| StefanHAJ | 24.01.2016 13:17 |
Hallo Jürgen,
vorab schonmal vielen Dank für die Bereitschft, hier zu unterstützen.
Gruß,
Stefan Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
durchgeführt von Stefan (Administrator) auf STEFAN-PC (24-01-2016 13:00:42)
Gestartet von C:\Users\Stefan\Desktop
Geladene Profile: Stefan (Verfügbare Profile: Stefan & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
() C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(VMLite, Inc.) C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TomTom) D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synology Inc.) C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-ui.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ES Status Monitor\ptnmwnd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synology Inc.) C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-connect.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ES Status Monitor\esnetmon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Synology Inc.) C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-daemon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)
HKLM-x32\...\Run: [PTNMWND] => C:\Program Files (x86)\Brother\ES Status Monitor\ptnmwnd.exe [1003520 2012-04-05] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-2043235430-3670825711-4218813697-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2043235430-3670825711-4218813697-1001\...\Run: [TomTomHOME.exe] => D:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-2043235430-3670825711-4218813697-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2043235430-3670825711-4218813697-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-10-21] (Apple Inc.)
ShellIconOverlayIdentifiers: [ 01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\icon-overlay\15\x64\iconOverlay.dll [2016-01-23] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\icon-overlay\15\x64\iconOverlay.dll [2016-01-23] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\icon-overlay\15\x64\iconOverlay.dll [2016-01-23] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\icon-overlay\15\x64\iconOverlay.dll [2016-01-23] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\icon-overlay\15\x64\iconOverlay.dll [2016-01-23] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Stefan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Stefan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Stefan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Stefan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Stefan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Stefan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-19] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-01-25]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> D:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk [2016-01-24]
ShortcutTarget: Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc.)
CHR HKU\S-1-5-21-2043235430-3670825711-4218813697-1001\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
AutoConfigURL: [S-1-5-21-2043235430-3670825711-4218813697-1001] => hxxp://unstopp.me/wpad.dat?79656663e1df64f034a0788158b98a422780156
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ba94d6e0-978b-486a-82a4-e304ecace2f1}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{d2adf4d4-1c52-4046-8eb5-b151367aa24f}: [NameServer] 4.4.4.4,8.8.8.8
Tcpip\..\Interfaces\{d2adf4d4-1c52-4046-8eb5-b151367aa24f}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130950027599413243&GUID=E2CD772D-240A-4DFE-B631-C6E1F92C61F9
HKU\S-1-5-21-2043235430-3670825711-4218813697-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-2043235430-3670825711-4218813697-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-07] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-07] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-01-07] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-23] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-01-07] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-23] (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
Toolbar: HKU\S-1-5-21-2043235430-3670825711-4218813697-1001 -> Kein Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Keine Datei
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {960DC750-7447-4CDE-BF1C-FB33F9129654} hxxp://192.168.1.245:5000/webman/3rdparty/SurveillanceStation/object/SSObject3.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\dwkdr5vo.default-1453636026764
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-22] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-07] (Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2043235430-3670825711-4218813697-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Stefan\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2043235430-3670825711-4218813697-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Stefan\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2043235430-3670825711-4218813697-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Stefan\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [Keine Datei]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [336248 2012-02-02] (AVM Berlin)
R2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [99328 2014-11-25] () [Datei ist nicht signiert]
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143736 2011-10-31] (AVM Berlin)
R2 cjpcsc; C:\WINDOWS\SysWOW64\cjpcsc.exe [569344 2015-07-31] (REINER SCT)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2762936 2016-01-07] (Microsoft Corporation)
R2 Cloud Station Drive VSS Service x64; C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe [287200 2016-01-12] ()
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3736520 2015-01-29] (devolo AG)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-10-11] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2011-10-31] (AVM Berlin)
R2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [698176 2015-11-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R2 TomTomHOMEService; D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [93040 2015-07-13] (TomTom)
R2 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
S3 applebmt; C:\Windows\system32\DRIVERS\applebmt.sys [52736 2011-06-02] (Apple Inc.) [Datei ist nicht signiert]
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R3 Cap7146_DVB; C:\Windows\system32\DRIVERS\TTCinCap.sys [87104 2009-11-23] (TerraTec Electronic GmbH)
S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [36112 2015-03-23] (REINER SCT)
S3 fwlanusbn; C:\Windows\system32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH) [Datei ist nicht signiert]
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [41080 2016-01-23] ()
U5 LVRS64; C:\Windows\System32\Drivers\LVRS64.sys [327704 2009-10-07] (Logitech Inc.)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2013-03-04] (CACE Technologies)
S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
R3 PTDVB; C:\Windows\system32\DRIVERS\TTCinTun.sys [166976 2009-11-23] (TerraTec Electronic GmbH)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [47320 2013-07-29] (Realtek Microelectronics)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [Datei ist nicht signiert]
R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
S3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.)
S3 VBoxNetFlt; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2012-10-13] (Acronis)
R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
R3 vmlitestor; C:\Windows\System32\drivers\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
S3 VMLiteUSB; C:\Windows\System32\Drivers\VMLiteUSB.sys [150120 2010-08-11] (VMLite, Inc.)
R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 GEARAspiWDM; \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys [X]
U3 idsvc; kein ImagePath
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-01-24 13:00 - 2016-01-24 13:00 - 00022989 _____ C:\Users\Stefan\Desktop\FRST.txt
2016-01-24 11:14 - 2016-01-24 11:14 - 00894960 _____ C:\Users\Stefan\Downloads\Norton_Removal_Tool225017.exe
2016-01-24 11:04 - 2016-01-24 11:04 - 05436744 _____ (Apple Inc.) C:\Users\Stefan\Downloads\BonjourPSSetup.exe
2016-01-24 11:04 - 2016-01-24 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour-Druckdienste
2016-01-24 11:04 - 2016-01-24 11:04 - 00000000 ____D C:\Program Files\Bonjour Print Services
2016-01-24 11:04 - 2016-01-24 11:04 - 00000000 ____D C:\Program Files\Bonjour
2016-01-24 01:26 - 2016-01-24 01:26 - 00000000 ___HD C:\OneDriveTemp
2016-01-23 23:23 - 2016-01-23 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology
2016-01-23 23:22 - 2016-01-23 23:22 - 68608000 _____ C:\Users\Stefan\Downloads\Synology Cloud Station Drive-4.0-4120.msi
2016-01-23 22:52 - 2016-01-24 01:26 - 00000000 ____D C:\Users\Stefan\AppData\Local\CloudStation
2016-01-23 22:51 - 2016-01-23 22:51 - 00000000 ____D C:\Program Files (x86)\Synology
2016-01-23 22:07 - 2016-01-23 22:15 - 00278214 _____ C:\TDSSKiller.3.1.0.9_23.01.2016_22.07.54_log.txt
2016-01-23 22:00 - 2016-01-23 22:00 - 01505280 _____ C:\Users\Stefan\Desktop\AdwCleaner_5.030.exe
2016-01-23 21:50 - 2016-01-23 22:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-23 21:50 - 2016-01-23 21:50 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-23 21:49 - 2016-01-23 21:49 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Stefan\Downloads\mbar-1.09.3.1001.exe
2016-01-23 21:49 - 2016-01-23 21:49 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-23 21:33 - 2016-01-23 21:38 - 00279264 _____ C:\TDSSKiller.3.1.0.9_23.01.2016_21.33.11_log.txt
2016-01-23 21:32 - 2016-01-23 21:33 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Stefan\Downloads\tdsskiller.exe
2016-01-23 21:22 - 2016-01-23 21:23 - 00055130 _____ C:\Users\Stefan\Downloads\Addition.txt
2016-01-23 21:20 - 2016-01-24 13:00 - 02370560 _____ (Farbar) C:\Users\Stefan\Desktop\FRST64.exe
2016-01-23 21:20 - 2016-01-24 13:00 - 00000000 ____D C:\FRST
2016-01-23 21:20 - 2016-01-23 21:23 - 00046626 _____ C:\Users\Stefan\Downloads\FRST.txt
2016-01-23 21:07 - 2016-01-23 21:07 - 00001235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-23 21:07 - 2016-01-23 21:07 - 00001223 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-23 21:07 - 2016-01-23 21:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-23 21:06 - 2016-01-23 21:06 - 00248736 _____ C:\Users\Stefan\Downloads\Firefox Setup Stub 43.0.4.exe
2016-01-23 20:55 - 2016-01-23 20:55 - 00004380 _____ C:\WINDOWS\system32\.crusader
2016-01-23 20:50 - 2016-01-23 20:56 - 00041080 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-01-23 20:49 - 2016-01-23 20:55 - 00000000 ____D C:\ProgramData\HitmanPro
2016-01-23 20:49 - 2016-01-23 20:49 - 11323704 _____ (SurfRight B.V.) C:\Users\Stefan\Downloads\HitmanPro_x64.exe
2016-01-23 12:37 - 2016-01-23 12:37 - 02946424 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Stefan\Downloads\AVG_Protection_Free_698.exe
2016-01-22 21:16 - 2016-01-22 21:16 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Oracle
2016-01-22 21:04 - 2016-01-23 13:07 - 00000000 ____D C:\ProgramData\MFAData
2016-01-22 21:04 - 2016-01-22 21:04 - 00000000 ____D C:\Users\Stefan\AppData\Local\MFAData
2016-01-22 21:02 - 2016-01-23 13:07 - 00000000 ____D C:\ProgramData\Avg
2016-01-22 21:02 - 2016-01-23 13:07 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-22 21:01 - 2016-01-23 13:01 - 00000000 ____D C:\Users\Stefan\AppData\Local\AvgSetupLog
2016-01-22 21:01 - 2016-01-22 21:01 - 00000000 ____D C:\Users\Stefan\AppData\Local\Avg
2016-01-19 22:50 - 2016-01-19 22:50 - 04265821 _____ C:\Users\Stefan\Downloads\ET_airfixI.pdf
2016-01-19 21:55 - 2016-01-19 21:55 - 31243480 _____ (Adlice Software ) C:\Users\Stefan\Downloads\setup.exe
2016-01-19 21:37 - 2016-01-19 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
2016-01-19 21:36 - 2016-01-19 21:37 - 09369096 _____ C:\Users\Stefan\Downloads\SetupAnyDVD7110.exe
2016-01-17 12:06 - 2016-01-23 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-17 12:06 - 2016-01-23 11:52 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-01-17 12:05 - 2016-01-17 12:05 - 00584288 _____ (Oracle Corporation) C:\Users\Stefan\Downloads\JavaSetup8u66.exe
2016-01-17 11:25 - 2016-01-23 13:02 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-01-17 11:09 - 2016-01-23 13:07 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-01-17 11:09 - 2016-01-17 11:09 - 08205800 _____ (McAfee, Inc.) C:\Users\Stefan\Downloads\Setup_serial_oIgToSAZ9-_dej8wbchgaA2_key.exe
2016-01-17 11:03 - 2016-01-23 13:09 - 00000000 ____D C:\ProgramData\McAfee
2016-01-17 11:02 - 2016-01-17 11:03 - 08593144 _____ (McAfee, Inc.) C:\Users\Stefan\Downloads\SecurityScan_Release.exe
2016-01-17 10:31 - 2016-01-17 10:31 - 00017459 _____ C:\WINDOWS\system32\Drivers\etc\services
2016-01-16 16:13 - 2016-01-23 23:08 - 00000000 ____D C:\Users\Stefan\AppData\Local\CrashDumps
2016-01-16 09:59 - 2016-01-19 21:56 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-01-16 09:59 - 2016-01-16 10:49 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-16 01:38 - 2015-08-11 12:22 - 03067392 _____ C:\WINDOWS\system32\pwNative.exe
2016-01-16 01:38 - 2013-09-30 15:26 - 00019152 ____N C:\WINDOWS\system32\pwdrvio.sys
2016-01-16 01:38 - 2013-09-30 15:26 - 00012504 ____N C:\WINDOWS\system32\pwdspio.sys
2016-01-16 01:37 - 2016-01-16 01:37 - 32262960 _____ (MiniTool Solution Ltd. ) C:\Users\Stefan\Downloads\pwfree91.exe
2016-01-16 00:00 - 2016-01-16 00:00 - 00000000 ____D C:\Program Files (x86)\EaseUS
2016-01-10 17:36 - 2016-01-23 21:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-10 16:34 - 2015-12-19 19:34 - 00002230 _____ C:\Users\Stefan\Desktop\StarMoney 10.lnk
2016-01-03 17:27 - 2016-01-03 17:27 - 00008923 _____ C:\Users\Stefan\AppData\Local\recently-used.xbel
2016-01-02 18:55 - 2016-01-02 18:55 - 00000000 ____D C:\Users\Stefan\Downloads\SARDU_3
2016-01-02 13:57 - 2016-01-02 14:15 - 00000000 ____D C:\Users\Stefan\Downloads\Anker
2016-01-02 13:45 - 2016-01-02 13:45 - 00105327 _____ C:\Users\Stefan\Documents\Wohnungsprotokoll.pdf
2016-01-01 19:02 - 2016-01-01 19:02 - 01599336 _____ (Malwarebytes) C:\Users\Stefan\Downloads\JRT.exe
2016-01-01 11:41 - 2016-01-01 11:41 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\No Company Name
2016-01-01 11:40 - 2016-01-01 11:40 - 00001622 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2015-12-29 13:00 - 2015-12-29 13:00 - 01709792 _____ (Disc Soft Ltd.) C:\Users\Stefan\Downloads\DTLiteInstaller.exe
2015-12-29 11:22 - 2015-12-29 11:22 - 00017804 _____ C:\Users\Stefan\Downloads\turbo_87284.zip
2015-12-29 08:11 - 2015-12-29 08:11 - 00002860 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-12-29 08:11 - 2015-12-29 08:11 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-29 08:11 - 2015-12-29 08:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-29 08:10 - 2015-12-29 08:11 - 00000000 ____D C:\Program Files\CCleaner
2015-12-29 08:09 - 2015-12-29 08:10 - 04532776 _____ (Piriform Ltd) C:\Users\Stefan\Downloads\dfsetup219.exe
2015-12-27 14:12 - 2015-12-27 14:14 - 2573336576 _____ C:\Users\Stefan\Downloads\Windows10_1511_32bit.iso
2015-12-27 13:48 - 2015-12-27 13:48 - 00000000 ___HD C:\$Windows.~WS
2015-12-27 13:47 - 2015-12-27 13:48 - 18446336 _____ (Microsoft Corporation) C:\Users\Stefan\Downloads\MediaCreationTool.exe
2015-12-27 00:53 - 2015-12-27 00:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-12-26 23:54 - 2015-12-29 12:52 - 00000000 ____D C:\Program Files (x86)\Avira
2015-12-26 23:53 - 2015-12-26 23:54 - 04638208 _____ (Avira Operations GmbH & Co. KG) C:\Users\Stefan\Downloads\avira_de_av_567f196d40569__ws.exe
2015-12-26 23:38 - 2015-12-26 23:40 - 27005440 _____ (pdfforge GmbH) C:\Users\Stefan\Downloads\PDFCreator-2_2_2-setup.exe
2015-12-26 16:56 - 2015-12-26 16:56 - 00000000 ____D C:\Users\Stefan\AppData\Local\IoTCoreImageHelper
2015-12-26 01:41 - 2015-12-26 01:41 - 00248872 _____ C:\Users\Stefan\Downloads\Firefox Setup Stub 43.0.2 (1).exe
2015-12-25 01:51 - 2015-12-25 01:51 - 00248872 _____ C:\Users\Stefan\Downloads\Firefox Setup Stub 43.0.2.exe
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-01-24 12:58 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-24 12:58 - 2015-10-30 07:28 - 00000000 ____D C:\Windows
2016-01-24 12:56 - 2012-10-14 09:51 - 00000000 ____D C:\Users\Stefan\Documents\Steuer-Sparbuch
2016-01-24 12:44 - 2014-12-14 16:06 - 00000000 ___RD C:\Users\Stefan\OneDrive
2016-01-24 11:26 - 2015-12-19 09:10 - 02086168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-24 11:26 - 2015-10-30 19:35 - 00888008 _____ C:\WINDOWS\system32\perfh007.dat
2016-01-24 11:26 - 2015-10-30 19:35 - 00197092 _____ C:\WINDOWS\system32\perfc007.dat
2016-01-24 11:19 - 2015-12-19 09:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-24 11:19 - 2015-10-30 07:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-01-24 11:09 - 2012-10-13 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2016-01-24 11:09 - 2012-10-11 16:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-24 11:08 - 2015-12-19 09:12 - 00000000 ____D C:\Users\Stefan
2016-01-24 11:08 - 2012-10-14 15:28 - 00000000 ____D C:\ProgramData\LogiShrd
2016-01-24 11:08 - 2012-10-14 15:26 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-01-24 11:08 - 2012-10-11 16:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-24 11:04 - 2012-10-11 16:54 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-01-24 01:27 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\registration
2016-01-24 01:26 - 2013-10-23 18:35 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{30FAC3B2-1757-4F21-ABB0-6D6E4EC59BC2}
2016-01-23 23:24 - 2013-01-05 17:37 - 00000000 ___RD C:\Users\Stefan\CloudStation
2016-01-23 22:56 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-23 22:56 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-23 22:56 - 2012-10-27 09:53 - 00000000 ____D C:\Users\Stefan\AppData\Local\Packages
2016-01-23 22:55 - 2014-01-04 17:39 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-01-23 22:49 - 2015-12-24 14:40 - 00001064 _____ C:\WINDOWS\SysWOW64\LORInstallLog.txt
2016-01-23 22:04 - 2015-12-20 13:21 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-01-23 22:04 - 2014-05-13 18:30 - 00000000 ____D C:\AdwCleaner
2016-01-23 22:04 - 2014-03-11 17:35 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-01-23 21:45 - 2015-12-20 12:40 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-23 20:47 - 2015-11-22 18:20 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-23 20:46 - 2012-10-11 18:13 - 00000000 ____D C:\ProgramData\Skype
2016-01-23 13:04 - 2012-11-13 22:48 - 00000000 ____D C:\ProgramData\FreePDF
2016-01-23 13:04 - 2012-10-12 06:32 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP
2016-01-23 13:04 - 2012-10-12 06:31 - 00000000 ____D C:\Program Files\gs
2016-01-23 13:03 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-23 13:03 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-23 12:56 - 2012-10-27 08:49 - 00000000 ____D C:\Users\Stefan\AppData\Local\FreePDF_XP
2016-01-23 12:14 - 2013-11-02 11:43 - 00000000 ____D C:\ProgramData\Oracle
2016-01-23 11:55 - 2012-10-11 16:39 - 00000000 ____D C:\Users\Stefan\AppData\Local\Adobe
2016-01-23 11:54 - 2014-11-01 11:56 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-23 11:53 - 2015-11-08 16:11 - 00000000 ____D C:\Users\Stefan\.oracle_jre_usage
2016-01-23 11:47 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-23 11:46 - 2015-12-19 19:32 - 00000000 ____D C:\Program Files (x86)\StarMoney 10
2016-01-23 11:46 - 2014-01-05 15:11 - 00000000 ____D C:\Program Files (x86)\StarMoney 9.0
2016-01-23 11:45 - 2015-12-19 09:12 - 00000000 ____D C:\Users\DefaultAppPool
2016-01-22 21:06 - 2013-11-17 13:41 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\TuneUp Software
2016-01-17 15:08 - 2015-12-19 09:09 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2016-01-17 14:59 - 2014-03-09 13:22 - 00000000 ____D C:\Users\Stefan\VMLites
2016-01-17 14:29 - 2013-07-18 12:30 - 00000000 ____D C:\Program Files (x86)\WinHex
2016-01-17 14:25 - 2014-07-27 08:02 - 00000000 ____D C:\Program Files\Tracker Software
2016-01-17 14:17 - 2012-10-11 16:39 - 00000000 ____D C:\Users\Stefan\AppData\LocalLow\Adobe
2016-01-17 14:16 - 2015-07-18 07:04 - 00000000 ____D C:\ProgramData\VMware
2016-01-17 14:14 - 2015-07-18 07:11 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\VMware
2016-01-17 14:14 - 2015-07-18 07:11 - 00000000 ____D C:\Users\Stefan\AppData\Local\VMware
2016-01-17 13:58 - 2015-12-19 10:32 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\com.aspexsoftware.Silhouette_Studio
2016-01-17 12:24 - 2015-12-19 10:32 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-17 10:35 - 2015-11-08 13:07 - 00000000 ___RD C:\Users\Stefan\iCloudDrive
2016-01-16 10:48 - 2014-03-09 13:34 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMLite Workstation
2016-01-15 23:41 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-15 23:40 - 2013-05-26 23:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-12 22:38 - 2012-10-11 14:29 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Adobe
2016-01-12 22:24 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-01-09 17:36 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-09 17:05 - 2013-12-29 11:48 - 00000000 ____D C:\Program Files (x86)\StarMoney 8.0
2016-01-03 21:32 - 2015-01-10 21:18 - 00000000 ____D C:\Users\Stefan\Documents\Eigene Etiketten
2016-01-03 17:27 - 2012-10-11 16:46 - 00000000 ____D C:\Users\Stefan\.gimp-2.8
2016-01-03 02:40 - 2015-10-30 08:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-03 02:40 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 16:05 - 2013-10-19 14:31 - 00000000 ___DO C:\Users\Stefan\SkyDrive
2016-01-02 16:03 - 2014-12-14 17:24 - 00000000 ____D C:\Users\Stefan\AppData\Local\Windows Live
2016-01-02 01:08 - 2015-08-01 14:41 - 00000000 ____D C:\Users\Stefan\Desktop\Desktop Win8
2016-01-01 11:44 - 2013-12-21 14:43 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-12-29 10:30 - 2015-12-19 12:24 - 00000000 ____D C:\Users\Stefan\Documents\Silhouette
2015-12-29 09:06 - 2015-12-19 09:07 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-29 09:06 - 2014-12-14 17:25 - 00000000 ____D C:\Users\Stefan\Tracing
2015-12-29 09:06 - 2014-03-11 17:35 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\TeamViewer
2015-12-29 09:06 - 2013-06-23 10:18 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\DAEMON Tools Lite
2015-12-29 07:50 - 2015-01-04 14:03 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-28 18:50 - 2014-08-31 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-12-28 18:49 - 2012-10-12 09:20 - 00000000 ____D C:\Users\Stefan\AppData\Local\Downloaded Installations
2015-12-27 00:55 - 2015-01-10 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother P-touch
2015-12-27 00:53 - 2014-04-23 17:13 - 00000000 ____D C:\Program Files (x86)\Brother
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-08-05 20:48 - 2013-08-05 20:48 - 0000268 ___RH () C:\Users\Stefan\AppData\Roaming\Classical
2013-08-05 20:48 - 2013-08-05 20:48 - 0000268 ___RH () C:\Users\Stefan\AppData\Roaming\Clean Electric Guitar
2013-08-05 20:48 - 2013-08-05 20:48 - 0000268 ___RH () C:\Users\Stefan\AppData\Roaming\Clips
2013-08-05 20:47 - 2013-08-05 20:47 - 0000268 ___RH () C:\Users\Stefan\AppData\Roaming\Conditionals
2014-01-15 23:04 - 2014-01-26 00:05 - 0000042 _____ () C:\Users\Stefan\AppData\Roaming\WB.CFG
2015-02-08 23:14 - 2015-02-08 23:14 - 0001921 _____ () C:\Users\Stefan\AppData\Local\2F39F931887F4498A7EECC96275D714A.Layout2.lbx
2015-01-18 23:14 - 2015-01-18 23:14 - 0002078 _____ () C:\Users\Stefan\AppData\Local\4848FBE4CC4A46aa9B5A17E2E13D9540.Steuer 2014.lbx
2014-02-22 17:10 - 2014-02-22 17:10 - 0001456 _____ () C:\Users\Stefan\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2016-01-03 17:27 - 2016-01-03 17:27 - 0008923 _____ () C:\Users\Stefan\AppData\Local\recently-used.xbel
2013-07-14 14:03 - 2013-07-14 14:03 - 0007606 _____ () C:\Users\Stefan\AppData\Local\Resmon.ResmonCfg
2012-10-11 18:00 - 2012-10-11 18:00 - 0000040 ___SH () C:\ProgramData\.zreglib
2013-08-05 20:48 - 2013-08-05 20:48 - 0000268 ___RH () C:\ProgramData\Colors
2013-08-05 20:48 - 2013-08-05 20:48 - 0000268 ___RH () C:\ProgramData\ColorSync
2013-08-05 20:48 - 2013-08-05 20:48 - 0000268 ___RH () C:\ProgramData\ColorTable
2013-08-05 20:47 - 2013-08-05 20:47 - 0000268 ___RH () C:\ProgramData\Contextual Menu Items
2015-01-04 20:32 - 2015-01-04 20:32 - 0000138 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-05-26 19:51 - 2013-05-26 19:51 - 0000138 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2013-08-05 20:47 - 2013-08-05 20:47 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2013-08-05 20:48 - 2013-08-05 20:48 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2013-08-05 20:48 - 2014-03-14 20:34 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2013-08-05 20:48 - 2013-08-05 20:48 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
Einige Dateien in TEMP:
====================
C:\Users\Stefan\AppData\Local\Temp\0021121453026244mcinst.exe
C:\Users\Stefan\AppData\Local\Temp\avguirn_081425564217.exe
C:\Users\Stefan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Stefan\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Stefan\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Stefan\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Stefan\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-01-23 15:39
==================== Ende von FRST.txt ============================
Und die Addition.txt: Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-01-2016
durchgeführt von Stefan (2016-01-24 13:01:20)
Gestartet von C:\Users\Stefan\Desktop
Windows 10 Pro (X64) (2015-12-19 08:29:09)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2043235430-3670825711-4218813697-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2043235430-3670825711-4218813697-503 - Limited - Disabled)
Gast (S-1-5-21-2043235430-3670825711-4218813697-501 - Limited - Disabled)
Stefan (S-1-5-21-2043235430-3670825711-4218813697-1001 - Administrator - Enabled) => C:\Users\Stefan
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.1.0.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 12 (HKLM\...\PremElem120) (Version: 12.1.0.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 12 (Version: 12.0 - Adobe Systems Incorporated) Hidden
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Apple Application Support (64-Bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AusweisApp2 (HKLM-x32\...\{1C785E05-CFC7-43BE-9A52-9FB39C180CB8}) (Version: 1.2.2 - Governikus GmbH & Co. KG)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
BRAdmin Professional 3 (HKLM-x32\...\{75C885D4-C758-4896-A3B4-90DA34B44C31}) (Version: 3.57.0004 - Brother)
Brother Printer Setting Tool (HKLM-x32\...\{8DA2E2DC-C572-4F87-89FC-833DB588CC7B}) (Version: 1.5.0020 - Brother Industries, Ltd.)
Brother P-touch Editor 5.1 (HKLM-x32\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0500 - Brother Industries, Ltd.)
Brother P-touch Update Software (HKLM-x32\...\{2CD781D5-774F-4574-8671-5957AF4F159D}) (Version: 1.0.0090 - Brother Industries, Ltd.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - )
Cinergy 1200 DVB-C V4.08.03.18 (HKLM-x32\...\Cinergy 1200 DVB-C) (Version: 4.08.03.18 - )
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 7.2.5 - REINER SCT)
devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.3.0.0 - devolo AG)
Elements 12 Organizer (x32 Version: 12.0 - Ihr Firmenname) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ES Status Monitor (x32 Version: 1.03.0005 - Brother Industries, ltd.) Hidden
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FRITZ!Fernzugang (HKLM\...\{5001E5BC-C9BF-4598-AB89-E7318C76C5F4}) (Version: 1.2.6 - AVM Berlin)
Gigaset QuickSync (HKLM\...\{b49e8cfb-f094-4467-925a-97c23972cb50}) (Version: 8.3.0868.3 - Gigaset Communications GmbH)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.6366.2056 - Microsoft Corporation)
Microsoft SOAP Toolkit 3.0 (HKLM-x32\...\{BCB4C18A-ACA6-4383-8688-E19933A705DD}) (Version: 3.0.1325.4 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 de)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4 - Mozilla)
NETGEAR Powerline Utility (HKLM-x32\...\InstallShield_{2753B568-6F85-4E31-A114-A7F8D8606DDD}) (Version: 3.1.0.4 - NETGEAR Powerline)
NETGEAR Powerline Utility (x32 Version: 3.1.0.4 - NETGEAR Powerline) Hidden
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.7.0 - Nikon)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-2043235430-3670825711-4218813697-1001\...\CopyTrans Suite) (Version: 2.36 - WindSolutions)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1019 - Microsoft Corporation) Hidden
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PRE12 STI 64Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.21.00(03.02.2014) - Samsung Electronics Co., Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Silhouette Studio (HKLM-x32\...\{D730B479-9A4C-492F-B518-BFC9186B3618}) (Version: 3.6.057 - Silhouette America)
StarMoney (x32 Version: 3.0.5.8 - StarFinanz) Hidden
StarMoney (x32 Version: 3.0.6.40 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.2.34 - StarFinanz) Hidden
StarMoney (x32 Version: 5.0.1.83 - StarFinanz) Hidden
StarMoney 10 (HKLM-x32\...\{2481A548-6E0E-48ED-B1FE-0B1BBC0E62AE}) (Version: 10 - Star Finanz GmbH)
StarMoney 8.0 (HKLM-x32\...\{1B6A34E1-2ACA-46D6-AE81-91AE857DB4AF}) (Version: 8.0 - Star Finanz GmbH)
StarMoney 9.0 (HKLM-x32\...\{66C85AF8-7319-4E76-9169-EFA9E71FFADE}) (Version: 9.0 - Star Finanz GmbH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synology Cloud Station Drive (HKLM-x32\...\{57801CDF-07C9-4533-AE5F-360A9D5208DC}) (Version: 4.0.4120 - Synology)
System Power Shortcuts (HKLM-x32\...\{A549558F-F4D4-4007-998E-05A7D8577D4F}) (Version: 1.1.1029 - CAPPLOUD)
TAPI Services for FRITZ!Box (HKLM\...\{8505C641-422E-4E3C-B6B0-0F070E289FDD}) (Version: 1.0.6 - AVM Berlin)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname)
VideoLAN VLC media player 0.8.6b (HKLM-x32\...\VLC media player) (Version: 0.8.6b - VideoLAN Team)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.7.6 - Nikon)
VMLite Workstation (HKLM\...\{197F2BEF-2705-406E-8CEB-8E404FFFE414}) (Version: 3.2.6 - VMLite)
Warner Bros. Digital Copy Manager (HKLM-x32\...\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1) (Version: 1.70 - Warner Bros. Entertainment Inc.)
Warner Bros. Digital Copy Manager (x32 Version: 1.70 - Warner Bros. Entertainment Inc.) Hidden
Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2012 (HKLM-x32\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.00.7303 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{B9EA7770-EFD5-47D1-9F33-AC72F04AE284}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{595BC736-D194-42B7-9FFF-F84EE28A469C}) (Version: 22.00.8811 - Buhl Data Service GmbH)
XAV5001 Firmware Upgrade Tool (HKLM-x32\...\InstallShield_{42EDB969-3CE5-4E38-843B-A318824A737F}) (Version: 2.0.0.2 - NETGEAR Powerline)
XAV5001 Firmware Upgrade Tool (x32 Version: 2.0.0.2 - NETGEAR Powerline) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2043235430-3670825711-4218813697-1001_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\icon-overlay\15\x64\ContextMenu.dll ()
CustomCLSID: HKU\S-1-5-21-2043235430-3670825711-4218813697-1001_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\icon-overlay\15\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-2043235430-3670825711-4218813697-1001_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\icon-overlay\15\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-2043235430-3670825711-4218813697-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Stefan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2043235430-3670825711-4218813697-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Stefan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2043235430-3670825711-4218813697-1001_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\icon-overlay\15\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-2043235430-3670825711-4218813697-1001_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\icon-overlay\15\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-2043235430-3670825711-4218813697-1001_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\icon-overlay\15\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-2043235430-3670825711-4218813697-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Stefan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {04BA98F7-B074-440B-974E-12B676DCF4AA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-01-08] (Microsoft Corporation)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {1A438826-8381-44D6-A6B9-8F489490F86D} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {1BE75B25-9E44-4F82-95D6-D79F60FF3247} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {1DE85612-34FA-429A-9D31-5CDBC2650323} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {1F1AA6AD-284D-4635-8260-7B28BDB17831} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {28AF8722-4067-428D-8BE0-E65205185B0B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {2915F788-7A2F-4E1C-9C39-2BA2EE39500D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {30BC8F07-027E-469B-8562-7053A3C42614} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {321BC64F-22B4-4376-A69F-320A591125C3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {327E1891-560D-4937-AB83-D9C0D74B7563} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {3EEB8463-7733-4D40-8E4F-CBABDC0ACE94} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {44E5FC0B-7C72-45E2-9C56-43CC558E11E3} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {4D6B5FDF-6F9C-45FB-BE62-B21D7B9CAA18} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {527B5428-05E5-403D-B2D7-755ED2A1DEFB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {540D4B73-07E5-48DC-8F79-7B33E7371EA9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {5499FFD0-826B-4096-8C27-30A24297365B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {5ABCF088-13F6-47DB-9416-1D79B88C9CD4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {617F0032-DFBA-4344-B0B4-289AE41BD4F7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {632484DB-1288-42DB-B76E-83BEC2218227} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {6997A8D4-9E27-4B70-8307-59AA978B802F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {70F31CE2-B841-4129-99F4-B4823E566B60} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {7C94D902-6042-4C63-9E48-BB6585BFA4E8} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {7FFB4346-F6CE-46BD-B04C-70751983D698} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {81AA9449-0338-4196-AB82-C8EB4802916D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {8BE8EF36-7199-419C-90CD-152C061EE818} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {8E6552C0-1141-45A4-8D28-92FC52F385F1} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9AE661AD-32D1-4A04-99D0-D58B7CDB48F3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {A25A0468-4D23-4EB4-B042-7D7ABBD9E3B0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {BDE0BCEC-9EC7-411F-8D2F-E465F7F3C026} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {BEE9CE76-88FB-41FB-B94E-36A4B7A35958} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {D011EE65-FA49-449E-B614-7ADF6B17810C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {D2C9CB26-F04A-48CF-8B68-7CA56D861853} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {D5EAEB49-5195-4869-99F4-B092EA0AA9C9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {DB79CEC2-91BD-4E0F-841D-A0A9FBE054AB} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {E518C07C-FA41-4267-BD27-7BCE1EE2293D} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E5EC49CE-9A54-453D-A8E0-14563757D2D8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-07] (Microsoft Corporation)
Task: {EFBE991D-2AB8-42F8-BA1D-C936AD834C64} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {F1DE7100-4F20-4CDA-BB74-B6DA223889AB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-07] (Microsoft Corporation)
Task: {FABBEB4E-6065-4957-8BFD-1BA469C1CCA8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {FBB521E7-901C-47C9-8BAA-41F60FA6E4CC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-01-08] (Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-10-30 08:17 - 2015-10-30 08:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2012-12-30 15:46 - 2006-02-23 11:35 - 00020480 _____ () C:\WINDOWS\System32\FritzColorPort64.dll
2012-12-30 15:46 - 2006-02-22 10:39 - 00020480 _____ () C:\WINDOWS\System32\FritzPort64.dll
2012-10-12 06:32 - 2010-06-17 20:56 - 00087040 _____ () C:\WINDOWS\System32\redmonnt.dll
2009-10-26 03:57 - 2009-10-26 03:57 - 00022016 _____ () C:\WINDOWS\System32\ssw1ml6.dll
2015-05-08 21:40 - 2015-07-07 10:48 - 00020240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-10 10:24 - 2014-11-25 13:19 - 00099328 ____N () C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
2016-01-12 10:32 - 2016-01-12 10:32 - 00287200 _____ () C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
2015-11-01 14:34 - 2016-01-07 06:13 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2010-08-11 14:18 - 2010-08-11 14:18 - 00202344 _____ () C:\Program Files\VMLite\VMLite Workstation\VBoxDDU.dll
2010-08-11 14:18 - 2010-08-11 14:18 - 02725480 _____ () C:\Program Files\VMLite\VMLite Workstation\VBoxRT.dll
2009-03-26 22:03 - 2009-03-26 22:03 - 01289728 _____ () C:\Program Files\VMLite\VMLite Workstation\LIBEAY32.dll
2015-12-19 09:01 - 2015-12-19 09:01 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-22 18:59 - 2016-01-22 18:59 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-19 09:01 - 2015-12-19 09:01 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-23 23:23 - 2016-01-23 23:23 - 01249280 _____ () C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\icon-overlay\15\x64\ContextMenu.dll
2015-12-19 14:11 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-19 14:11 - 2015-12-07 05:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-19 14:11 - 2015-12-07 04:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-19 14:11 - 2015-12-07 04:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-19 14:11 - 2015-12-07 04:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-19 14:11 - 2015-12-07 04:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-12-29 11:48 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 8.0\ouservice\PATCHW32.dll
2015-12-19 19:38 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 10\ouservice\PATCHW32.dll
2014-08-06 08:43 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2016-01-22 18:59 - 2016-01-22 18:59 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 18:59 - 2016-01-22 18:59 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-01-23 23:23 - 2016-01-23 23:23 - 00123918 _____ () C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\bin\libgcc_s_dw2-1.dll
2016-01-23 23:23 - 2016-01-23 23:23 - 01026062 _____ () C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\bin\libstdc++-6.dll
2016-01-23 23:23 - 2016-01-23 23:23 - 00524460 _____ () C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\bin\libcurl-4.dll
2016-01-23 23:23 - 2016-01-23 23:23 - 02949660 _____ () C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\bin\libsqlite3-0.dll
2016-01-23 23:23 - 2016-01-23 23:23 - 01798570 _____ () C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\bin\icuuc53.dll
2016-01-23 23:23 - 2016-01-23 23:23 - 00115214 _____ () C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\bin\zlib1.dll
2016-01-23 23:23 - 2016-01-23 23:23 - 03095505 _____ () C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\bin\icuin53.dll
2016-01-23 23:23 - 2016-01-23 23:23 - 21565192 _____ () C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\bin\icudt53.dll
2016-01-23 23:23 - 2016-01-23 23:23 - 00712704 _____ () C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\bin\platforms\qwindows.dll
2016-01-23 23:23 - 2016-01-23 23:23 - 00031744 _____ () C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qgif.dll
2016-01-23 23:23 - 2016-01-23 23:23 - 00046080 _____ () C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qicns.dll
2016-01-23 23:23 - 2016-01-23 23:23 - 00032768 _____ () C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qico.dll
2016-01-23 23:23 - 2016-01-23 23:23 - 00516608 _____ () C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjp2.dll
2016-01-23 23:23 - 2016-01-23 23:23 - 00243200 _____ () C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjpeg.dll
2016-01-23 23:23 - 2016-01-23 23:23 - 00431616 _____ () C:\Users\Stefan\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qtiff.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-2043235430-3670825711-4218813697-1001\...\127.0.0.1 -> hxxp://127.0.0.1
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2012-07-26 06:26 - 2016-01-23 13:09 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2043235430-3670825711-4218813697-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 4.4.4.4 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Stefan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung SSD Magician.lnk => C:\windows\pss\Samsung SSD Magician.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: Norton Ghost 15.0 => "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
HKLM\...\StartupApproved\StartupFolder: => "WindowsIoTCoreWatcher.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "CDAServer"
HKLM\...\StartupApproved\Run32: => "Adobe_ID0EYTHM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "Nikon Message Center 2"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKU\S-1-5-21-2043235430-3670825711-4218813697-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2043235430-3670825711-4218813697-1001\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-2043235430-3670825711-4218813697-1001\...\StartupApproved\Run: => "AmazonMP3DownloaderHelper"
HKU\S-1-5-21-2043235430-3670825711-4218813697-1001\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-2043235430-3670825711-4218813697-1001\...\StartupApproved\Run: => "BoBrowser"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [TCP Query User{DB5EEC1A-95A0-424D-912D-8E83C9DF3546}C:\users\stefan\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-ui.exe] => (Allow) C:\users\stefan\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-ui.exe
FirewallRules: [UDP Query User{D953C742-F29A-4B5A-B01E-6594C3D69B92}C:\users\stefan\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-ui.exe] => (Allow) C:\users\stefan\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-ui.exe
FirewallRules: [{A0CD1A97-5C0D-4952-8942-A4A415D151B3}] => (Allow) C:\Windows\System32\mstsc.exe
FirewallRules: [{854F7FFC-3176-4ADD-96D4-A23DA3B7EE83}] => (Allow) C:\Windows\System32\mstsc.exe
FirewallRules: [{FFDAF7C5-E8E5-47C7-8E27-457966EDD22C}] => (Allow) C:\Windows\System32\mstsc.exe
FirewallRules: [{F5C2ABFD-1827-4A90-A64A-9356C08F6C57}] => (Allow) C:\Windows\System32\mstsc.exe
==================== Wiederherstellungspunkte =========================
23-01-2016 22:45:14 Removed 7-Zip 9.20 (x64 edition)
24-01-2016 10:58:46 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Systemfehler:
=============
CodeIntegrity:
===================================
Date: 2016-01-24 11:15:32.029
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-23 17:54:38.755
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2016-01-23 12:46:13.520
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-23 12:46:13.438
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-23 12:40:33.272
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-23 12:40:33.204
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-23 12:40:32.730
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-23 12:40:32.656
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-23 12:40:32.124
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-01-23 12:40:32.056
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+
Prozentuale Nutzung des RAM: 42%
Installierter physikalischer RAM: 4094.49 MB
Verfügbarer physikalischer RAM: 2370.34 MB
Summe virtueller Speicher: 8190.49 MB
Verfügbarer virtueller Speicher: 6376.95 MB
==================== Laufwerke ================================
Drive c: (SSD) (Fixed) (Total:232.45 GB) (Free:66.01 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (Daten) (Fixed) (Total:2794.52 GB) (Free:1410.74 GB) NTFS
Drive s: () (Network) (Total:2746.08 GB) (Free:2286 GB)
Drive x: () (Network) (Total:2746.08 GB) (Free:2286 GB)
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C4011611)
Partition 1: (Active) - (Size=232.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 2794.5 GB) (Disk ID: 30CEB438)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
Hinweis:
FRST 32-Bit | FRST 64-Bit