Beim Neustart am 29.06.2016, 0807 folgende Meldung erhalten:
Nachricht von F-Secure: "Bösartiger Code usw. Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2016
durchgeführt von Heinz (Administrator) auf HZMOPC (29-06-2016 08:15:55)
Gestartet von C:\Users\Heinz\Downloads
Geladene Profile: Heinz (Verfügbare Profile: Heinz & Dennis & _ashbackup_)
Platform: Windows 8.1 Pro (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fslauncher.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fslauncher.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Ashampoo Uninstaller 6 Guard] => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 6\UI6Guard.exe [2369384 2016-01-20] (Ashampoo Development GmbH & Co. KG)
HKLM\...\Run: [Ashampoo Backup] => D:\Ashampoo\Neuer Ordner\Ashampoo Backup 2016\bin\backupClient-ab.exe [323392 2016-04-21] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [306216 2015-05-26] (F-Secure Corporation)
HKLM-x32\...\Run: [My Swisscom Assistant] => C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe [12028512 2015-06-03] (Swisscom (Schweiz) AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [F-Secure Hoster (666)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [193064 2015-06-10] (F-Secure Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [TomTomHOME.exe] => D:\tomtommazda\\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [Steam] => D:\Program Files (x86)\Steam\Steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [EADM] => D:\Origin\Origin.exe [3632112 2015-07-25] (Electronic Arts)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [882872 2016-05-27] (Adobe Systems Incorporated)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [Amazon Cloud Drive] => C:\Users\Heinz\AppData\Local\Amazon Cloud Drive\AmazonCloudDrive.exe [2057912 2016-04-20] (Amazon.com Inc.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [Amazon Music] => C:\Users\Heinz\AppData\Local\Amazon Music\Amazon Music Helper.exe [5907944 2016-03-04] ()
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-04-18] (Siber Systems)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\backupclient-ab.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\driveclone.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\h5_game.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\hamachi-2-ui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\hmpalert.exe: [Debugger]
IFEO\hp officejet 6700.exe: [Debugger]
IFEO\hpcustpartic.exe: [Debugger]
IFEO\hpqdtss.exe: [Debugger]
IFEO\hpwucli.exe: [Debugger]
IFEO\lcore.exe: [Debugger]
IFEO\photoproduct.exe: [Debugger]
IFEO\pmbbrowser.exe: [Debugger]
IFEO\pmbinit.exe: [Debugger]
IFEO\powersuitestart.exe: [Debugger]
IFEO\registrationreminder.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\simplicheck.exe: [Debugger]
IFEO\tomtomhome.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-20] (Microsoft Corporation)
Startup: C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-09-30]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Heinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2013-07-15]
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1F42AC83-657C-4455-BFB5-ADEB03FE13E9}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.steg-electronics.ch
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {8E62A01D-BA7B-48D5-B636-0DF419EFEDBF} URL =
SearchScopes: HKU\S-1-5-21-3496421778-4022263089-3498141264-1002 -> DefaultScope {8E62A01D-BA7B-48D5-B636-0DF419EFEDBF} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2013-05-30] (Microsoft Corporation)
BHO: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2015-06-15] (F-Secure Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-04-18] (Siber Systems Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-02-21] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2013-05-30] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2013-05-30] (Microsoft Corporation)
BHO-x32: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2015-06-15] (F-Secure Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-04-18] (Siber Systems Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-10] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-02-21] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2013-05-30] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-04-18] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-04-18] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
Toolbar: HKU\.DEFAULT -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei
Toolbar: HKU\S-1-5-21-3496421778-4022263089-3498141264-1002 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei
Toolbar: HKU\S-1-5-21-3496421778-4022263089-3498141264-1002 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-04-18] (Siber Systems Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-05-30] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default
FF Homepage: hxxps://www.google.ch/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=2.0.8 -> D:\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> D:\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Users\Heinz\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-05-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @myriad-online.com/x-myriad-music -> C:\Program Files (x86)\Mozilla Firefox\Plugins\npMyrMus.dll [2013-10-03] (Myriad Software.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2013-09-17] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3496421778-4022263089-3498141264-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-04-18] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPMyrMus.dll [2013-10-03] (Myriad Software.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: Cliqz - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\cliqz@cliqz.com.xpi [2015-12-22]
FF Extension: iCloud Bookmarks - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\firefoxdav@icloud.com [2015-05-29]
FF Extension: Trusted Shops Add-On für Firefox - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\jid1-PBNne26X1Kn6hQ@jetpack.xpi [2015-10-28]
FF Extension: F_Secure Search - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\{46CD8256-0A40-41da-ACB6-795587A6ED34}.xpi [2015-12-27]
FF Extension: My Swisscom Assistant - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\{6A6114A5-EEF5-45F4-BCD1-B00A7B33E04B} [2016-04-08] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-07-15] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{ae12ab8e-5c48-4aba-b5e2-cacd84ff0f26}] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Browsing Protection - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2014-12-06] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-04-18]
FF HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Firefox\Extensions: [safesearch@f-secure.com] - C:\Users\Heinz\AppData\Roaming\F-Secure\SafeSearch\FFPlugIn
FF Extension: F-Secure Search - C:\Users\Heinz\AppData\Roaming\F-Secure\SafeSearch\FFPlugIn [2014-02-25] [ist nicht signiert]
FF HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Heinz\AppData\Roaming\Mozilla\Firefox\Profiles\cfdolx5l.default\extensions\cliqz@cliqz.com => nicht gefunden
FF HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
Chrome:
=======
CHR Profile: C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-16]
CHR Extension: (Google Docs) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-16]
CHR Extension: (Google Drive) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-16]
CHR Extension: (YouTube) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-16]
CHR Extension: (Google-Suche) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-16]
CHR Extension: (Logitech SetPoint) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2015-05-16]
CHR Extension: (Google Tabellen) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-16]
CHR Extension: (Bookmark Manager) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-16]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2015-05-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-16]
CHR Extension: (Google Wallet) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-16]
CHR Extension: (Google Mail) - C:\Users\Heinz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-16]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-07-15]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-11-27]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S4 ashbackup; d:\Ashampoo\Neuer Ordner\Ashampoo Backup 2016\bin\backupService-ab.exe [32064 2016-04-21] ()
S4 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
S4 FSDcSvc; C:\Program Files (x86)\FarStone DriveClone\Files\FsSvcExe.exe [338944 2013-06-20] (FarStone Inc.) [Datei ist nicht signiert]
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [193064 2015-06-10] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2015-05-26] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60456 2015-03-09] (F-Secure Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S4 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-08-10] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation)
S3 m2UpdateService_{F8F85656-87B0-43BD-B2BA-3B7982C22B5E}; C:\Program Files (x86)\Swisscom\My Swisscom Assistant\m2UpdateService.exe [12022368 2015-06-03] (Swisscom (Schweiz) AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1872568 2013-04-19] (Microsoft Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2007048 2015-07-25] (Electronic Arts)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.)
S4 TomTomHOMEService; D:\tomtommazda\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-06-05] (TomTom)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2015-06-25] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S0 asahci64; C:\Windows\System32\drivers\asahci64.sys [47512 2013-01-10] (Asmedia Technology)
R0 asstor64; C:\Windows\System32\drivers\asstor64.sys [82232 2013-11-25] (Asmedia Technology)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468240 2013-08-21] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [203304 2015-07-10] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71080 2015-07-07] (F-Secure Corporation)
S3 FARMNTIO; c:\windows\system32\drivers\farmntio.sys [25144 2013-04-11] () [Datei ist nicht signiert]
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [55336 2015-07-10] ()
R0 fsbts; C:\Windows\SysWOW64\Drivers\fsbts.sys [42248 2013-06-25] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [95784 2015-06-15] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2014-06-24] ()
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-08-10] ()
S3 IAMTVE; C:\Windows\System32\drivers\IAMTVE.sys [43416 2007-04-12] (Intel Corporation)
S3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34424 2015-02-09] (Microsoft Corporation)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S3 MarvinBus; C:\Windows\System32\drivers\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [Datei ist nicht signiert]
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [31144 2015-06-04] (TuneUp Software)
R2 UI5IFS; C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 6\IFS64.sys [31320 2016-01-20] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-29 08:15 - 2016-06-29 08:15 - 00034246 _____ C:\Users\Heinz\Downloads\FRST.txt
2016-06-29 08:14 - 2016-06-29 08:14 - 00000000 ____D C:\Users\Heinz\Downloads\FRST-OlderVersion
2016-06-28 17:37 - 2016-06-28 17:37 - 00001893 _____ C:\Users\Heinz\Desktop\JRT.txt
2016-06-28 17:33 - 2016-06-28 17:33 - 01610816 _____ (Malwarebytes) C:\Users\Heinz\Downloads\JRT.exe
2016-06-28 17:20 - 2016-06-28 17:20 - 03703360 _____ C:\Users\Heinz\Downloads\AdwCleaner_5.200.exe
2016-06-27 12:54 - 2016-06-27 17:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-06-27 12:54 - 2016-06-27 14:04 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-27 12:54 - 2016-06-27 12:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-27 12:53 - 2016-06-29 08:13 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-27 12:53 - 2016-06-27 16:55 - 00000000 ____D C:\Users\Heinz\Desktop\mbar
2016-06-27 12:52 - 2016-06-27 12:52 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Heinz\Downloads\mbar-1.09.3.1001.exe
2016-06-27 07:50 - 2016-06-27 07:50 - 00053880 _____ C:\Users\Heinz\Desktop\FRST.txt
2016-06-27 07:49 - 2016-06-29 08:15 - 00000000 ____D C:\Users\Heinz\Desktop\PC Untersuchung
2016-06-27 07:37 - 2016-06-27 07:37 - 00064391 _____ C:\Users\Heinz\Downloads\Addition.txt
2016-06-27 07:36 - 2016-06-29 08:15 - 00000000 ___DC C:\FRST
2016-06-27 07:35 - 2016-06-29 08:14 - 02389504 ____C (Farbar) C:\Users\Heinz\Downloads\FRST64.exe
2016-06-26 09:41 - 2016-06-27 07:23 - 00000000 ____D C:\Users\Heinz\AppData\Local\FSDART
2016-06-20 18:02 - 2016-06-20 18:02 - 00152173 _____ C:\Users\Heinz\Downloads\Vorlage_Finanzplan.xlsx
2016-06-15 23:09 - 2016-05-12 20:38 - 00135336 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 23:09 - 2016-05-12 19:43 - 00115704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 23:09 - 2016-05-12 18:24 - 00678912 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-15 23:09 - 2016-05-12 18:17 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 23:09 - 2016-05-12 18:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-15 23:09 - 2016-05-12 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 23:09 - 2016-05-12 18:07 - 01360896 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 23:09 - 2016-05-12 17:59 - 00398848 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 23:09 - 2016-05-12 17:48 - 00580096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-15 23:09 - 2016-05-12 17:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 23:09 - 2016-05-12 17:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-15 23:09 - 2016-05-12 17:37 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 23:09 - 2016-05-06 17:45 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 23:09 - 2016-05-06 17:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 23:08 - 2016-06-03 19:11 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-06-15 23:08 - 2016-06-03 15:38 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-15 23:08 - 2016-06-02 19:51 - 00050352 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-15 23:08 - 2016-05-29 17:04 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-15 23:08 - 2016-05-29 17:04 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-15 23:08 - 2016-05-29 17:04 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-15 23:08 - 2016-05-29 17:04 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-15 23:08 - 2016-05-29 17:04 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-15 23:08 - 2016-05-29 17:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-15 23:08 - 2016-05-21 19:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 23:08 - 2016-05-21 18:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 23:08 - 2016-05-21 00:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 23:08 - 2016-05-21 00:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 23:08 - 2016-05-21 00:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 23:08 - 2016-05-20 23:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 23:08 - 2016-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-15 23:08 - 2016-05-20 23:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 23:08 - 2016-05-20 23:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 23:08 - 2016-05-20 23:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-15 23:08 - 2016-05-20 23:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 23:08 - 2016-05-20 23:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 23:08 - 2016-05-20 23:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 23:08 - 2016-05-20 23:25 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-06-15 23:08 - 2016-05-20 23:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-15 23:08 - 2016-05-20 23:21 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-06-15 23:08 - 2016-05-20 23:19 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-06-15 23:08 - 2016-05-20 23:16 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-06-15 23:08 - 2016-05-20 23:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 23:08 - 2016-05-20 23:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-15 23:08 - 2016-05-20 23:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 23:08 - 2016-05-20 23:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 23:08 - 2016-05-20 23:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 23:08 - 2016-05-20 23:09 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 23:08 - 2016-05-20 23:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 23:08 - 2016-05-20 23:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 23:08 - 2016-05-20 23:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 23:08 - 2016-05-20 22:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 23:08 - 2016-05-20 22:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 23:08 - 2016-05-20 22:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 23:08 - 2016-05-20 22:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-15 23:08 - 2016-05-20 22:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 23:08 - 2016-05-20 22:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 23:08 - 2016-05-19 01:15 - 01379040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 23:08 - 2016-05-18 22:35 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 23:08 - 2016-05-18 07:31 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 23:08 - 2016-05-18 07:31 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 23:08 - 2016-05-16 23:13 - 00563016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 23:08 - 2016-05-16 23:13 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 23:08 - 2016-05-16 23:13 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 23:08 - 2016-05-16 23:13 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 23:08 - 2016-05-14 22:01 - 00363104 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 23:08 - 2016-05-14 22:01 - 00320720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 23:08 - 2016-05-14 01:09 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 23:08 - 2016-05-14 01:07 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 23:08 - 2016-05-14 01:07 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 23:08 - 2016-05-14 01:07 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 23:08 - 2016-05-14 01:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 23:08 - 2016-05-14 01:04 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 23:08 - 2016-05-14 00:34 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-15 23:08 - 2016-05-14 00:19 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 23:08 - 2016-05-13 23:58 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 23:08 - 2016-05-13 23:58 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-15 23:08 - 2016-05-13 23:45 - 00802816 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 23:08 - 2016-05-13 23:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 23:08 - 2016-05-13 23:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 23:08 - 2016-05-09 23:35 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-06-15 23:08 - 2016-05-09 22:56 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-06-15 23:08 - 2016-05-09 22:45 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-15 23:08 - 2016-05-09 22:23 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 23:08 - 2016-04-14 17:25 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-15 23:08 - 2016-04-14 17:11 - 02464768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-15 23:08 - 2016-04-12 17:46 - 14467584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-06-15 23:08 - 2016-04-12 17:30 - 12879872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-06-15 23:08 - 2016-01-31 21:17 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-15 23:08 - 2016-01-31 20:07 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-15 23:08 - 2016-01-31 19:42 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-15 23:08 - 2016-01-31 19:14 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-13 17:11 - 2016-06-28 17:27 - 00000000 ___DC C:\AdwCleaner
2016-06-12 09:18 - 2016-06-12 09:19 - 34810488 _____ (Mozilla) C:\Users\Heinz\Downloads\Thunderbird Setup 45.1.1(1).exe
2016-06-08 08:39 - 2016-06-08 08:39 - 34950056 _____ (Mozilla) C:\Users\Heinz\Downloads\Thunderbird Setup 45.1.1.exe
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-29 08:16 - 2013-06-03 07:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-29 08:15 - 2014-08-10 23:14 - 00000000 ____D C:\Windows\CryptoGuard
2016-06-29 08:15 - 2013-09-30 06:14 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-29 08:15 - 2013-09-30 05:56 - 00765378 _____ C:\Windows\system32\perfh007.dat
2016-06-29 08:15 - 2013-09-30 05:56 - 00159696 _____ C:\Windows\system32\perfc007.dat
2016-06-29 08:15 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-06-29 08:08 - 2015-11-01 18:09 - 00005130 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for HZMOPC-Heinz hzmopc
2016-06-29 08:08 - 2013-11-19 10:48 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-29 08:08 - 2013-09-09 15:14 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-29 08:08 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-29 08:08 - 2013-05-30 14:34 - 00000000 __RDO C:\Users\Heinz\SkyDrive
2016-06-28 17:48 - 2013-09-09 15:14 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-28 17:39 - 2013-06-06 12:44 - 00000000 ____D C:\Users\Heinz\AppData\Local\CrashDumps
2016-06-28 17:32 - 2015-12-04 19:54 - 00003556 _____ C:\Windows\System32\Tasks\Delta Updater
2016-06-28 17:27 - 2013-08-22 15:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-06-28 17:04 - 2013-11-23 10:21 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{50690F22-4F3F-458D-88CA-21FDB97DDD78}
2016-06-28 17:01 - 2016-04-05 00:41 - 00000346 _____ C:\Windows\Tasks\HPCeeScheduleForHeinz.job
2016-06-28 06:09 - 2016-04-05 00:41 - 00003160 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHeinz
2016-06-27 13:53 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2016-06-26 09:41 - 2013-08-05 21:08 - 00000000 ____D C:\Users\Heinz\AppData\Local\F-Secure
2016-06-26 09:41 - 2013-06-25 14:17 - 00000000 ____D C:\ProgramData\F-Secure
2016-06-25 11:47 - 2016-03-03 17:56 - 00000000 ____D C:\Users\Heinz\iTunes
2016-06-24 15:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-06-24 14:59 - 2013-10-01 14:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-24 14:59 - 2013-10-01 14:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-23 19:11 - 2015-04-27 18:45 - 00000000 ____D C:\Users\Heinz\Desktop\Verein
2016-06-23 18:37 - 2013-05-30 11:24 - 00000000 ____D C:\Users\Heinz\AppData\Local\Packages
2016-06-23 17:23 - 2013-05-30 11:31 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3496421778-4022263089-3498141264-1002
2016-06-23 16:35 - 2013-10-01 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-23 16:32 - 2013-06-24 08:00 - 00003416 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2016-06-18 15:36 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-17 18:29 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp
2016-06-17 07:16 - 2013-06-03 07:59 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-16 09:11 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-06-15 23:22 - 2016-01-23 19:16 - 00573472 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 23:21 - 2014-12-12 09:42 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-15 23:21 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2016-06-15 23:18 - 2013-08-15 15:10 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 23:16 - 2013-04-23 15:31 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 19:13 - 2013-08-22 17:38 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 19:13 - 2013-08-22 17:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-13 08:24 - 2013-12-29 14:31 - 00000000 ____D C:\Users\Heinz\AppData\Local\Microsoft Help
2016-06-13 07:18 - 2016-05-08 09:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-13 07:18 - 2013-05-30 12:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-12 09:19 - 2016-04-18 10:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-06-12 09:19 - 2013-05-30 12:00 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2016-06-12 09:19 - 2013-05-30 12:00 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2016-06-09 17:38 - 2013-11-09 13:48 - 00000000 ____D C:\Users\Heinz\Documents\vortrag
2016-06-07 22:01 - 2014-09-16 21:21 - 00001453 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-07 22:01 - 2014-09-16 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-07 22:01 - 2013-06-20 21:01 - 00000000 ___DC C:\Program Files\Common Files\Apple
2016-06-07 14:39 - 2013-11-19 10:49 - 00000000 ____D C:\Users\Heinz
2016-06-02 11:44 - 2015-09-16 16:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-06-02 10:51 - 2013-11-14 22:49 - 0004198 _____ () C:\Users\Heinz\AppData\Roaming\HZMOPC.MTBF.txt
2013-11-26 15:01 - 2013-11-26 15:01 - 0001099 _____ () C:\Users\Heinz\AppData\Roaming\ShiftN.ini
2013-06-02 10:51 - 2013-11-14 22:52 - 0000902 _____ () C:\Users\Heinz\AppData\Roaming\__AvidCloudManager.log
2013-06-02 10:51 - 2013-10-02 21:24 - 0000902 _____ () C:\Users\Heinz\AppData\Roaming\__AvidCloudManagerPrevious.log
2013-06-02 12:18 - 2016-05-12 20:48 - 0059392 _____ () C:\Users\Heinz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-04 20:35 - 2014-10-04 20:35 - 0000858 _____ () C:\Users\Heinz\AppData\Local\recently-used.xbel
2014-10-22 21:29 - 2014-10-22 21:29 - 0007027 _____ () C:\Users\Heinz\AppData\Local\soulseek-client.dat.1414006152383
2015-01-20 22:01 - 2015-01-20 22:01 - 0007027 _____ () C:\Users\Heinz\AppData\Local\soulseek-client.dat.1421784116922
2015-11-27 20:08 - 2015-11-27 20:08 - 0007027 _____ () C:\Users\Heinz\AppData\Local\soulseek-client.dat.1448647737866
2013-06-10 16:15 - 2013-06-10 16:15 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-06-25 20:59 - 2015-05-06 15:38 - 95609776 _____ (mquadr.at software engineering & consulting GmbH) C:\ProgramData\MSASetup.exe
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\MSASetup.exe
Einige Dateien in TEMP:
====================
C:\Users\Heinz\AppData\Local\Temp\libeay32.dll
C:\Users\Heinz\AppData\Local\Temp\msvcr120.dll
C:\Users\Heinz\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-06-27 17:35
==================== Ende von FRST.txt ============================
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 28-06-2016
durchgeführt von Heinz (2016-06-29 08:16:10)
Gestartet von C:\Users\Heinz\Downloads
Windows 8.1 Pro (Update) (X64) (2013-11-19 09:24:02)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3496421778-4022263089-3498141264-500 - Administrator - Disabled)
Dennis (S-1-5-21-3496421778-4022263089-3498141264-1008 - Limited - Enabled) => C:\Users\Dennis
Gast (S-1-5-21-3496421778-4022263089-3498141264-501 - Limited - Disabled)
Heinz (S-1-5-21-3496421778-4022263089-3498141264-1002 - Administrator - Enabled) => C:\Users\Heinz
HomeGroupUser$ (S-1-5-21-3496421778-4022263089-3498141264-1006 - Limited - Enabled)
_ashbackup_ (S-1-5-21-3496421778-4022263089-3498141264-1010 - Administrator - Enabled) => C:\Users\_ashbackup_
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Antivirus (Enabled - Up to date) {0F70A6C4-76E4-6A3B-2695-519F428B1C20}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Antivirus (Enabled - Up to date) {B4114720-50DE-65B5-1C25-6AED390C569D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Amazon Cloud Drive) (Version: 3.4.0.36 - Amazon.com, Inc.)
Amazon Music (HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\Amazon Amazon Music) (Version: 4.2.0.1281 - Amazon Services LLC)
Anno 2205 (HKLM-x32\...\Uplay Install 1253) (Version: - Ubisoft)
Any Video Converter Professional 5.8.4 (HKLM-x32\...\Any Video Converter Professional_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (32-Bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ashampoo Backup 2016 (HKLM\...\{FDAE1FAD-57F8-6DCD-940E-885B7FB1CE43}_is1) (Version: 10.01 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 2015 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.3 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 14 (HKLM-x32\...\{C92AB6F1-616B-A905-B3D2-3B7C238851DC}_is1) (Version: 14.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo UnInstaller 6 (HKLM-x32\...\{4209F371-7DE5-9DF2-5DEF-91667EBBBBC5}_is1) (Version: 6.00.14 - Ashampoo GmbH & Co. KG)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.4.0000 - Asmedia Technology)
AudioCon (HKLM-x32\...\AudioCon) (Version: 1.0 - Basement Softworks)
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.76.0.2015 - Georgy Berdyshev)
cnlabSpeedTest (HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\{fxApplication}}_is1) (Version: 1.3.0 - cnlab AG)
Computer Security 14.139.100.0 (release) (x32 Version: 14.139.100.0 - F-Secure Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriveClone 10 (HKLM-x32\...\{A1290B93-AB90-408C-A456-9AF508E7E345}) (Version: 10.0.0 - FarStone Technology Inc.)
EasyTax 2014 BL 1.1 (HKLM-x32\...\3597-1189-7869-6330) (Version: 1.1 - HWI Solutions AG)
EasyTax 2015 BL 1.0 (HKLM-x32\...\6608-8277-7051-6704) (Version: 1.0 - HWI Solutions AG)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Far Cry (OEM) (HKLM-x32\...\InstallShield_{F400BA3B-B134-4701-8536-68A99CD44F5A}) (Version: 1.00.0000 - Ihr Firmenname)
Far Cry (OEM) (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
Far Cry 3 Blood Dragon (HKLM-x32\...\{A071F478-73E0-4143-AE55-4DD6BABD74F5}) (Version: 1.00 - Ubisoft)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 2.39.273.0 - F-Secure Corporation)
F-Secure (x32 Version: 2.39.273.0 - F-Secure Corporation) Hidden
F-Secure CCF Reputation (x32 Version: 2.0.1337.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.66.103.568 (release) (x32 Version: 1.66.103.568 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.03.139 (x32 Version: 1.03.139 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.05.143.0 (release) (x32 Version: 1.05.143.0 - F-Secure Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{9086D601-50B7-491D-A143-28193DADE36B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM-x32\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Hilfe (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{8F1A441E-AD6D-4732-BD6A-F38D5F1D1E47}) (Version: 12.4.18.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version: - Ifolor AG)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1550 - Intel Corporation)
Intel(R) Network Connections 19.0.27.0 (HKLM\...\PROSetDX) (Version: 19.0.27.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Logitech Gaming Software 8.46 (HKLM\...\Logitech Gaming Software) (Version: 8.46.27 - Logitech Inc.)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Foto Designer 7 (HKLM-x32\...\MAGIX_{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}) (Version: 7.0.1.1 - MAGIX AG)
MAGIX Goya burnR (MSI) (HKLM-x32\...\MX.{EC410BDA-E943-453F-ABF5-DDEDA1D12D3B}) (Version: 4.3.2.0 - MAGIX Software GmbH)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX Software GmbH) Hidden
MAGIX MP3 deluxe MX Download-Version (HKLM-x32\...\MX.{CFC811BB-5AC4-4F00-A88B-6DED596C2B36}) (Version: 18.0.3.115 - MAGIX Software GmbH)
MAGIX MP3 deluxe MX Download-Version (Version: 18.0.3.115 - MAGIX Software GmbH) Hidden
MAGIX Music Maker 2015 Movie Score Edition Update (Version: 21.0.4.50 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Movie Score Edition (HKLM-x32\...\MX.{692A8B82-1189-4DBF-B4C4-A285F4970E20}) (Version: 21.0.3.47 - MAGIX Software GmbH)
MAGIX Music Maker Movie Score Edition (Version: 21.0.3.47 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Movie Score Edition Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Screenshare (HKLM-x32\...\{4696FD4A-A0DF-4F84-BC9D-12D73E1D95D3}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Slideshow Maker 2 (HKLM-x32\...\MAGIX_{48897B17-3DD2-4BAA-A81D-4E4EA8E9FD51}) (Version: 2.0.1.9 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{B6B4D918-A667-48D2-9AB6-FAF34FB25223}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{FBE6F998-E9A0-4A15-974B-6592DCEEE7AC}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2014 Premium (HKLM-x32\...\MX.{FBCA50BE-C022-45DA-9261-10230EC1012E}) (Version: 13.0.0.30 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (NewBlueFX ColorFast) (HKLM-x32\...\MX.{D9D24F5F-1E36-48BE-9419-CF97B34AB063}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (proDAD Heroglyph 4.0) (HKLM-x32\...\MX.{CFD52E6D-2AF5-495C-87E3-4D243FE202E7}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 Premium (Version: 13.0.0.30 - MAGIX AG) Hidden
MAGIX Video deluxe 2015 Premium (HKLM\...\MX.{EAC79752-A0A4-45DB-9F99-9F6445920F77}) (Version: 14.0.0.140 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 Premium (Version: 14.0.0.140 - MAGIX Software GmbH) Hidden
MAGIX Video easy TERRATEC Edition (HKLM-x32\...\MAGIX_{2FA06473-23F0-4372-8DD5-1EAE42503D93}) (Version: 3.0.1.50 - MAGIX AG)
MAGIX Video easy TERRATEC Edition (Version: 3.0.1.50 - MAGIX AG) Hidden
MAGIX Video Pro X7 (Designelemente) (HKLM\...\MX.{10FF2952-0E0E-48B3-A536-BB112AF2CB51}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Designelemente) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Filmvorlagen) (HKLM\...\MX.{515110FD-B44B-460B-AC42-63EBF05B6082}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Filmvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Fotoshow Maker-Stile) (HKLM\...\MX.{AD8221A0-591D-4CBE-AA2A-FE0B705D148B}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Fotoshow Maker-Stile) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (HKLM\...\MX.{317B58FE-6117-4601-913A-9BA64BCA6535}) (Version: 14.0.0.96 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Individuelle Menüvorlagen) (HKLM\...\MX.{B174182A-7D02-4D1D-9AAE-F210FAF0692D}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Individuelle Menüvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Menüvorlagen) (HKLM\...\MX.{585CA335-503C-4237-A4B2-F25F58A83D98}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Menüvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (proDAD Mercalli V4) (HKLM\...\MX.{5941BA8B-E170-4F1F-B42F-90F49E1C07F7}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (proDAD Mercalli V4) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Soundtrack Maker-Stile) (HKLM\...\MX.{7B739F29-AB56-4898-92F7-F62816308A19}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Soundtrack Maker-Stile) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Titeleffekte) (HKLM\...\MX.{7384156B-EA84-4910-B4E1-611A83CF1B6E}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Titeleffekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Überblendeffekte) (HKLM\...\MX.{FACEE989-3F19-486A-AD92-D905EF0B790A}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Überblendeffekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Version: 14.0.0.96 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Video deluxe - Designelemente) (HKLM\...\MX.{0F8A6506-BF6B-4876-9A75-B42628EC8A21}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Video deluxe - Designelemente) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Video deluxe - Fotoshow Maker-Stile) (HKLM\...\MX.{77E73225-F4FA-45EB-8A6E-63C956600BE2}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Video deluxe - Fotoshow Maker-Stile) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Video deluxe - Individuelle Menüvorlagen) (HKLM\...\MX.{76F5F102-A3E4-4A75-B692-5C98397B213E}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Video deluxe - Individuelle Menüvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Video deluxe - Menüvorlagen) (HKLM\...\MX.{F8204A38-51E3-4C1C-A3F1-859D31ADC303}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Video deluxe - Menüvorlagen) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X7 (Video deluxe - Titeleffekte) (HKLM\...\MX.{C3D96884-356D-4CEE-B2EB-79D91DBC7BB5}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video Pro X7 (Video deluxe - Titeleffekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX VPX7 Update (Version: 14.0.0.143 - MAGIX Software GmbH) Hidden
MAGIX VPX7 Update (Version: 14.0.0.144 - MAGIX Software GmbH) Hidden
MAGIX VPX7 Update (Version: 14.0.0.145 - MAGIX Software GmbH) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{8EC9E7BB-2443-49B1-8476-490EBF932C2E}) (Version: 4.25.512.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4505.1006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{E4A1FDA3-689D-44DA-9B39-86BD2270F522}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Motion Graphics Toolkit for Studio (HKLM-x32\...\InstallShield_{178D71F4-DFB1-40EC-9D95-326FD8A3E7A0}) (Version: 1.00.0000 - Red Giant)
Motion Graphics Toolkit for Studio (x32 Version: 1.00.0000 - Red Giant) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 de)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Mozilla Thunderbird 45.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.1.1 (x86 de)) (Version: 45.1.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NewBlue Titler EX for MAGIX (HKLM-x32\...\NewBlue Titler EX for MAGIX) (Version: 1.0 - NewBlue)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Grafiktreiber 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 361.75 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4505.1006 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4505.1006 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4505.1006 - Microsoft Corporation) Hidden
Online Safety 2.139.3446.2391 (x32 Version: 2.139.3446.2391 - F-Secure Corporation) Hidden
Opera Stable 25.0.1614.68 (HKLM-x32\...\Opera 25.0.1614.68) (Version: 25.0.1614.68 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.5.20.5318 - Electronic Arts, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
proDAD Mercalli NLE 4.0 (64bit) (HKLM\...\proDAD-MercalliPlugins-4.0) (Version: 4.0.446.1 - proDAD GmbH)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
RoboForm 7-9-18-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-18-5 - Siber Systems)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version: - )
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Studie zur Verbesserung von HP Officejet 6700 Produkten (HKLM\...\{4EE2A4CB-47B0-4412-808C-D556E3940598}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SuperEasy Video Converter 3 v.3.0.4355 (HKLM-x32\...\{039BC111-1514-CA51-10AA-5A3FFD6FC015}_is1) (Version: 3.0.4355 - SuperEasy Software GmbH & Co. KG)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Tastaturschreiben (HKLM-x32\...\Tastaturschreiben) (Version: - )
TERRATEC GRABBY (64 Bit) (HKLM-x32\...\{17CC47BB-ADA7-4EB3-B3D0-FFE461E0CEBE}) (Version: 5.201.1823.0 - TERRATEC)
TERRATEC GRABBY (HKLM-x32\...\{BD1F3804-4AB5-42A7-AF41-EACDB3498E21}) (Version: 5.201.1823.0 - )
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.245 - TuneUp Software) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft)
VideoCompressor (HKLM-x32\...\VideoCompressor_is1) (Version: 1.1 - Abelssoft)
Vita Soundtrack Percussion (Version: 2.4.0.78 - MAGIX Software GmbH) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows-Treiberpaket - TERRATEC (USB28xxBGA) Media (05/16/2013 5.2011.823.0) (HKLM\...\2752F9F448205AF04D07DBF6BD4573D7F4AC1CC6) (Version: 05/16/2013 5.2011.823.0 - TERRATEC )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3496421778-4022263089-3498141264-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3496421778-4022263089-3498141264-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {01B4A395-C721-4A23-9244-028CC636BA53} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {040985C7-8EB9-44E3-9FC3-8201DCC45C00} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {14D8BEF3-3A78-40F5-A0C5-BF08440437B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {176D0E19-18C8-44BF-AD70-21B15311EAD0} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {19906C00-7BB0-4697-85F0-A5241156DDE0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {1B858D32-47AF-4346-9A48-FC707A8CAD02} - System32\Tasks\HP AR Program Upload - 71d09557f49845c4819c1f1125bced9aa9e9282175a340ca9707e67305f5d30e => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {2B884A2F-14B7-45E2-BC89-BA5840D3BFE1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {2FF8340B-257F-4E57-A7A6-6A9754DC86A6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HZMOPC-Heinz hzmopc => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2013-05-30] (Microsoft Corporation)
Task: {3980ECEB-51CB-4337-93DA-07CA9A739F8D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {461E85AD-5314-4F98-AFDB-2617E0CA0110} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-04-19] (Microsoft Corporation)
Task: {555A9D48-E102-44E3-A4DA-D0E2A99420BC} - System32\Tasks\StPrsSW => C:\Users\Heinz\AppData\Roaming\StPrsSW\stprss.exe [2015-02-02] ()
Task: {5B242F86-2A0B-4F87-8166-29A3BFDAC914} - System32\Tasks\HP AR Program Upload - 39a8f325ba564aa490f517569e8e2227c54af47f02b24205963f347921dcee77 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {62BD0FFC-57AD-4881-9230-0D03346E94E2} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-04-22] (Apple Inc.)
Task: {69BE4B4A-C7D8-4120-9C0E-CDEF1E2688A4} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJPMMJPMLJJJNMNMCNJJJJMJGMCNLMGMKMJMCNHMMMGMLJCNJMJMLJNMJMLJJJOJNJKJMMLMJNJICMIMCNGMCNOMHMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMOMFMEKMICNJJCKFMOMPMKMOMJNHICMMJBJKJLIMJJNBJCMHLKJGJBJFIPNCLAJMIKJNIJNKJCMJNNICMJNDJCM (Der Dateneintrag hat 59 mehr Zeichen).
Task: {84CEF426-1F77-48C1-B319-BDB78082B9B4} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-02-10] (Oracle Corporation)
Task: {8A6AEB72-3826-458C-8EFD-F1372C0FC34D} - System32\Tasks\HP AR Program Upload - 29ebc60cbff34f7dae210c0b8ee10017bbfcfeb19eb04dad925d15bd34f4e261 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {9114F1E6-E63B-4D88-8900-94B5068570D1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {996AB060-FB71-4ED2-B0D2-80B61DFB5DF5} - System32\Tasks\HP AR Program Upload - ff17f8f96ae04645b5eec2676c8d0cdd6aca98bc86aa4d3f8ff481017bb2c28f => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {A12D8E59-7B37-471A-998F-532E1B5C06E9} - System32\Tasks\HPCeeScheduleForHeinz => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {A95E9785-E2A7-4793-9FCB-90056171DFCE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {B94ECC76-A2D4-455D-9F2A-783BD8A7BEB6} - System32\Tasks\HP AR Program Upload - 32a98d52cb614c84b7b3e7140479d6e21c13a210e7a9410fa08236c9d2af1014 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {B992F1F6-2B03-4213-A69E-BDC773B410FF} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3496421778-4022263089-3498141264-1002 => C:\Users\Heinz\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-05-20] (Microsoft Corporation)
Task: {BCBDCFBB-5A0F-4F38-8FAD-2C4D83FC2E5A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {BCF6FDCF-5226-4860-95FE-4B937FE65C5A} - System32\Tasks\HP AR Program Upload - ebba9a28e43440c189a411c4f132ff0ce3a8e1c0468845c98518daf9c19c45c0 => C:\Program Files\HP\HP Officejet 6700\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {C77DBD2E-EA93-4D17-895F-3E42E0B0DDBB} - System32\Tasks\Opera scheduled Autoupdate 1412931964 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-29] (Opera Software)
Task: {D8665B13-A8C3-454B-96BB-D396B773CB2F} - System32\Tasks\Delta Updater => Wscript.exe //B "C:\Users\Heinz\AppData\Local\delta\delta\1.4.5.10\..\updt.js"
Task: {D8AEEC6D-7C86-4DCE-A7EF-0389B4D78AD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {DD7C50F7-FF05-4868-88E7-ED3EB0388616} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-06-15] (Microsoft Corporation)
Task: {EB2F459A-2652-466F-8A7A-603472EF0F78} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {EEA5BC7C-7B22-414E-881A-3AFEBAA5691B} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-04-18] (Siber Systems)
Task: {F686723D-69C8-4312-B58E-52342FC8302D} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {FB9D831C-C0FC-4C93-9F46-43E3B6362922} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {FD0B5B48-459F-4A12-AF93-969C4AC6D7AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHeinz.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\Public\Desktop\CleverReach.com.lnk -> hxxp://swc.ashampoo.com/ikot/r.php?id=65 (Keine Datei)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-11-19 10:48 - 2016-01-23 03:04 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-01-28 18:14 - 2016-01-12 06:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2013-05-30 14:33 - 2013-02-23 16:46 - 00382608 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-05-30 14:33 - 2013-03-16 12:53 - 00515752 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-05-30 14:33 - 2013-03-16 12:53 - 00608424 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2015-06-25 07:53 - 2015-06-25 07:53 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-10 14:21 - 2015-06-10 14:21 - 00248872 _____ () C:\Program Files (x86)\F-Secure\daas2.dll
2015-07-30 22:18 - 2016-01-12 06:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-05-30 14:41 - 2013-05-30 14:43 - 00312976 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2013-05-30 14:41 - 2013-05-30 14:43 - 00356008 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll
2013-05-30 14:41 - 2013-05-30 14:41 - 00312976 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2013-05-30 14:41 - 2013-05-30 14:41 - 00356008 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll
2013-06-25 14:27 - 2015-05-26 16:47 - 00056360 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\fsavures.eng
2013-06-25 14:32 - 2013-06-25 14:32 - 00030888 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2013-06-25 14:27 - 2015-07-10 21:55 - 00212008 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Spam Control\fsas.dll
2013-06-25 14:27 - 2015-05-26 16:47 - 00949288 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fm4av.dll
2013-06-25 14:27 - 2015-05-26 16:47 - 00045608 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\FSAVHRES.eng
2013-05-30 14:41 - 2013-05-30 14:41 - 00312976 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-05-30 14:41 - 2013-05-30 14:41 - 00356008 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:FCA8C9CD [274]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Heinz\AppData\Local\Ashampoo\Ashampoo Photo Commander 12\APCWallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\StartupFolder: => "simplicheck.lnk"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "SamsungRapidApp"
HKLM\...\StartupApproved\Run: => "Ashampoo Uninstaller 6 Guard"
HKLM\...\StartupApproved\Run: => "Ashampoo Backup"
HKLM\...\StartupApproved\Run32: => "LifeCam"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "My Swisscom Assistant"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\StartupFolder: => "Logitech . Produktregistrierung.lnk"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\StartupFolder: => "Registration Heroes of Might & Magic 5.LNK"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "RoboForm"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "HP Officejet 6700 (NET)"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "Amazon Cloud Drive"
HKU\S-1-5-21-3496421778-4022263089-3498141264-1002\...\StartupApproved\Run: => "Amazon Music"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{555572DD-AC43-4DC5-A46D-808A2FE4C020}D:\soulseekqt\soulseekqt.exe] => (Allow) D:\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{9DD1B296-1F6C-4070-B63A-88675873C618}D:\soulseekqt\soulseekqt.exe] => (Allow) D:\soulseekqt\soulseekqt.exe
FirewallRules: [{19BD9E30-E5E5-48B5-A4F6-AFB653813F36}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5764869A-2D24-4FE9-AAB6-6692F26D74C6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D4651E7C-EC02-439C-9D6D-C48632C7D923}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1173C915-09C4-45FC-8F62-34BD91090817}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{85190660-E051-4E09-897E-CC81B0EB4A00}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{25B2A8C6-E80B-43C2-BB35-4F6536B9752A}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{34DAD037-8A62-4C41-8D91-956163B2ED16}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{14AEB8D7-903F-4D06-ACB3-AB3991FBB3F5}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{543C245C-91EF-41BE-937A-2D885C739E3B}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{435BC9CC-59BB-4614-B9FB-546BE0BECB63}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{C9A66DCC-E007-4B04-A313-69AE3EEB533F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BDDD3C6D-5944-48E5-A771-02BB28494D20}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2746371A-013F-4C6E-AB40-D0607D32CD9A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9E128876-13BA-4431-A8DB-61D8AFF0361D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{943B67C8-E0FF-46D7-B61C-9C2957001266}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{779A00ED-B949-48E7-A3EB-5139C0D41620}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{99589787-3729-4E33-974A-E27234648B71}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\WLAN\SwisscomWLAN.exe
FirewallRules: [{42826AA8-6546-4E07-A6F9-A6DA76687DF5}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\WLAN\SwisscomWLAN.exe
FirewallRules: [{1EBD45E0-E6A9-4D58-8DA3-83224EBB5811}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{C5974FBF-A255-4191-8039-CDDAE4E3D650}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{E880337B-E878-4D2C-A7F6-7BE6E7E8D4C5}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{B5AA6594-2BC9-4595-A5E1-24F538754C0F}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{4F0CA273-CC49-4B82-9459-4CA1FFB5655C}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{5984457C-1614-469D-AF34-1EA1C69CC3C9}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{7CC9300C-0C6C-4953-A5B2-A39E656152D1}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\FC3BDUpdater.exe
FirewallRules: [{C9E90CE0-5A26-431D-91D7-F2B439AC2D55}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 3 Blood Dragon\bin\FC3BDUpdater.exe
FirewallRules: [TCP Query User{89DC18CD-2F2E-4ECB-8BB1-87626793DFCA}D:\magix\video deluxe 2015 premium\videodeluxe.exe] => (Allow) D:\magix\video deluxe 2015 premium\videodeluxe.exe
FirewallRules: [UDP Query User{A6ABD8A0-4630-43E0-BFCB-AC5FC1BF1539}D:\magix\video deluxe 2015 premium\videodeluxe.exe] => (Allow) D:\magix\video deluxe 2015 premium\videodeluxe.exe
FirewallRules: [{64582C45-9FB2-4BD4-80F5-5ED6E289D691}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E279ECBE-6143-494D-A23A-6C32738CF3F6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7B308AD9-132E-4066-A8B1-EF9C3FA03901}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{15513709-C780-43EE-A2BB-AC04392486C5}] => (Allow) LPort=2869
FirewallRules: [{65B71408-ECBE-4248-9BA3-8A1C6D2B916C}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{DF21489F-AFF0-4B2A-A51F-4D0EF2DBEFE1}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{9012038C-60D9-4967-85BC-AF576CE920EE}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{95D740C8-297C-4EC4-A8E4-BBC0BA9EAC08}] => (Allow) C:\Program Files\MAGIX\Video Pro X7\Video_Pro_X.exe
FirewallRules: [{BF22D6C7-7D6B-4F03-92FE-29687C885325}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe
FirewallRules: [{FBA03AB6-D35F-4892-8CCB-94A80A9F5619}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe
FirewallRules: [{614963A4-2B64-4D13-A0E0-1F7AB3FE8DDA}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Repair.exe
FirewallRules: [{80C4566C-CE6E-4304-A2CC-74E6D79D97D2}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Repair.exe
FirewallRules: [{610CD5B8-E5D0-41FB-BC42-0BE2C252DBA3}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant.exe
FirewallRules: [{8896B807-3DEE-4CBA-9CAB-0E626F9ACAC8}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\MySwisscomAssistant.exe
FirewallRules: [{00E5389D-3D6E-405E-8496-A4B241A6F9AA}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\Update\M2Updater.exe
FirewallRules: [{D065AEB6-5EC2-4C49-9E7C-EC167EEA8DE5}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\Update\M2Updater.exe
FirewallRules: [{5CE334AC-99C0-49F2-96A4-0F32ECA25329}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\PDF_Viewer\m2PDFViewer.exe
FirewallRules: [{D6B15A89-3B77-40BC-8CD0-4033A4910610}] => (Allow) C:\Program Files (x86)\Swisscom\My Swisscom Assistant\PDF_Viewer\m2PDFViewer.exe
FirewallRules: [{97A554D0-CAF6-4694-AB43-780B09EF117D}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8C1CF21C-F486-409F-950D-156D56C8F2F8}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{03539951-8AAB-49FD-9CF2-0C0327F53D6D}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2AF41C0E-B9B2-44EF-9D6F-9478F61B74D4}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{61145F1B-631B-466C-8841-9A50195E0B3C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{64F1C429-7D8D-4A06-BA16-147076ECB9DE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{DACF7298-E62B-408A-AED3-679D1B983046}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CDFACA66-0D67-43E3-A32B-CA4D61B262D6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5DC989AE-D992-4640-96F5-CA286E0C5F49}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4FA24DA1-3FDF-4DED-AC33-69C824221D06}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C8125BE1-B8A2-4E8B-A117-39682AECD826}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A2FE8AFD-BD7A-446D-A8F5-BAA1AF1CF717}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{093C8530-EE11-418C-949D-4A600C33C107}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E1F81141-B9D3-41BC-AC50-94A663BA95F1}] => (Allow) D:\ANNO\Anno 2205\Bin\Win64\Anno2205.exe
FirewallRules: [{E9245BAA-D73B-4B9C-BF25-6024743FD273}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{C43A6786-8351-4156-ADC0-BB37848F3943}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{73064C57-800E-44E8-92F5-554112E4B360}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{C11FF067-B0A3-4F40-80F1-55D1FF0AD0C2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{711671C1-8F2F-4AB0-8990-9DFD5CCB5E24}] => (Allow) D:\iTunes\iTunes.exe
==================== Wiederherstellungspunkte =========================
11-06-2016 16:22:50 Geplanter Prüfpunkt
15-06-2016 23:16:01 Windows Update
23-06-2016 16:34:35 Windows Update
27-06-2016 13:52:42 Malwarebytes Anti-Rootkit Restore Point
28-06-2016 17:34:29 JRT Pre-Junkware Removal
28-06-2016 17:35:26 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (06/29/2016 08:09:39 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1 2016-06-29 08:09:39+02:00 HZMOPC HZMOPC\Heinz F-Secure Anti-Virus
Malicious code found in file C:\Windows\Temp\WAX5639.tmp.
Infection: Gen:Trojan.Heur.FU.UuZ@am9S2Gb
Error: (06/29/2016 08:09:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fshoster32.exe, Version: 1.6.214.0, Zeitstempel: 0x55631674
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18264, Zeitstempel: 0x56e1b34d
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0x380
Startzeit der fehlerhaften Anwendung: 0xfshoster32.exe0
Pfad der fehlerhaften Anwendung: fshoster32.exe1
Pfad des fehlerhaften Moduls: fshoster32.exe2
Berichtskennung: fshoster32.exe3
Vollständiger Name des fehlerhaften Pakets: fshoster32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: fshoster32.exe5
Error: (06/29/2016 08:09:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fshoster32.exe, Version: 1.6.214.0, Zeitstempel: 0x55631674
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18264, Zeitstempel: 0x56e1b34d
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0x818
Startzeit der fehlerhaften Anwendung: 0xfshoster32.exe0
Pfad der fehlerhaften Anwendung: fshoster32.exe1
Pfad des fehlerhaften Moduls: fshoster32.exe2
Berichtskennung: fshoster32.exe3
Vollständiger Name des fehlerhaften Pakets: fshoster32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: fshoster32.exe5
Error: (06/29/2016 08:09:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 12.5.0.1066, Zeitstempel: 0x5147a50c
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x04904c0d
ID des fehlerhaften Prozesses: 0xa28
Startzeit der fehlerhaften Anwendung: 0xIAStorDataMgrSvc.exe0
Pfad der fehlerhaften Anwendung: IAStorDataMgrSvc.exe1
Pfad des fehlerhaften Moduls: IAStorDataMgrSvc.exe2
Berichtskennung: IAStorDataMgrSvc.exe3
Vollständiger Name des fehlerhaften Pakets: IAStorDataMgrSvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IAStorDataMgrSvc.exe5
Error: (06/29/2016 08:09:04 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: IAStorDataMgrSvc.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
bei IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
bei IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (06/29/2016 08:08:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fshoster32.exe, Version: 1.6.214.0, Zeitstempel: 0x55631674
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18264, Zeitstempel: 0x56e1b34d
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0x708
Startzeit der fehlerhaften Anwendung: 0xfshoster32.exe0
Pfad der fehlerhaften Anwendung: fshoster32.exe1
Pfad des fehlerhaften Moduls: fshoster32.exe2
Berichtskennung: fshoster32.exe3
Vollständiger Name des fehlerhaften Pakets: fshoster32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: fshoster32.exe5
Error: (06/28/2016 05:39:56 PM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1 2016-06-28 17:39:56+02:00 HZMOPC HZMOPC\Heinz F-Secure Anti-Virus
Malicious code found in file C:\Windows\Temp\WAX2A47.tmp.
Infection: Gen:Trojan.Heur.FU.UuZ@a4dC5Hh
Error: (06/28/2016 05:39:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fshoster32.exe, Version: 1.6.214.0, Zeitstempel: 0x55631674
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18264, Zeitstempel: 0x56e1b34d
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x00015b68
ID des fehlerhaften Prozesses: 0x1d18
Startzeit der fehlerhaften Anwendung: 0xfshoster32.exe0
Pfad der fehlerhaften Anwendung: fshoster32.exe1
Pfad des fehlerhaften Moduls: fshoster32.exe2
Berichtskennung: fshoster32.exe3
Vollständiger Name des fehlerhaften Pakets: fshoster32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: fshoster32.exe5
Error: (06/28/2016 05:39:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: skydrive.exe, Version: 6.3.9600.17484, Zeitstempel: 0x545d76bd
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18233, Zeitstempel: 0x56bb4ebb
Ausnahmecode: 0xc000004b
Fehleroffset: 0x00000000000ecdd0
ID des fehlerhaften Prozesses: 0x1a78
Startzeit der fehlerhaften Anwendung: 0xskydrive.exe0
Pfad der fehlerhaften Anwendung: skydrive.exe1
Pfad des fehlerhaften Moduls: skydrive.exe2
Berichtskennung: skydrive.exe3
Vollständiger Name des fehlerhaften Pakets: skydrive.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: skydrive.exe5
Error: (06/28/2016 05:39:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 12.5.0.1066, Zeitstempel: 0x5147a50c
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x048c4c0d
ID des fehlerhaften Prozesses: 0xa64
Startzeit der fehlerhaften Anwendung: 0xIAStorDataMgrSvc.exe0
Pfad der fehlerhaften Anwendung: IAStorDataMgrSvc.exe1
Pfad des fehlerhaften Moduls: IAStorDataMgrSvc.exe2
Berichtskennung: IAStorDataMgrSvc.exe3
Vollständiger Name des fehlerhaften Pakets: IAStorDataMgrSvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IAStorDataMgrSvc.exe5
Systemfehler:
=============
Error: (06/29/2016 08:09:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "F-Secure Dll Hoster" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/29/2016 08:09:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/29/2016 08:08:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "F-Secure Dll Hoster" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/28/2016 05:49:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro, Version 1511, 10586
Error: (06/28/2016 05:40:23 PM) (Source: DCOM) (EventID: 10010) (User: HZMOPC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (06/28/2016 05:39:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "F-Secure Dll Hoster" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/28/2016 05:39:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/28/2016 05:39:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "F-Secure Dll Hoster" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/28/2016 05:34:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "F-Secure Dll Hoster" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (06/28/2016 05:34:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2016-06-29 08:12:32.853
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-29 08:10:31.609
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-29 08:09:39.569
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-29 08:08:43.334
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.
Date: 2016-06-29 08:08:37.161
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-28 17:49:02.936
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements.
Date: 2016-06-28 17:48:43.916
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-28 17:47:19.457
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-28 17:41:02.070
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-28 17:40:03.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Prozentuale Nutzung des RAM: 20%
Installierter physikalischer RAM: 16328.39 MB
Verfügbarer physikalischer RAM: 12957.86 MB
Summe virtueller Speicher: 18760.39 MB
Verfügbarer virtueller Speicher: 15422.36 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:232.78 GB) (Free:49.71 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (DATEN) (Fixed) (Total:1838.6 GB) (Free:749.12 GB) NTFS
Drive e: (INTENSO) (Fixed) (Total:1862.55 GB) (Free:1561.53 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 7683B724)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: FCB5DEFE)
Partition 1: (Not Active) - (Size=24.4 GB) - (Type=27)
Partition 2: (Not Active) - (Size=1838.6 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: 6D86302A)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=0C)
==================== Ende von Addition.txt ============================
|
FRST 32-Bit | FRST 64-Bit
Lesestoff:
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
AdwCleaner auf deinen Desktop.
