-CAA445D6BF10} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {5D31EF85-8E68-45F5-9535-7258083FD944} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {713A80B6-4080-406C-A767-1FB30E7CD27C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-24] (Dropbox, Inc.)
Task: {82ABDCB9-8CDD-4730-AD92-AC4E496A1760} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {95EEB00E-6D66-4872-8E1E-CCBCD0748013} - System32\Tasks\{C8599BEC-8541-4730-9C00-8B636C6E2D46} => pcalua.exe -a "C:\Program Files (x86)\Star Wars Battlefront II\LaunchBFII.exe" -d "C:\Program Files (x86)\Star Wars Battlefront II"
Task: {96FB385F-013A-4BAF-8A22-44C9CB47F9E0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {AB1ADFC6-1114-4C46-8132-A482BD53D16A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-23] (Microsoft Corporation)
Task: {AB96C6F0-FEBE-4160-9998-E59661C9B7A6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-28] (AVAST Software)
Task: {AB9AA26C-745D-477B-9D28-44FF4E0063F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {B751D1AA-9672-4CF1-9F9F-C640883ADE15} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-24] (Dropbox, Inc.)
Task: {C07DD9EA-28FF-49F5-AE6E-0DE21DBC55A6} - System32\Tasks\SafeZone scheduled Autoupdate 1458044218 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {CE92AEDC-30F0-47B5-89E5-7D4DE9C3EBC7} - System32\Tasks\MATLAB R2013b Startup Accelerator => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe [2013-08-05] ()
Task: {D4179342-5F5B-4002-BE34-CB835DFE5811} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {D7374E94-A9BA-4100-977D-F0B34BED0BDA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2013b Startup Accelerator.job => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{E642CB23-6186-418C-9B97-D12D8B681FC4}\SupportTasks\1\Support.lnk -> hxxp://www.microsoft.com/support/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{E642CB23-6186-418C-9B97-D12D8B681FC4}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.ensemblestudios.com/aom/index.html/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{CE4F9AA0-B50E-4509-87B3-312B473AA74C}\SupportTasks\1\Support.lnk -> hxxp://www.piranha-bytes.com/gothic1/gothic1_faq_english.html/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{CE4F9AA0-B50E-4509-87B3-312B473AA74C}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.piranha-bytes.com/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{B86065B3-F461-46B3-A9F7-397F53DAC8C2}\SupportTasks\1\Support.lnk -> hxxp://support.lucasarts.com/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{B86065B3-F461-46B3-A9F7-397F53DAC8C2}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.swbattlefront2.com/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{42BB19A3-BB52-4B1C-8A47-566A70503079}\SupportTasks\1\Support.lnk -> hxxp://support.microsoft.com/directory/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{42BB19A3-BB52-4B1C-8A47-566A70503079}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.microsoft.com/games/age2/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{296AA790-7BF8-4BC9-8766-432ECEAD9ACB}\SupportTasks\1\Support.lnk -> hxxp://www.atarisupport.com/
Shortcut: C:\Users\Martin\AppData\Local\Microsoft\Windows\GameExplorer\{296AA790-7BF8-4BC9-8766-432ECEAD9ACB}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.piranha-bytes.com/gothic2/content_english/news_press.php/

ShortcutWithArgument: C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->                                                                                                                       
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->                                                                                                                       
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->                                                                                                                       

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-05-28 15:10 - 2016-05-28 15:10 - 00137920 _____ () C:\Program Files\AVAST Software\Avast\x64\log.dll
2016-07-12 20:54 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 20:54 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-19 08:18 - 2016-04-19 08:19 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-13 19:02 - 2016-02-13 19:02 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 20:56 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 20:54 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 20:54 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 20:54 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 20:54 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-08-28 06:09 - 2014-08-28 06:09 - 00232328 _____ () C:\Program Files\Autodesk\Autodesk Sync\qjson_Ad_0.dll
2014-08-28 06:09 - 2014-08-28 06:09 - 00048520 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2014-08-28 06:09 - 2014-08-28 06:09 - 00059784 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2014-08-28 06:09 - 2014-08-28 06:09 - 00922504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2011-09-16 01:16 - 2011-09-16 01:16 - 00322784 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
2016-05-28 15:10 - 2016-05-28 15:10 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-28 15:10 - 2016-05-28 15:10 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-30 13:14 - 2016-08-30 13:14 - 03017728 _____ () C:\Program Files\AVAST Software\Avast\defs\16083000\algo.dll
2016-05-28 15:10 - 2016-05-28 15:10 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-28 15:10 - 2016-05-28 15:10 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-04-19 08:18 - 2016-04-19 08:19 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 08:18 - 2016-04-19 08:19 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2013-08-18 20:22 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-08-18 20:22 - 2013-01-27 16:13 - 00806664 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2013-08-18 20:22 - 2012-09-25 10:32 - 01351792 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\DEU\P2GRC.dll
2013-08-18 20:22 - 2013-01-27 16:13 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2016-08-23 13:57 - 2016-08-23 13:57 - 01383616 _____ () C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-23 13:57 - 2016-08-23 13:57 - 00118976 _____ () C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-03-15 14:12 - 2016-03-15 14:12 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-08-24 09:02 - 2016-07-12 04:07 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-08-24 09:02 - 2016-07-12 04:07 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-08-24 09:02 - 2016-07-12 04:09 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00144848 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-08-24 09:02 - 2016-07-12 04:08 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-08-24 09:02 - 2016-08-24 01:17 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-08-24 09:02 - 2016-08-24 01:02 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-08-24 09:02 - 2016-08-24 01:17 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-08-24 09:02 - 2016-08-24 01:17 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-08-24 09:02 - 2016-07-12 04:07 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 03929392 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 01972016 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-08-24 09:02 - 2016-07-12 04:09 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00168248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-08-24 09:02 - 2016-08-24 01:17 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2011-09-16 01:17 - 2011-09-16 01:17 - 02888416 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
2011-09-16 01:17 - 2011-09-16 01:17 - 00025824 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
2011-09-16 01:18 - 2011-09-16 01:18 - 00028672 _____ () C:\Program Files (x86)\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll
2010-04-05 20:52 - 2010-04-05 20:52 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL
2010-04-05 20:52 - 2010-04-05 20:52 - 00053248 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Mono.Nat.dll
2012-11-15 02:53 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows:CM_07bdf4a8c4c490ca7919611231e13eb670e4a0ad29869dd8f2e869bc87f6c3a8 [74]
AlternateDataStreams: C:\Windows:CM_25c0d7379373529ead846cb4332cac331743f799884338c630de8d6bc5a9ad77 [74]
AlternateDataStreams: C:\Windows:CM_2fbc7cacfd828b791562c9690c61bb830aeeeae72f86bd829562576f9fc1fe83 [74]
AlternateDataStreams: C:\Windows:CM_9015d22b2a6b3f6bdfbfec9cc8a460230758574f203752df19168f533c7fb302 [74]
AlternateDataStreams: C:\Windows:CM_cdfdf49505024624d2decf3e9557d51162be6aba9545d69de4a936f7ba6139f4 [74]
AlternateDataStreams: C:\Windows:CM_d1cca5b43b23e7a102fa897d892102fdacb2faaf6f5875efce3bd0a2c56874f8 [74]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\localhost -> localhost

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2012-07-26 07:26 - 2016-08-30 08:58 - 00000832 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-205815100-794779995-1947703700-1001\Control Panel\Desktop\\Wallpaper -> c:\users\martin\pictures\carcasonne.jpg
DNS Servers: 10.156.33.53 - 129.187.5.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{6A219EAC-A8C9-4714-A40C-4B1E675DA9A5}C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe] => (Allow) C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe
FirewallRules: [UDP Query User{14B44FB0-F9E5-4BF6-9334-B6BE4CE1D514}C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe] => (Allow) C:\program files (x86)\anno 1404 - königsedition\tools\addonweb.exe
FirewallRules: [{A88975B8-BBFD-477E-9DC2-5236F5A941BD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{3F3A4D03-C443-4145-84BF-83523DF57C2D}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{AF9C9E7C-E573-4295-9FCB-8ACFAD7FC8F2}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{F138714E-9316-4A72-9797-E4514582BC93}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{0D91FB41-C9AB-40A5-A51E-C6BE6A9CCDEA}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{3E537FF1-097F-4C80-B334-DBAC95E65F32}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{2C1F9E7C-BD53-492A-9B41-50335850F173}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe
FirewallRules: [UDP Query User{32EAEC46-63B7-4D3F-8CB1-FEB6FFFAFCF3}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe
FirewallRules: [{8A367C20-C7E1-4CF4-89F5-014469534249}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{30D99AD4-8229-4E56-966D-245501088E8D}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{A09EB9EB-05F5-445D-855D-1C3B2B1C395A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4CAA78A7-C705-4920-A218-EEFE8BBFA3D0}] => (Allow) C:\Program Files (x86)\Legpat\Update\LegpatUpdate.exe
FirewallRules: [{EC294C97-2178-4F12-B7F5-D2E08D380816}] => (Allow) C:\Program Files (x86)\Legpat\Application\chrome.exe
FirewallRules: [{237E438F-F612-442D-B6F1-028C41382D9D}] => (Allow) C:\ProgramData\Legpat\Legpat.exe
FirewallRules: [{BD4C73AA-4A79-4087-BC07-79477408C425}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B2D7DCAF-91F3-4D50-9DDF-B79AB22CE482}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9BE540DB-ABBB-4FBF-A772-118C53E7EFF5}] => (Allow) C:\Program Files (x86)\CLIQZ\CLIQZ.exe
FirewallRules: [{0981E983-07AE-4243-A739-73165D224A54}] => (Allow) C:\Program Files (x86)\CLIQZ\CLIQZ.exe
FirewallRules: [{31958BF8-D377-4CD8-811E-2E0A87DBD93F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Wiederherstellungspunkte =========================

10-08-2016 09:32:46 Geplanter Prüfpunkt
19-08-2016 10:38:33 Geplanter Prüfpunkt
24-08-2016 09:01:40 Windows Update
29-08-2016 13:51:10 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/30/2016 11:58:36 AM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (08/30/2016 11:58:21 AM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (08/30/2016 08:59:48 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (08/30/2016 07:48:06 AM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (08/30/2016 07:47:41 AM) (Source: MsiInstaller) (EventID: 11310) (User: Laptop-Martin)
Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\Martin\AppData\Local\Akamai\admintool.exe.  Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.

Error: (08/29/2016 05:16:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1207968

Error: (08/29/2016 05:16:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1207968

Error: (08/29/2016 05:16:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/29/2016 04:56:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2500

Error: (08/29/2016 04:56:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2500


Systemfehler:
=============
Error: (08/30/2016 01:24:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MemeoBackgroundService" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (08/30/2016 01:24:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MemeoBackgroundService erreicht.

Error: (08/30/2016 01:22:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_3a9a9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/30/2016 01:22:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _3a9a9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/30/2016 01:22:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_3a9a9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/30/2016 01:22:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_3a9a9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/30/2016 01:21:20 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (08/30/2016 01:21:18 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (08/30/2016 01:21:16 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (08/30/2016 01:21:14 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.


CodeIntegrity:
===================================
  Date: 2016-08-29 11:40:30.183
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-29 11:40:30.120
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-29 11:40:30.019
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-29 11:40:29.956
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-29 11:40:26.774
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-29 11:40:26.701
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-29 11:39:52.811
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-29 11:39:52.758
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-29 11:39:49.635
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-29 11:39:49.334
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 30%
Installierter physikalischer RAM: 8084.27 MB
Verfügbarer physikalischer RAM: 5579.82 MB
Summe virtueller Speicher: 9364.27 MB
Verfügbarer virtueller Speicher: 6971.23 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:448.21 GB) (Free:166.01 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (RECOVERY) (Fixed) (Total:16.79 GB) (Free:2.14 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (UNSERE_ERDE) (CDROM) (Total:6.87 GB) (Free:0 GB) UDF

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9EC65A10)

Partition: GPT.

==================== Ende von Addition.txt ============================

Martin.9008 · 30.08.2016, 12:57

FRST:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 29-08-2016
durchgeführt von Martin (Administrator) auf LAPTOP-MARTIN (30-08-2016 13:49:37)
Gestartet von C:\Users\Martin\Desktop
Geladene Profile: Martin (Verfügbare Profile: Martin)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\CLIQZ\CLIQZ.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Cliqz GmbH) C:\Program Files (x86)\CLIQZ\CLIQZ.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Akamai Technologies, Inc.) C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(Akamai Technologies, Inc.) C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Christoph Bünger Software) C:\Program Files (x86)\Wecker6\Wecker.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
(Memeo Inc.) C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
(Mozilla Corporation) C:\Program Files (x86)\CLIQZ\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-08] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-09-16] (Memeo Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-28] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23889496 2016-08-24] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.)
HKU\S-1-5-21-205815100-794779995-1947703700-1001\...\RunOnce: [Uninstall C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64"
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [150528 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-28] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [Symbol-Overlay-Steuerprogramm für AutoCAD Digitale Signaturen] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-08-29]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2016-08-29]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wecker für Windows 6.lnk [2016-08-29]
ShortcutTarget: Wecker für Windows 6.lnk -> C:\Program Files (x86)\Wecker6\Wecker.exe (Christoph Bünger Software)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 10.156.33.53 129.187.5.1
Tcpip\..\Interfaces\{150b5080-ac93-4272-ac4a-bffe13d172bd}: [DhcpNameServer] 0.0.0.0
Tcpip\..\Interfaces\{2c2232f8-8dd7-42dd-88e1-2d818924d50a}: [DhcpNameServer] 10.156.33.53 129.187.5.1
Tcpip\..\Interfaces\{66c1b00a-7100-4e92-ac46-811fd2d50492}: [DhcpNameServer] 192.168.34.3 129.187.5.1
Tcpip\..\Interfaces\{83fbec75-ff09-4692-a92d-4201c2743b42}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?PC=AV01
HKU\S-1-5-21-205815100-794779995-1947703700-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT13/4
SearchScopes: HKLM -> {470BE3E6-2099-4F7E-84F1-F3DA4739DF9A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-205815100-794779995-1947703700-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-21] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-21] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-12-20] (Hewlett-Packard Company)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Profiles\zocbhc16.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-11-27] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-205815100-794779995-1947703700-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-03-17] (Ubisoft)
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\searchplugins\bing-lavasoft.xml [2015-12-04]
FF Extension: (Cliqz) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\Extensions\cliqz@cliqz.com.xpi [2015-11-28] [ist nicht signiert]
FF Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9s05odkh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-28]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome: 
=======
CHR HomePage: ChromeDefaultData -> hxxp://www.nicesearches.com?type=hp&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z
CHR RestoreOnStartup: ChromeDefaultData -> "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bcr-is__alt__ddc_dsssyc_bd_com"
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.nicesearches.com?type=hp&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> nice
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => Keine Datei
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
CHR Extension: (Dealbeaver) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bhldmkghjkldhclddpjebfjpaijaajmm [2016-08-30]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-11]
CHR Extension: (Google-Suche) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-11]
CHR Extension: (Avast Online Security) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-08-30]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12]
CHR Extension: (Google Mail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-11]
CHR Extension: (Chrome Media Router) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-28]
StartMenuInternet: Google Chrome - Chrome.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [Datei ist nicht signiert]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-28] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-24] (Dropbox, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2015-10-30] (HP Inc.) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2015-10-30] (HP Inc.) [Datei ist nicht signiert]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [82664 2015-12-16] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-28] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2014-07-14] ()
S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [111616 2015-10-30] (ASIX Electronics Corp.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Windows (R) Win 7 DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2014-07-14] ()
R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2504192 2015-10-30] (MediaTek Inc.)
R3 pelmouse; C:\Windows\system32\DRIVERS\pelmouse.sys [23040 2015-12-17] (TPMX Electronics Ltd.)
R3 pelusblf; C:\Windows\system32\DRIVERS\pelusblf.sys [35328 2015-12-22] (TPMX Electronics Ltd.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S3 SKYNETU2C; C:\Windows\System32\drivers\SkyNetU2C_AMD64.SYS [270424 2010-05-10] (TechniSat Digital, S.A.)
S3 SkyNetU2CBDA_AMD64; C:\Windows\system32\DRIVERS\SkyNetU2CBDA_AMD64.sys [346200 2011-05-10] (TechniSat Digital, S.A.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-28] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-30 13:36 - 2016-08-30 13:36 - 00018538 _____ C:\Users\Martin\Desktop\SearchReg.txt
2016-08-30 13:23 - 2016-08-30 13:32 - 00000004 ____H C:\ProgramData\cm-lock
2016-08-30 13:15 - 2016-08-30 13:22 - 00017204 _____ C:\Users\Martin\Desktop\Fixlog.txt
2016-08-30 09:07 - 2016-08-30 08:58 - 00001636 _____ C:\Users\Martin\Desktop\AdwCleaner[C2].txt
2016-08-30 09:07 - 2016-08-30 08:57 - 00001642 _____ C:\Users\Martin\Desktop\AdwCleaner[S2].txt
2016-08-29 20:26 - 2016-08-29 20:26 - 00000878 _____ C:\Users\Martin\Desktop\Wohnheim.lnk
2016-08-29 20:26 - 2016-08-29 20:26 - 00000823 _____ C:\Users\Martin\Desktop\Uni.lnk
2016-08-29 14:31 - 2016-08-30 12:02 - 00000000 ____D C:\Users\Martin\Desktop\Bereinigung
2016-08-29 14:05 - 2016-08-29 14:05 - 00067071 _____ C:\Users\Martin\Desktop\FRST2.txt
2016-08-29 14:05 - 2016-08-29 14:05 - 00055015 _____ C:\Users\Martin\Desktop\Addition2.txt
2016-08-29 14:00 - 2016-08-30 12:05 - 00000000 ____D C:\Users\Martin\Desktop\FRST-OlderVersion
2016-08-29 13:57 - 2016-08-29 13:57 - 00004681 _____ C:\Users\Martin\Desktop\JRT.txt
2016-08-29 13:50 - 2016-08-29 13:50 - 01610560 _____ (Malwarebytes) C:\Users\Martin\Desktop\JRT.exe
2016-08-29 13:50 - 2016-08-29 13:50 - 00001205 _____ C:\Users\Martin\Desktop\mbam.txt
2016-08-29 11:42 - 2016-08-29 13:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-29 11:41 - 2016-08-29 13:43 - 00000738 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-08-29 11:41 - 2016-08-29 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-08-29 11:41 - 2016-08-29 11:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-29 11:41 - 2016-08-29 11:41 - 00000000 ____D C:\ Malwarebytes Anti-Malware 
2016-08-29 11:41 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-29 11:41 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-29 11:41 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-29 11:37 - 2016-08-29 11:37 - 22851472 _____ (Malwarebytes ) C:\Users\Martin\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-29 11:34 - 2016-08-29 11:20 - 00022642 _____ C:\Users\Martin\Desktop\AdwCleaner[C0].txt
2016-08-29 11:06 - 2016-08-30 08:58 - 00000000 ____D C:\AdwCleaner
2016-08-29 11:05 - 2016-08-29 11:05 - 03826240 _____ C:\Users\Martin\Desktop\AdwCleaner_6.010.exe
2016-08-28 16:41 - 2016-08-28 16:52 - 00097628 _____ C:\Users\Martin\Desktop\TDSSKiller.3.1.0.11_28.08.2016_16.41.53_log.txt
2016-08-28 16:35 - 2016-08-30 13:42 - 00064027 _____ C:\Users\Martin\Desktop\Addition.txt
2016-08-28 16:33 - 2016-08-30 13:49 - 00033040 _____ C:\Users\Martin\Desktop\FRST.txt
2016-08-28 16:32 - 2016-08-30 13:49 - 00000000 ____D C:\FRST
2016-08-28 16:32 - 2016-08-28 16:32 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Martin\Desktop\tdsskiller.exe
2016-08-28 16:31 - 2016-08-30 12:05 - 02397696 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2016-08-24 09:03 - 2016-08-24 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-23 22:12 - 2016-08-23 22:12 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_429687859.html
2016-08-23 22:12 - 2016-08-23 22:12 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_429687562.html
2016-08-23 13:58 - 2016-08-23 13:58 - 00003342 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-23 09:39 - 2016-08-29 13:36 - 00000000 ____D C:\Program Files (x86)\_SSpm
2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_384540046.html
2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_384539921.html
2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_384533328.html
2016-08-23 09:39 - 2016-08-23 09:39 - 00000003 _____ C:\WINDOWS\SysWOW64\de_384533078.html
2016-08-15 10:34 - 2016-08-22 10:42 - 00000000 ____D C:\Users\Martin\AppData\Roaming\setup1
2016-08-10 10:51 - 2016-08-03 12:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 10:51 - 2016-08-03 12:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 10:51 - 2016-08-03 12:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 10:51 - 2016-08-03 12:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 10:51 - 2016-08-03 11:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 10:51 - 2016-08-03 11:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 10:51 - 2016-08-03 11:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 10:51 - 2016-08-03 11:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 10:51 - 2016-08-03 11:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 10:51 - 2016-08-03 11:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 10:51 - 2016-08-03 11:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 10:51 - 2016-08-03 11:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 10:51 - 2016-08-03 11:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 10:51 - 2016-08-03 11:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 10:51 - 2016-08-03 11:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 10:51 - 2016-08-03 11:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 10:51 - 2016-08-03 11:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 10:51 - 2016-08-03 07:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 10:51 - 2016-08-03 07:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 10:51 - 2016-08-03 07:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 10:51 - 2016-08-03 07:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 10:51 - 2016-08-03 06:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 10:51 - 2016-08-03 06:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 10:51 - 2016-08-03 06:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 10:51 - 2016-08-03 06:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 10:51 - 2016-08-03 06:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 10:51 - 2016-08-03 06:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-10 10:50 - 2016-08-03 13:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 10:50 - 2016-08-03 13:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 10:50 - 2016-08-03 13:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 10:50 - 2016-08-03 12:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 10:50 - 2016-08-03 12:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 10:50 - 2016-08-03 12:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 10:50 - 2016-08-03 12:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 10:50 - 2016-08-03 12:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 10:50 - 2016-08-03 12:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 10:50 - 2016-08-03 12:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 10:50 - 2016-08-03 12:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 10:50 - 2016-08-03 12:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 10:50 - 2016-08-03 12:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 10:50 - 2016-08-03 12:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 10:50 - 2016-08-03 12:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 10:50 - 2016-08-03 12:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 10:50 - 2016-08-03 12:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 10:50 - 2016-08-03 12:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 10:50 - 2016-08-03 12:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 10:50 - 2016-08-03 12:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 10:50 - 2016-08-03 12:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 10:50 - 2016-08-03 12:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 10:50 - 2016-08-03 11:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 10:50 - 2016-08-03 11:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 10:50 - 2016-08-03 11:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 10:50 - 2016-08-03 11:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 10:50 - 2016-08-03 11:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 10:50 - 2016-08-03 11:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 10:50 - 2016-08-03 11:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 10:50 - 2016-08-03 11:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 10:50 - 2016-08-03 11:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 10:50 - 2016-08-03 11:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 10:50 - 2016-08-03 11:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 10:50 - 2016-08-03 11:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 10:50 - 2016-08-03 11:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 10:50 - 2016-08-03 11:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 10:50 - 2016-08-03 11:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 10:50 - 2016-08-03 11:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 10:50 - 2016-08-03 11:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 10:50 - 2016-08-03 11:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 10:50 - 2016-08-03 11:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 10:50 - 2016-08-03 11:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 10:50 - 2016-08-03 11:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 10:50 - 2016-08-03 11:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 10:50 - 2016-08-03 11:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 10:50 - 2016-08-03 11:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 10:50 - 2016-08-03 11:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 10:50 - 2016-08-03 11:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 10:50 - 2016-08-03 11:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 10:50 - 2016-08-03 11:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 10:50 - 2016-08-03 11:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 10:50 - 2016-08-03 11:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 10:50 - 2016-08-03 11:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 10:50 - 2016-08-03 11:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 10:50 - 2016-08-03 11:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 10:50 - 2016-08-03 11:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 10:50 - 2016-08-03 11:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 10:50 - 2016-08-03 11:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 10:50 - 2016-08-03 11:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 10:50 - 2016-08-03 11:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 10:50 - 2016-08-03 11:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 10:50 - 2016-08-03 11:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 10:50 - 2016-08-03 11:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 10:50 - 2016-08-03 11:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 10:50 - 2016-08-03 11:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 10:50 - 2016-08-03 11:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 10:50 - 2016-08-03 11:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 10:50 - 2016-08-03 11:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 10:50 - 2016-08-03 11:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 10:50 - 2016-08-03 07:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 10:50 - 2016-08-03 07:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 10:50 - 2016-08-03 07:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 10:50 - 2016-08-03 07:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 10:50 - 2016-08-03 07:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 10:50 - 2016-08-03 07:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 10:50 - 2016-08-03 06:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 10:50 - 2016-08-03 06:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 10:50 - 2016-08-03 06:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 10:50 - 2016-08-03 06:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 10:50 - 2016-08-03 06:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 10:50 - 2016-08-03 06:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 10:50 - 2016-08-03 06:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 10:50 - 2016-08-03 06:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 10:50 - 2016-08-03 06:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 10:50 - 2016-08-03 06:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 10:50 - 2016-08-03 06:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 10:50 - 2016-08-03 06:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 10:50 - 2016-08-03 06:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 10:50 - 2016-08-03 06:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 10:50 - 2016-08-03 06:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 10:50 - 2016-08-03 06:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 10:50 - 2016-08-03 06:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 10:50 - 2016-08-03 06:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 10:50 - 2016-08-03 06:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 10:50 - 2016-08-03 06:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 10:50 - 2016-08-03 06:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 10:50 - 2016-08-03 06:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 10:50 - 2016-08-03 06:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 10:50 - 2016-08-03 06:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 10:50 - 2016-08-03 06:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 10:50 - 2016-08-03 06:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 10:50 - 2016-08-03 06:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-09 15:54 - 2016-08-29 13:43 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLIQZ.lnk
2016-08-09 15:54 - 2016-08-29 13:43 - 00001130 _____ C:\Users\Public\Desktop\CLIQZ.lnk
2016-08-09 15:54 - 2016-08-26 08:43 - 00000000 ____D C:\Program Files (x86)\CLIQZ
2016-08-09 15:54 - 2016-08-09 16:02 - 00000000 ____D C:\Users\Martin\AppData\Local\CLIQZ
2016-08-09 15:54 - 2016-08-09 15:54 - 00000000 ____D C:\Users\Martin\AppData\Roaming\CLIQZ
2016-08-09 15:53 - 2016-08-09 15:53 - 01474568 _____ C:\Users\Martin\Downloads\CLIQZ14.de.win32.installer - CHIP-Installer.exe
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224665812.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224665187.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224665062.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224664343.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224664203.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224663390.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224663281.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224659500.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224659375.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224647796.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224647640.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224646203.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224646078.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_224640531.html
2016-08-08 13:27 - 2016-08-08 13:27 - 00000003 _____ C:\WINDOWS\SysWOW64\de_224640156.html
2016-08-07 11:50 - 2016-08-30 13:16 - 00000000 ____D C:\Users\Martin\AppData\LocalLow\Temp
2016-08-03 18:43 - 2015-12-22 11:33 - 00035328 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\pelusblf.sys
2016-08-03 18:43 - 2015-12-17 13:48 - 00023040 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\PELMOUSE.SYS
2016-08-03 18:43 - 2009-11-02 16:36 - 00011776 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\PELVENDR.SYS
2016-08-03 16:31 - 2016-08-03 16:31 - 00410983 _____ C:\Users\Martin\Downloads\259912_PFEIFER_Lastbock-Gewinde-LBP_M48_20_0t.zip
2016-08-03 13:21 - 2016-08-03 13:21 - 00049492 _____ C:\Users\Martin\Downloads\neukollner_entwicklung_zusammenfassung_2008.pdf
2016-08-01 22:31 - 2016-08-01 22:31 - 00128000 _____ C:\Users\Martin\Documents\Inhaltsverzeichnisv-Aktuell 06.2016.xls
2016-08-01 14:03 - 2016-08-01 14:03 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659675625.html
2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659640875.html
2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659610734.html
2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659610531.html
2016-08-01 14:02 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659606812.html
2016-08-01 14:01 - 2016-08-01 14:02 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659606671.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659591546.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659591343.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659590296.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659590171.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\EN_1659582390.html
2016-08-01 14:01 - 2016-08-01 14:01 - 00000003 _____ C:\WINDOWS\SysWOW64\de_1659582203.html
2016-08-01 10:42 - 2016-08-01 10:42 - 00000000 ____D C:\Program Files (x86)\zffvjegf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-30 13:46 - 2016-04-19 14:51 - 00000068 __RSH C:\WINDOWS\system32\Drivers\WdiWiFi.winsecurity
2016-08-30 13:46 - 2016-04-18 17:34 - 00000068 __RSH C:\WINDOWS\system32\Drivers\winverbs.winsecurity
2016-08-30 13:46 - 2016-04-18 12:45 - 00000068 __RSH C:\WINDOWS\system32\Drivers\wof.winsecurity
2016-08-30 13:33 - 2014-01-23 23:57 - 00000576 _____ C:\WINDOWS\Tasks\MATLAB R2013b Startup Accelerator.job
2016-08-30 13:29 - 2013-12-23 17:35 - 00000000 ___RD C:\Users\Martin\Dropbox
2016-08-30 13:27 - 2013-09-15 12:56 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-08-30 13:24 - 2016-05-24 10:01 - 00001238 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-30 13:24 - 2016-04-19 14:51 - 00000068 __RSH C:\WINDOWS\system32\Drivers\WSDPrint.winsecurity
2016-08-30 13:24 - 2016-04-18 17:34 - 00000068 __RSH C:\WINDOWS\system32\Drivers\wfplwfs.winsecurity
2016-08-30 13:24 - 2016-04-18 12:45 - 00000068 __RSH C:\WINDOWS\system32\Drivers\xinputhid.winsecurity
2016-08-30 13:24 - 2016-03-26 18:04 - 00000000 __SHD C:\Users\Martin\IntelGraphicsProfiles
2016-08-30 13:23 - 2016-02-13 19:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-30 13:23 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-30 13:23 - 2013-05-04 15:33 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-30 13:16 - 2014-12-04 17:02 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-30 12:09 - 2013-01-19 12:27 - 00000000 ____D C:\Users\Martin\Documents\Outlook-Dateien
2016-08-30 12:06 - 2016-05-24 10:01 - 00001242 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-30 11:58 - 2013-10-21 17:30 - 00000000 ____D C:\Users\Martin\AppData\Local\Akamai
2016-08-30 10:11 - 2016-05-12 12:00 - 00000000 ____D C:\Users\Martin\Documents\Wohnheim
2016-08-30 08:15 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-29 13:43 - 2016-04-18 16:17 - 00002048 _____ C:\Users\Public\Desktop\Revit 2016.lnk
2016-08-29 13:43 - 2016-04-18 14:22 - 00002433 _____ C:\Users\Public\Desktop\SOFiCAD-OEM 2014.lnk
2016-08-29 13:43 - 2016-04-18 14:19 - 00002027 _____ C:\Users\Public\Desktop\SOFiSTiK Sonar.lnk
2016-08-29 13:43 - 2016-03-26 15:26 - 00002386 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-29 13:43 - 2016-03-26 13:33 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-29 13:43 - 2016-03-15 14:16 - 00001222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-08-29 13:43 - 2016-03-15 14:16 - 00001125 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-08-29 13:43 - 2016-01-16 21:48 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-29 13:43 - 2016-01-16 21:48 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-08-29 13:43 - 2015-08-29 18:56 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2016-08-29 13:43 - 2015-04-03 17:17 - 00002913 _____ C:\Users\Public\Desktop\Nero 2015.lnk
2016-08-29 13:43 - 2015-04-03 16:33 - 00001532 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2016-08-29 13:43 - 2014-12-29 13:39 - 00001968 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-08-29 13:43 - 2014-07-21 13:54 - 00000662 _____ C:\Users\Public\Desktop\Cremer Commander.lnk
2016-08-29 13:43 - 2014-07-08 23:02 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
2016-08-29 13:43 - 2014-04-21 19:55 - 00001162 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-08-29 13:43 - 2014-04-20 10:58 - 00000960 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-08-29 13:43 - 2014-01-23 23:58 - 00001295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2013b.lnk
2016-08-29 13:43 - 2013-09-25 14:49 - 00002305 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SD card.lnk
2016-08-29 13:43 - 2013-09-25 14:49 - 00002305 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SD card (2).lnk
2016-08-29 13:43 - 2013-05-04 15:39 - 00002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-29 13:43 - 2013-05-04 15:39 - 00002490 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-29 13:43 - 2013-02-24 11:50 - 00002140 _____ C:\Users\Public\Desktop\MEDION NAS TOOL.lnk
2016-08-29 13:43 - 2013-02-24 11:50 - 00001161 _____ C:\Users\Public\Desktop\Memeo Instant Backup.lnk
2016-08-29 13:43 - 2013-01-20 16:55 - 00001191 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVBViewer TE2.lnk
2016-08-29 13:43 - 2013-01-18 14:11 - 00000291 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Computer.lnk
2016-08-29 13:43 - 2013-01-17 18:30 - 00001263 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader 5.0.lnk
2016-08-29 13:43 - 2013-01-17 18:30 - 00001251 _____ C:\Users\Public\Desktop\Acrobat Reader 5.0.lnk
2016-08-29 13:43 - 2012-11-15 03:08 - 00001361 _____ C:\Users\Public\Desktop\CyberLink YouCam.lnk
2016-08-29 13:43 - 2012-08-31 23:03 - 00001495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Universal Music Group.lnk
2016-08-29 13:43 - 2012-08-31 23:03 - 00001483 _____ C:\Users\Public\Desktop\Connected Music powered by Universal Music Group.lnk
2016-08-29 13:43 - 2012-08-31 23:03 - 00001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Meridian.lnk
2016-08-29 13:43 - 2012-08-31 22:59 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-08-29 13:43 - 2012-08-31 22:59 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-08-29 13:43 - 2012-08-31 22:54 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2016-08-29 13:42 - 2016-04-18 16:27 - 00002003 _____ C:\Users\Martin\Desktop\Autodesk Revit 2016 jetzt installieren.lnk
2016-08-29 13:42 - 2015-12-05 18:05 - 00001314 _____ C:\Users\Martin\Desktop\Easy Audio Cutter.lnk
2016-08-29 13:42 - 2015-12-05 18:05 - 00001298 _____ C:\Users\Martin\Desktop\Free CD Ripper.lnk
2016-08-29 13:42 - 2015-12-05 18:05 - 00001296 _____ C:\Users\Martin\Desktop\Free Mp3 Wma Converter.lnk
2016-08-29 13:42 - 2014-06-11 14:35 - 00001798 _____ C:\Users\Martin\Desktop\Wecker für Windows.lnk
2016-08-29 13:42 - 2013-12-23 17:35 - 00001299 _____ C:\Users\Martin\Desktop\Dropbox.lnk
2016-08-29 13:42 - 2013-08-08 20:10 - 00002265 _____ C:\Users\Martin\Desktop\Carcasonne - Verknüpfung.lnk
2016-08-29 13:39 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-29 11:20 - 2015-05-13 10:16 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-08-29 11:19 - 2016-05-26 14:04 - 00000000 ____D C:\WINDOWS\system32\log
2016-08-29 11:18 - 2015-12-04 12:36 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-08-29 11:17 - 2015-12-04 12:37 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Lavasoft
2016-08-29 11:17 - 2015-12-04 12:36 - 00000000 ____D C:\ProgramData\Lavasoft
2016-08-28 08:35 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-27 23:21 - 2016-03-26 13:19 - 00000000 ____D C:\Users\Martin
2016-08-26 18:36 - 2016-05-26 13:59 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-08-25 07:26 - 2016-07-12 10:53 - 00000000 ____D C:\WINDOWS\SysWOW64\_SSpm
2016-08-24 09:03 - 2016-05-24 10:01 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-24 00:34 - 2016-05-20 22:40 - 00000000 ____D C:\Program Files (x86)\Drecuied
2016-08-23 13:58 - 2016-03-26 15:26 - 00000000 ___RD C:\Users\Martin\OneDrive
2016-08-22 16:21 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-20 08:46 - 2013-05-04 15:33 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-19 08:39 - 2013-11-28 19:04 - 00000000 ____D C:\Users\Martin\Documents\Uni
2016-08-13 11:13 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-10 18:40 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-10 17:21 - 2016-02-13 19:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-10 17:11 - 2016-02-13 19:12 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-10 17:11 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-10 11:49 - 2016-03-26 19:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 11:49 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 11:49 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 11:37 - 2013-01-24 16:53 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 14:51 - 2015-12-06 19:30 - 00000000 ____D C:\Users\Martin\AppData\Local\Risen2
2016-08-08 09:47 - 2016-03-26 13:18 - 02011910 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-08 09:47 - 2016-02-13 18:59 - 00857262 _____ C:\WINDOWS\system32\perfh007.dat
2016-08-08 09:47 - 2016-02-13 18:59 - 00188952 _____ C:\WINDOWS\system32\perfc007.dat
2016-08-05 12:00 - 2013-09-15 12:56 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-08-13 10:29 - 2014-08-13 10:29 - 154565521 _____ () C:\Program Files (x86)\openoffice1.cab
2014-08-13 10:27 - 2014-08-13 10:27 - 2314240 _____ () C:\Program Files (x86)\openoffice411.msi
2015-04-03 16:31 - 2015-04-03 16:31 - 0385602 _____ () C:\Users\Martin\AppData\Local\5D515C96_stp.CIS
2015-04-03 16:31 - 2015-04-03 16:31 - 0000220 _____ () C:\Users\Martin\AppData\Local\5D515C96_stp.CIS.part
2015-04-03 16:32 - 2015-04-03 16:32 - 1509462 _____ () C:\Users\Martin\AppData\Local\69DD7379_stp.CIS
2015-04-03 16:32 - 2015-04-03 16:32 - 0000295 _____ () C:\Users\Martin\AppData\Local\69DD7379_stp.CIS.part
2015-04-03 16:32 - 2015-04-03 16:32 - 0192979 _____ () C:\Users\Martin\AppData\Local\741E72B5_stp.CIS
2015-04-03 16:32 - 2015-04-03 16:32 - 0000290 _____ () C:\Users\Martin\AppData\Local\741E72B5_stp.CIS.part
2015-11-21 00:56 - 2015-11-21 01:01 - 0007680 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-30 13:23 - 2016-08-30 13:32 - 0000004 ____H () C:\ProgramData\cm-lock

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-08-24 09:30

==================== Ende von FRST.txt ============================

M-K-D-B · 30.08.2016, 13:21

Servus,

gut gemacht

, aber du musst lernen, noch genauer zu lesen. Die "Chrome Einstellungen" hast du bei AdwCleaner wieder nicht gesetzt gehabt...

Dann machen wir das halt anders...

wir entfernen die letzten Reste und kontrollieren nochmal alles.

Zuerst bitte Chrome zurücksetzen:
Setze Google Chrome nach dieser Anleitung zurück.

Hinweis: Der Suchlauf mit ESET kann länger dauern.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
C:\WINDOWS\SysWOW64\_SSpm
C:\Program Files (x86)\_SSpm
C:\Program Files (x86)\zffvjegf
C:\Program Files (x86)\c9ikp9in
C:\Program Files (x86)\nc0gtqtf
CHR HomePage: ChromeDefaultData -> hxxp://www.nicesearches.com?type=hp&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z
CHR RestoreOnStartup: ChromeDefaultData -> "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bcr-is__alt__ddc_dsssyc_bd_com"
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.nicesearches.com?type=hp&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1464593744&from=0d580530&uid=st500lm012xhn-m500mbb_s2svj9eca09668&z=658f2f19608d6aba60b4d45gbzcq4z0wctfc2m2z8z&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> nice
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinSaberSvc
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d35d79f6-850b-4d3b-b3df-f052f842b2da}
CMD: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{54C3021D-55CA-44E8-899F-C102D92DD517}" /s
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{54C3021D-55CA-44E8-899F-C102D92DD517}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinZip
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinZiper
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Legpat
File: C:\ProgramData\cm-lock
CMD: type "C:\ProgramData\cm-lock"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von HitmanPro,
die beiden neuen Logdateien von FRST,
die Beantwortung der gestellten Fragen.

Martin.9008 · 30.08.2016, 14:17

Mir kam das beim ersten Mal schon komisch vor, aber dieses mal bin ich mir ganz sicher, dass der Haken gesetzt war.

Trotzdem bin ich gerade dabei deinen neuen Anweisungen zu Folgen.

Vielen Dank!

Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden

Plagegeister aller Art und deren Bekämpfung: Win32:Dropper in C:\Program Files (x86)\WinZipper gefunden