Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 18.04.2016, 09:04   #1
goro11
 
Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\" - Beitrag

Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\"



Hallo liebe Gemeinde. Ich habe (zum Glück) lange kein neues Thema mehr erstellt. Doch von Zeit zur Zeit brauche ich eure Hilfe

Ich benutze das Avira Professional und habe die Erfahrung gemacht, dass durch ein zusätzliches Installieren von AdAware als "2nd line of defense" (dabei wird der Echtzeitscanner von AdAware abgeschaltet, um keine Konflikte mit Avira zu bekommen) doch noch ein paar Viren/Trojaner auf dem PC gefunden werden. Diese befinden sich vorallem im C:\Windows\Temp ordner. Manchmal ist es auch so, dass nachdem ich den Inhalt des Temp-Ordners lösche, wird dort nach einem Neustart eine neue Datei erstellt/abgelegt, die weiterhin einen Trojaner enthält. Mit mehreren Suchläufen habe ich versucht mich dieser zu entledigen.

An dieser Stelle eine Frage: gibt es ein Programm, dass einen Ordner überwacht und die Zugriffe darauf aufzeichnet? Sodass man sehen kann, welche Dienste oder Programme bestimmte Dateien unter Temp erstellen.

Was ich an der Zusammenarbeit von Avira und Adaware interessant finde: Wenn ich den Scan durch AdAware durchführen lasse, meldet sich Avira bei Fund (ich nehme an, dass AdAware bei der Suche bestimmte Pfade aufruft und der Echtzeitscanner dann Alarm schlägt). Nach dem Scan jedoch enthält der Bericht von Avira keine Viren/Trojaner, dessen Ereignisliste ist jedoch voll von Funden. Der Bericht von AdAware enthält ebenfalls Funde.

Nach dem langen Text nun meine Bitte: kann sich jemand von den Experten meine Logs anschauen und mit mir gemeinsam sicherstellen, dass möglichst wenig Schadsoftware auf dem PC befindet?

LOGs:

Adaware:
Code:
ATTFilter
<?xml version="1.0"?>
<Summary>
	<ScanInfo ScanMode="Manual" ScanType="Full" StartTime="20160417T132035.318465" EndTime="20160417T203036.318465" />
	<InfectedObjects>
		<InfectedObject ObjectType="File" ObjectPath="\\?\C:\ProgramData\Avira\AntiVir Desktop\INFECTED\483afc24.qua" ParentContainers="" InnerObject="" ObjectStatus="Moved" ThreatType="App" ThreatName="Application.Downloader.YM" />
		<InfectedObject ObjectType="File" ObjectPath="\\?\C:\ProgramData\Avira\AntiVir Desktop\INFECTED\50d1d3f5.qua" ParentContainers="" InnerObject="" ObjectStatus="Moved" ThreatType="App" ThreatName="Application.Downloader.YM" />
		<InfectedObject ObjectType="File" ObjectPath="\\?\C:\Users\Sascha\Downloads\crk.zip" ParentContainers="" InnerObject="" ObjectStatus="Moved" ThreatType="Virus" ThreatName="Trojan.Generic.8426274" />
		<InfectedObject ObjectType="File" ObjectPath="\\?\E:\cm-11-20140804-SNAPSHOT-M9-i9300.zip" ParentContainers="" InnerObject="" ObjectStatus="Moved" ThreatType="Virus" ThreatName="Android.Riskware.SMSSend.gRUN" />
		<InfectedObject ObjectType="File" ObjectPath="\\?\E:\Heli Handy\ZTE\root dir\TitaniumBackup_full\com.android.google.sync-0fb6555e61305c98958a43e8ae1fd371.apk.gz" ParentContainers="" InnerObject="" ObjectStatus="Moved" ThreatType="Virus" ThreatName="Android.Trojan.Agent.AM" />
		<InfectedObject ObjectType="File" ObjectPath="\\?\E:\Heli Handy\ZTE\root dir\TitaniumBackup_full\com.twiter.android-94cb1fa88a18b10b0ffabd194cc71d71.apk.gz" ParentContainers="" InnerObject="" ObjectStatus="Moved" ThreatType="Virus" ThreatName="Android.Trojan.Fjcon.D" />
		<InfectedObject ObjectType="File" ObjectPath="\\?\E:\Heli Handy\ZTE\root dir\TWRP\BACKUPS\MSM8226\2014-12-08--15-10-02 X9180_CNCommon_V9.06\system.ext4.win" ParentContainers="" InnerObject="" ObjectStatus="Moved" ThreatType="Virus" ThreatName="Android.Trojan.Fjcon.D" />
	</InfectedObjects>
</Summary>
         
Avira:

Code:
ATTFilter
Exportierte Ereignisse:

17.04.2016 22:39 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/Agent.LY.Gen [virus]'
      in Datei 
      'C:\Windows\Temp\302394c1-6061-4bb3-870b-485bfdf38f50\tmp00007b61\tmp0038d87e 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 22:36 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/Agent.LY.Gen [virus]'
      in Datei 
      'C:\Windows\Temp\302394c1-6061-4bb3-870b-485bfdf38f50\tmp00007b61\tmp0033fcbd 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 22:35 [Echtzeit-Scanner] Malware gefunden
      Muster 'PUA/DownloadSponsor.Gen [riskware]'
      in Datei 
      'C:\Windows\Temp\302394c1-6061-4bb3-870b-485bfdf38f50\tmp00007b61\tmp0032daa7 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 22:35 [Echtzeit-Scanner] Malware gefunden
      Muster 'PUA/DownloadSponsor.Gen [riskware]'
      in Datei 
      'C:\Windows\Temp\302394c1-6061-4bb3-870b-485bfdf38f50\tmp00007b61\tmp0032daa2 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 19:29 [Echtzeit-Scanner] Malware gefunden
      Muster 'PUA/DownloadSponsor.Gen [riskware]'
      in Datei 'E:\Internet Download Manager - CHIP-Downloader.exe gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 19:28 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/Agent.LY.Gen [virus]'
      in Datei 
      'C:\Windows\Temp\99ef92a8-7628-4b99-af3f-a7187a5988de\tmp0000442a\tmp00554b1d 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 19:24 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/Agent.LY.Gen [virus]'
      in Datei 
      'C:\Windows\Temp\99ef92a8-7628-4b99-af3f-a7187a5988de\tmp0000442a\tmp004e93e8 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 19:24 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/Agent.LY.Gen [virus]'
      in Datei 
      'C:\Windows\Temp\99ef92a8-7628-4b99-af3f-a7187a5988de\tmp0000442a\tmp004e93e8 
      gefunden.
      Durchgeführte Aktion: Übergeben an Scanner

17.04.2016 17:36 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/GetRoot.A [virus]'
      in Datei 'D:\PhoneBackup_2.0.exe gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 17:36 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/GetRoot.A [virus]'
      in Datei 'D:\PhoneBackup_2.0.exe gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 17:36 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/GetRoot.A [virus]'
      in Datei 'D:\PhoneBackup_2.0.exe gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 17:36 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/GetRoot.A [virus]'
      in Datei 'D:\PhoneBackup_2.0.exe gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 17:36 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/GetRoot.A [virus]'
      in Datei 'D:\PhoneBackup_2.0.exe gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 17:36 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/GetRoot.A [virus]'
      in Datei 'D:\PhoneBackup_2.0.exe gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 17:35 [Echtzeit-Scanner] Malware gefunden
      Muster 'TR/Spy.60928.145 [trojan]'
      in Datei 
      'C:\Windows\Temp\58a3678a-26ea-47de-b338-1c5b2e2c28ce\tmp000068c1\tmp001c5466 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 17:35 [Echtzeit-Scanner] Malware gefunden
      Muster 'TR/Spy.60928.145 [trojan]'
      in Datei 
      'C:\Windows\Temp\58a3678a-26ea-47de-b338-1c5b2e2c28ce\tmp000068c1\tmp001c54bc 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 17:27 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/GetRoot.A [virus]'
      in Datei 
      'C:\Windows\Temp\58a3678a-26ea-47de-b338-1c5b2e2c28ce\tmp000068c1\tmp001a95a5 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 17:27 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/GetRoot.A [virus]'
      in Datei 'D:\MtkDroidTools\files\zR gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 17:04 [Echtzeit-Scanner] Malware gefunden
      Muster 'PUA/DownloadSponsor.Gen [riskware]'
      in Datei 
      'C:\Windows\Temp\58a3678a-26ea-47de-b338-1c5b2e2c28ce\tmp000068c1\tmp0011b8d4 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 17:04 [Echtzeit-Scanner] Malware gefunden
      Muster 'PUA/DownloadSponsor.Gen [riskware]'
      in Datei 
      'C:\Windows\Temp\58a3678a-26ea-47de-b338-1c5b2e2c28ce\tmp000068c1\tmp0011b8b1 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 17:04 [Echtzeit-Scanner] Malware gefunden
      Muster 'PUA/DownloadSponsor.Gen [riskware]'
      in Datei 
      'C:\Windows\Temp\58a3678a-26ea-47de-b338-1c5b2e2c28ce\tmp000068c1\tmp0011b8b1 
      gefunden.
      Durchgeführte Aktion: Übergeben an Scanner

17.04.2016 15:50 [Echtzeit-Scanner] Malware gefunden
      Muster 'TR/Patched.Ren.Gen2 [trojan]'
      in Datei 
      'C:\Windows\Temp\30767141-97b9-43cd-8450-eb8bb8847bd2\tmp00000bbf\tmp0002d806 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 15:50 [Echtzeit-Scanner] Malware gefunden
      Muster 'TR/Patched.Ren.Gen2 [trojan]'
      in Datei 
      'C:\Windows\Temp\30767141-97b9-43cd-8450-eb8bb8847bd2\tmp00000bbf\tmp0002d806 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 12:20 [Echtzeit-Scanner] Malware gefunden
      Muster 'TR/Patched.Ren.Gen2 [trojan]'
      in Datei 
      'C:\Windows\Temp\4a7dfb66-f713-4b94-a391-020f6ad7a388\tmp00002ecb\tmp00009029 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 12:20 [Echtzeit-Scanner] Malware gefunden
      Muster 'TR/Patched.Ren.Gen2 [trojan]'
      in Datei 
      'C:\Windows\Temp\4a7dfb66-f713-4b94-a391-020f6ad7a388\tmp00002ecb\tmp00009029 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 12:18 [Echtzeit-Scanner] Malware gefunden
      Muster 'TR/Patched.Ren.Gen2 [trojan]'
      in Datei 
      'C:\Windows\Temp\4a7dfb66-f713-4b94-a391-020f6ad7a388\tmp00002ecb\tmp00008896 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

17.04.2016 12:18 [Echtzeit-Scanner] Malware gefunden
      Muster 'TR/Patched.Ren.Gen2 [trojan]'
      in Datei 
      'C:\Windows\Temp\4a7dfb66-f713-4b94-a391-020f6ad7a388\tmp00002ecb\tmp00008896 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

16.04.2016 13:57 [Echtzeit-Scanner] Malware gefunden
      Muster 'TR/Patched.Ren.Gen2 [trojan]'
      in Datei 
      'C:\Windows\Temp\675f3633-b3de-4b80-a819-1ac95686b972\tmp000025c3\tmp00037a89 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

16.04.2016 13:57 [Echtzeit-Scanner] Malware gefunden
      Muster 'TR/Patched.Ren.Gen2 [trojan]'
      in Datei 
      'C:\Windows\Temp\675f3633-b3de-4b80-a819-1ac95686b972\tmp000025c3\tmp00037a89 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

16.04.2016 13:55 [Echtzeit-Scanner] Malware gefunden
      Muster 'TR/Patched.Ren.Gen2 [trojan]'
      in Datei 
      'C:\Windows\Temp\675f3633-b3de-4b80-a819-1ac95686b972\tmp000025c3\tmp000371c1 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

16.04.2016 13:55 [Echtzeit-Scanner] Malware gefunden
      Muster 'TR/Patched.Ren.Gen2 [trojan]'
      in Datei 
      'C:\Windows\Temp\675f3633-b3de-4b80-a819-1ac95686b972\tmp000025c3\tmp000371c1 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

16.04.2016 13:54 [Echtzeit-Scanner] Malware gefunden
      Muster 'TR/Patched.Ren.Gen2 [trojan]'
      in Datei 
      'C:\Windows\Temp\675f3633-b3de-4b80-a819-1ac95686b972\tmp000025c3\tmp00037128 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

16.04.2016 13:54 [Echtzeit-Scanner] Malware gefunden
      Muster 'TR/Patched.Ren.Gen2 [trojan]'
      in Datei 
      'C:\Windows\Temp\675f3633-b3de-4b80-a819-1ac95686b972\tmp000025c3\tmp00037128 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

16.04.2016 13:36 [Echtzeit-Scanner] Malware gefunden
      Muster 'TR/Patched.Ren.Gen2 [trojan]'
      in Datei 
      'C:\Windows\Temp\675f3633-b3de-4b80-a819-1ac95686b972\tmp000025c3\tmp0002dd63 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

16.04.2016 13:35 [Echtzeit-Scanner] Malware gefunden
      Muster 'TR/Patched.Ren.Gen2 [trojan]'
      in Datei 
      'C:\Windows\Temp\675f3633-b3de-4b80-a819-1ac95686b972\tmp000025c3\tmp0002dd63 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

16.04.2016 13:35 [Echtzeit-Scanner] Malware gefunden
      Muster 'TR/Patched.Ren.Gen2 [trojan]'
      in Datei 
      'C:\Windows\Temp\675f3633-b3de-4b80-a819-1ac95686b972\tmp000025c3\tmp0002dcca 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

16.04.2016 13:35 [Echtzeit-Scanner] Malware gefunden
      Muster 'TR/Patched.Ren.Gen2 [trojan]'
      in Datei 
      'C:\Windows\Temp\675f3633-b3de-4b80-a819-1ac95686b972\tmp000025c3\tmp0002dcca 
      gefunden.
      Durchgeführte Aktion: Zugriff verweigern

11.04.2016 23:00 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/GetRoot.A [virus]'
      in Datei 'D:\PhoneBackup_2.0.exe gefunden.
      Durchgeführte Aktion: Zugriff verweigern

11.04.2016 23:00 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/GetRoot.A [virus]'
      in Datei 'D:\PhoneBackup_2.0.exe gefunden.
      Durchgeführte Aktion: Zugriff verweigern

11.04.2016 23:00 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/GetRoot.A [virus]'
      in Datei 'D:\PhoneBackup_2.0.exe gefunden.
      Durchgeführte Aktion: Zugriff verweigern

11.04.2016 23:00 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/GetRoot.A [virus]'
      in Datei 'D:\PhoneBackup_2.0.exe gefunden.
      Durchgeführte Aktion: Zugriff verweigern

11.04.2016 23:00 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/GetRoot.A [virus]'
      in Datei 'D:\PhoneBackup_2.0.exe gefunden.
      Durchgeführte Aktion: Zugriff verweigern

11.04.2016 16:53 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/GetRoot.A [virus]'
      in Datei 'D:\PhoneBackup_2.0.exe gefunden.
      Durchgeführte Aktion: Zugriff verweigern

11.04.2016 16:53 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/GetRoot.A [virus]'
      in Datei 'D:\PhoneBackup_2.0.exe gefunden.
      Durchgeführte Aktion: Zugriff verweigern

11.04.2016 16:53 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/GetRoot.A [virus]'
      in Datei 'D:\PhoneBackup_2.0.exe gefunden.
      Durchgeführte Aktion: Zugriff verweigern

11.04.2016 16:52 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/GetRoot.A [virus]'
      in Datei 'D:\PhoneBackup_2.0.exe gefunden.
      Durchgeführte Aktion: Zugriff verweigern

11.04.2016 16:52 [Echtzeit-Scanner] Malware gefunden
      Muster 'ANDROID/GetRoot.A [virus]'
      in Datei 'D:\PhoneBackup_2.0.exe gefunden.
      Durchgeführte Aktion: Zugriff verweigern
         
Malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 18.04.2016
Suchlaufzeit: 09:10
Protokolldatei: 
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.04.18.01
Rootkit-Datenbank: v2016.04.17.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Sascha

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 385569
Abgelaufene Zeit: 35 Min., 18 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
FRST.txt:

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:17-04-2016
durchgeführt von Sascha (Administrator) auf SASCHA-PC (18-04-2016 08:47:42)
Gestartet von C:\Users\Sascha\Desktop
Geladene Profile: Sascha (Verfügbare Profile: Sascha & IWB)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Authentec Inc.) C:\Program Files\Protector Suite\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Fujitsu Technology Solutions) C:\Program Files\Fujitsu\DeskView\Common\FscHMCfg.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Nitro PDF Software) D:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Microsoft Corporation) C:\Users\Sascha\AppData\Local\Snip\Snip.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Wacom Technology, Corp.) C:\Windows\System32\WTablet\Pen_TabletUser.exe
() C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Nitro PDF Software) D:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sierra Wireless, Inc.) C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\usrreq.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7703072 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [764528 2016-03-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [IndicatorUtility] => C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47464 2009-06-22] (FUJITSU LIMITED)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975760 2015-11-03] (Cisco Systems, Inc.)
HKLM\...\Run: [FUJ02B1_Apps] => C:\Program Files\Fujitsu\FUJ02B1\CheckBatteryPack.exe [366376 2016-03-17] (FUJITSU LIMITED)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [8007392 2016-01-28] ()
Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll [2012-10-23] (Authentec Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Run: [Dropbox Update] => C:\Users\Sascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Run: [Snip] => C:\Users\Sascha\AppData\Local\Snip\Snip.exe [1713312 2015-10-19] (Microsoft Corporation)
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50676864 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\MountPoints2: {0cebd7cc-ce8f-11e2-b157-00a0d5ffffa5} - F:\Startme.exe
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\MountPoints2: {50d5c9c3-7f73-11e4-b352-001742fd5e4f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\autorun.exe /auto
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\MountPoints2: {f690ec43-7c86-11e4-b1bc-fc6fd48a52bd} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\autorun.exe /auto
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\MountPoints2: {fb8e2f6d-7ebc-11e4-9153-001742fd5e4f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\autorun.exe /auto
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\MountPoints2: {fb8e3063-7ebc-11e4-9153-001742fd5e4f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\autorun.exe /auto
HKU\S-1-5-18\...\Run: [FRITZ!protect] => FwebProt.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite\farchns.dll [2012-10-23] (Authentec Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite\farchns.dll [2012-10-23] (Authentec Inc.)
Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe - Verknüpfung.lnk [2013-11-22]
ShortcutTarget: ctfmon.exe - Verknüpfung.lnk -> C:\Windows\System32\ctfmon.exe (Microsoft Corporation)
Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-16]
ShortcutTarget: Dropbox.lnk -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 01 C:\Windows\system32\NLAapi.dll [52224 2012-10-03] (Microsoft Corporation) ACHTUNG: LibraryPath sollte sein "C:\Windows)\system32\NLAapi.dll"
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{69767269-0577-45C1-88DC-B1D78DE44DAF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AB78458C-7E79-49A8-8741-7B110BCDCC40}: [NameServer] 62.134.11.4 195.182.110.132塚BḈ¿ↅ䍟謓並BḈ¿

Internet Explorer:
==================
HKU\S-1-5-21-2186534646-70022557-530426099-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-09-05] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-09-05] (Adobe Systems Incorporated)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-09-05] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2186534646-70022557-530426099-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-09-05] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-03-18] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094
FF Homepage: hxxp://www.google.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> E:\Program Files\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> D:\Program Files\Nitro\Pro 8\npnitromozilla.dll [2013-05-27] (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC 0.8.6\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Acrobat -> D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2186534646-70022557-530426099-1000: @torrentstream.net/tsplugin,version=2.0.8.11.1 -> C:\Users\Sascha\AppData\Roaming\TorrentStream\player\npts_plugin.dll [2014-04-25] (Innovative Digital Technologies)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll [2014-01-09] (Dassault Systèmes SolidWorks Corp.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-04-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-04-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-04-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-04-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-04-24] (Apple Inc.)
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-12-02] [ist nicht signiert]
FF Extension: Web Developer - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2015-07-12]
FF Extension: NoScript - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-07]
FF Extension: DownThemAll! AntiContainer - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094\extensions\anticontainer@downthemall.net.xpi [2016-04-15]
FF Extension: DownThemAll! - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-04-15]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094\Extensions\elemhidehelper@adblockplus.org.xpi [2016-02-18]
FF Extension: uBlock Origin - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094\Extensions\uBlock0@raymondhill.net.xpi [2016-04-07]
FF Extension: Adblock Plus - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-01] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-04-01] [ist nicht signiert]
FF HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\Sascha\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\Sascha\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org [2015-03-04] [ist nicht signiert]
FF HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - D:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-03-10]
FF HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Sascha\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Sascha\AppData\Roaming\IDM\idmmzcc5 [2016-04-16] [ist nicht signiert]
FF HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files\Internet Download Manager\idmmzcc2.xpi

Chrome: 
=======
CHR Profile: C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Web Developer) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2015-05-27]
CHR Extension: (kimono) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoaddaobnieaecelinfdllcgdehimih [2016-04-14]
CHR Extension: (Adobe Acrobat) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-12]
CHR Extension: (AdBlock) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-12]
CHR Extension: (IDM Integration Module) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-04-14]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Citavi Picker) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2015-11-02]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-09-05]
CHR HKLM\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - D:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-02-11]
CHR HKLM\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - D:\Program Files\Citavi 4\Pickers\Chrome\ChromePicker.crx [2014-02-07]

Opera: 
=======
StartMenuInternet: (HKLM) Opera - D:\Program Files\Opera\Opera.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 ActivControl; C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe [21328 2013-04-25] (Promethean)
S3 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [593376 2013-04-11] (Intel Corporation)
R2 AntiVirFireWallService; C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe [1055488 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [856760 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [463720 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [463720 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1043664 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1807608 2009-07-31] (AuthenTec, Inc.)
S3 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104240 2012-09-12] (Intel(R) Corporation)
S3 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [76328 2014-01-11] (Dassault Systèmes SolidWorks Corp.)
S3 eBeam Device Service; C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe [180224 2013-06-05] (Luidia, Inc.) [Datei ist nicht signiert]
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1074480 2014-06-28] (Flexera Software LLC)
R2 FscHmCfg; C:\Program Files\Fujitsu\DeskView\Common\FscHMCfg.exe [150656 2012-11-13] (Fujitsu Technology Solutions)
R2 HPSLPSVC; C:\Users\Sascha\AppData\Local\Temp\7zS38EB\hpslpsvc32.dll [701288 2013-02-06] (Hewlett-Packard Co.)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [73528 2009-07-28] (AVM Berlin)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe [659872 2016-01-28] ()
S3 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files\Microsoft Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [242928 2013-04-18] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NitroDriverReadSpool8; D:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe [196616 2013-05-27] (Nitro PDF Software)
R2 NitroDriverReadSpool9; D:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2013-11-12] (Nitro PDF Software)
S3 NovacomD; C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe [61440 2011-06-24] (Palm) [Datei ist nicht signiert]
S3 O2Flash; C:\Windows\system32\o2flash.exe [65536 2007-02-12] (O2Micro International) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [62824 2009-07-27] (FUJITSU LIMITED)
S3 RemoteSolverDispatcher; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [191112 2014-01-10] (Mentor Graphics Corporation) [Datei ist nicht signiert]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [135176 2015-02-18] (Sandboxie Holdings, LLC)
S3 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 SMARTHelperService; C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe [538928 2014-05-29] (SMART Technologies)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-11-01] (SolidWorks) [Datei ist nicht signiert]
R2 SwiCardDetectSvc; C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe [238960 2010-12-02] (Sierra Wireless, Inc.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 TomTomHOMEService; D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-08-27] (TomTom)
S3 UDisk Monitor Z5 Phone; C:\Program Files\Android_USB_Driver_Z\Bin\MonServiceUDisk.exe [585416 2013-11-18] ()
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-08-04] (Intel Corporation)
S3 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [111488 2009-10-12] (CSR, plc)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [579984 2015-11-03] (Cisco Systems, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62760 2008-10-09] ()
S3 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2532592 2013-04-18] (Intel® Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [109248 2015-11-03] (Cisco Systems, Inc.)
S3 ACTIVhidmini; C:\Windows\System32\DRIVERS\ACTIVhidmini.sys [87296 2012-10-30] (Promethean Technologies Ltd)
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [112608 2013-04-11] (Windows (R) Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [112608 2013-04-11] (Windows (R) Win 7 DDK provider)
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [92448 2014-08-15] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [113024 2014-08-15] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [109016 2016-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136272 2016-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-08-15] (Avira Operations GmbH & Co. KG)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [105728 2013-06-06] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-06-06] (DT Soft Ltd)
R3 FjBtnDrv; C:\Windows\System32\DRIVERS\FjBtnDrv.sys [18816 2009-08-27] (Fujitsu America, Inc.)
R0 FJGSDisk; C:\Windows\System32\DRIVERS\FJGSDisk.sys [12712 2013-06-06] (FUJITSU LIMITED)
R2 FJSPA; C:\Program Files\Fujitsu\FJSPA\FJSPA.sys [17712 2006-12-07] (FUJITSU LIMITED)
R3 FlashDrv; C:\Windows\System32\DRIVERS\FlashDrv.sys [22344 2012-11-13] (Fujitsu Technology Solutions)
R3 FscCmos; C:\Windows\System32\DRIVERS\FscCmos.sys [17224 2012-11-13] (Fujitsu Technology Solutions)
R3 FscCpuid; C:\Windows\System32\DRIVERS\FscCpuid.sys [18248 2012-11-13] (Fujitsu Technology Solutions)
R3 FscEfDmi; C:\Windows\System32\DRIVERS\FscEfDmi.sys [18760 2012-11-13] (Fujitsu Technology Solutions)
R3 FscGabi; C:\Windows\System32\DRIVERS\FscGabi.sys [21064 2012-11-13] (Fujitsu Technology Solutions)
R3 FscTime; C:\Windows\System32\DRIVERS\FscTime.sys [20296 2012-11-13] (Fujitsu Technology Solutions)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [48552 2016-03-17] (FUJITSU LIMITED)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [42592 2014-08-25] (hxxp://libusb-win32.sourceforge.net)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7523840 2012-01-23] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc.)
R3 O2SCBUS; C:\Windows\System32\DRIVERS\ozscr.sys [102560 2009-05-15] (O2Micro)
S3 prmvmouse; C:\Windows\System32\DRIVERS\activmouse.sys [6656 2012-10-30] (Promethean Technologies Ltd)
S3 s1029bus; C:\Windows\System32\DRIVERS\s1029bus.sys [90280 2009-05-25] (MCCI Corporation)
S3 s1029mdfl; C:\Windows\System32\DRIVERS\s1029mdfl.sys [15016 2009-05-25] (MCCI Corporation)
S3 s1029mdm; C:\Windows\System32\DRIVERS\s1029mdm.sys [122280 2009-05-25] (MCCI Corporation)
S3 s1029mgmt; C:\Windows\System32\DRIVERS\s1029mgmt.sys [115880 2009-05-25] (MCCI Corporation)
S3 s1029nd5; C:\Windows\System32\DRIVERS\s1029nd5.sys [26024 2009-05-25] (MCCI Corporation)
S3 s1029obex; C:\Windows\System32\DRIVERS\s1029obex.sys [111912 2009-05-25] (MCCI Corporation)
S3 s1029unic; C:\Windows\System32\DRIVERS\s1029unic.sys [116904 2009-05-25] (MCCI Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161288 2015-02-18] (Sandboxie Holdings, LLC)
R3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [8192 2014-05-29] (SMART Technologies)
R3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [7680 2014-05-29] (SMART Technologies)
S3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [15872 2014-05-29] (SMART Technologies ULC)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [27696 2015-06-22] (Avira Operations GmbH & Co. KG)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13368 2015-12-26] (SlimWare Utilities, Inc.)
S3 swiwdmbus; C:\Windows\System32\DRIVERS\swiwdmbus.sys [82048 2010-11-16] (Sierra Wireless Inc.)
S3 SWNC8U3C; C:\Windows\System32\DRIVERS\swnc8u3C.sys [231936 2010-11-16] (Sierra Wireless Inc.)
S3 SWUMX3C; C:\Windows\System32\DRIVERS\swumx3C.sys [156672 2010-11-16] (Sierra Wireless Inc.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [408280 2015-12-09] (BitDefender S.R.L.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [977024 2009-08-25] (Vimicro Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-08-15] (Cisco Systems, Inc.)
R3 vvftav323; C:\Windows\System32\drivers\vvftav323.sys [475136 2007-03-19] (Vimicro Corporation)
R3 WISDPen; C:\Windows\System32\DRIVERS\wisdpen.sys [36648 2009-08-24] (Wacom Technology)
S3 FscBapi; system32\DRIVERS\FscBapi.sys [X]
S3 OemF0211; system32\DRIVERS\OemF0211.sys [X]
S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-18 08:47 - 2016-04-18 08:48 - 00033204 _____ C:\Users\Sascha\Desktop\FRST.txt
2016-04-18 08:47 - 2016-04-18 08:47 - 00000000 ____D C:\FRST
2016-04-18 08:42 - 2016-04-18 08:42 - 01726464 _____ (Farbar) C:\Users\Sascha\Desktop\FRST.exe
2016-04-17 22:41 - 2016-04-17 22:41 - 00001892 _____ C:\Users\Sascha\Desktop\Ad-Aware_Report_Full_Manual_2016-04-17T22-30-36.318465.xml
2016-04-16 16:08 - 2016-03-31 20:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-16 16:08 - 2016-03-31 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-16 16:08 - 2016-03-31 02:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-16 16:08 - 2016-03-31 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-16 16:08 - 2016-03-31 01:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-16 16:08 - 2016-03-31 01:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-16 16:08 - 2016-03-31 01:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-16 16:08 - 2016-03-31 01:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-16 16:08 - 2016-03-31 01:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-16 16:08 - 2016-03-31 01:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-16 16:08 - 2016-03-31 01:45 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-16 16:08 - 2016-03-31 01:41 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-16 16:08 - 2016-03-31 01:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-16 16:08 - 2016-03-31 01:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-16 16:08 - 2016-03-31 01:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-16 16:08 - 2016-03-31 01:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-16 16:08 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-16 16:08 - 2016-03-31 01:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-16 16:08 - 2016-03-31 01:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-16 16:08 - 2016-03-31 01:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-16 16:08 - 2016-03-31 01:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-16 16:08 - 2016-03-31 01:23 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-16 16:08 - 2016-03-31 01:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-16 16:08 - 2016-03-31 01:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-16 16:08 - 2016-03-31 01:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-16 16:08 - 2016-03-31 01:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-16 16:07 - 2016-03-31 02:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-16 16:07 - 2016-03-31 01:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-16 16:07 - 2016-03-31 01:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-16 16:07 - 2016-03-31 01:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-16 16:07 - 2016-03-31 01:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-16 16:07 - 2016-03-31 01:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-16 16:07 - 2016-03-31 01:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-16 16:07 - 2016-03-31 01:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-16 16:07 - 2016-03-31 01:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-16 16:07 - 2016-03-11 20:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-16 13:44 - 2016-04-16 13:44 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Lavasoft
2016-04-16 13:10 - 2016-03-18 00:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-04-16 13:10 - 2016-03-18 00:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-16 13:10 - 2016-03-18 00:36 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-16 13:10 - 2016-03-18 00:36 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-16 13:10 - 2016-03-18 00:33 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-16 13:10 - 2016-03-18 00:30 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-16 13:10 - 2016-03-18 00:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-16 13:10 - 2016-03-18 00:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-16 13:10 - 2016-03-18 00:30 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-16 13:10 - 2016-03-18 00:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-16 13:10 - 2016-03-18 00:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-16 13:10 - 2016-03-18 00:29 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-16 13:10 - 2016-03-18 00:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-16 13:10 - 2016-03-18 00:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-16 13:10 - 2016-03-18 00:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-16 13:10 - 2016-03-18 00:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-16 13:10 - 2016-03-18 00:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-16 13:10 - 2016-03-18 00:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-16 13:10 - 2016-03-18 00:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-16 13:10 - 2016-03-18 00:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-16 13:10 - 2016-03-18 00:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-16 13:10 - 2016-03-18 00:26 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-16 13:10 - 2016-03-18 00:26 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-16 13:10 - 2016-03-18 00:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-16 13:10 - 2016-03-18 00:26 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-16 13:10 - 2016-03-18 00:25 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-16 13:10 - 2016-03-18 00:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-16 13:10 - 2016-03-17 23:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-16 13:10 - 2016-03-17 23:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-16 13:10 - 2016-03-17 23:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-16 13:10 - 2016-03-17 23:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-16 13:10 - 2016-03-17 23:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-16 13:10 - 2016-03-17 23:36 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-16 13:10 - 2016-03-17 23:35 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-16 13:10 - 2016-03-17 23:30 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-16 13:10 - 2016-03-17 23:30 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-16 13:10 - 2016-03-17 23:30 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-16 13:10 - 2016-03-17 23:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-16 13:10 - 2016-03-17 23:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-16 13:10 - 2016-03-17 23:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-16 13:10 - 2016-03-17 23:29 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-16 13:10 - 2016-03-17 23:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-16 13:10 - 2016-03-17 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-16 13:10 - 2016-03-17 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-16 13:10 - 2016-03-17 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-16 13:08 - 2016-03-06 20:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-16 13:08 - 2016-03-06 20:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-16 13:04 - 2016-03-29 19:35 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-16 13:03 - 2016-04-16 13:03 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\LavasoftStatistics
2016-04-16 13:03 - 2016-04-16 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-04-16 13:03 - 2016-04-16 13:03 - 00000000 ____D C:\Program Files\Lavasoft
2016-04-16 13:02 - 2016-04-16 13:02 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2016-04-16 13:01 - 2016-04-16 13:01 - 00000000 ____D C:\ProgramData\Lavasoft
2016-04-16 12:58 - 2016-04-16 12:58 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-15 01:24 - 2016-03-16 01:53 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-15 01:24 - 2016-03-16 01:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-14 00:18 - 2016-04-14 00:18 - 01695703 _____ C:\Users\Sascha\Desktop\1366_269-13.pdf
2016-04-12 21:36 - 2016-04-13 09:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-04-11 17:02 - 2016-04-11 17:02 - 61815001 _____ C:\Users\Sascha\Desktop\d9722cf018848242e0bb565de93b5dc1.mp4
2016-04-11 16:46 - 2016-04-16 13:52 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\IDM
2016-04-11 16:46 - 2016-04-11 16:46 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-04-11 16:46 - 2016-04-11 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-04-11 16:42 - 2016-04-11 16:42 - 00000000 ____D C:\Users\Sascha\Desktop\IDM_6.25_Build_14_Fix_exe___Serials
2016-04-10 22:08 - 2016-04-10 22:08 - 00000000 ____D C:\php
2016-04-10 22:07 - 2016-04-10 22:07 - 21790696 _____ C:\Users\Sascha\Desktop\php-7.0.5-nts-Win32-VC14-x86.zip
2016-04-05 11:47 - 2016-03-25 20:36 - 00034024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-05 11:47 - 2016-03-25 20:25 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-05 11:47 - 2016-03-23 16:02 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-05 11:47 - 2016-03-23 16:02 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-05 11:47 - 2016-03-17 20:04 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-05 11:47 - 2016-03-17 20:04 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-05 11:47 - 2016-03-17 20:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-05 11:47 - 2016-03-17 20:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-05 11:47 - 2016-02-02 20:48 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-05 11:47 - 2016-02-01 21:02 - 00105408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-04-05 11:47 - 2016-02-01 20:49 - 02364928 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-04-05 11:47 - 2016-02-01 20:49 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-04-05 11:47 - 2016-02-01 20:49 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-04-05 11:47 - 2016-02-01 20:45 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-04-05 11:47 - 2016-02-01 20:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-04-05 11:47 - 2016-01-21 02:51 - 00057280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-05 11:46 - 2016-02-05 20:44 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-05 11:46 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-05 11:46 - 2015-06-03 22:22 - 00355456 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-05 11:33 - 2016-04-05 11:33 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-03-24 16:38 - 2016-03-24 16:38 - 00000000 ____D C:\Program Files\Common Files\Java
2016-03-24 12:48 - 2016-03-24 12:48 - 01474560 _____ C:\Users\Sascha\Desktop\vmscsi-1.2.0.4.flp
2016-03-24 12:12 - 2016-04-12 00:27 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\VMware
2016-03-24 12:12 - 2016-04-10 22:31 - 00000000 ____D C:\Users\Sascha\AppData\Local\VMware
2016-03-24 12:03 - 2016-04-12 00:33 - 00000000 ____D C:\ProgramData\VMware
2016-03-24 12:03 - 2016-04-12 00:33 - 00000000 ____D C:\Program Files\Common Files\VMware
2016-03-23 23:44 - 2016-03-23 23:44 - 00000000 ____D C:\ProgramData\Dell
2016-03-23 20:27 - 2009-07-21 01:48 - 00485920 _____ (NVIDIA Corporation) C:\Windows\system32\NVUNINST.EXE
2016-03-23 19:17 - 2016-04-18 08:19 - 00000000 ____D C:\Users\Sascha\Desktop\VMware-convertercd-4.1.1-206170
2016-03-22 14:04 - 2016-03-22 14:04 - 00000889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-03-22 14:04 - 2016-03-22 14:04 - 00000877 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-03-22 13:09 - 2016-03-22 13:22 - 345040098 _____ C:\Users\Sascha\Downloads\Weka.zip

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-18 08:39 - 2014-01-17 19:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-18 08:24 - 2015-09-25 22:13 - 00000000 ____D C:\Users\Sascha\Desktop\Family
2016-04-18 08:22 - 2015-09-25 22:06 - 00000000 ____D C:\Users\Sascha\Desktop\Rechnungen + Reisen
2016-04-18 08:22 - 2009-07-14 06:34 - 00022048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-18 08:22 - 2009-07-14 06:34 - 00022048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-18 08:21 - 2015-11-17 00:21 - 00000000 ____D C:\Users\Sascha\Desktop\Work
2016-04-18 08:21 - 2015-06-08 13:52 - 00000000 ____D C:\Users\Sascha\Desktop\Uni
2016-04-18 08:17 - 2015-08-30 21:27 - 00323261 _____ C:\Users\Sascha\AppData\Local\Snip.txt
2016-04-18 08:12 - 2015-10-28 12:47 - 00215388 _____ C:\Users\Sascha\AppData\Local\SnipUsages.txt
2016-04-18 08:11 - 2013-10-14 14:47 - 00000000 ____D C:\Users\Sascha\.rainlendar2
2016-04-18 08:11 - 2013-06-11 17:55 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\WTablet
2016-04-18 08:10 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-18 00:01 - 2015-06-16 09:50 - 00001228 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2186534646-70022557-530426099-1000UA.job
2016-04-17 23:46 - 2013-06-06 11:18 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Skype
2016-04-17 11:48 - 2011-04-12 03:30 - 00699342 _____ C:\Windows\system32\perfh007.dat
2016-04-17 11:48 - 2011-04-12 03:30 - 00149450 _____ C:\Windows\system32\perfc007.dat
2016-04-17 11:48 - 2010-11-20 23:01 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-17 11:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-04-17 11:42 - 2009-07-14 06:33 - 00489496 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-17 01:26 - 2015-01-26 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-04-16 14:27 - 2013-07-12 10:44 - 00000000 ____D C:\Windows\system32\MRT
2016-04-16 14:13 - 2013-06-06 00:10 - 132539272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-16 14:08 - 2013-06-30 12:32 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\DMCache
2016-04-16 12:59 - 2013-07-01 21:54 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Dropbox
2016-04-15 01:16 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-13 10:01 - 2015-06-16 09:50 - 00001176 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2186534646-70022557-530426099-1000Core.job
2016-04-13 09:49 - 2013-07-03 07:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-04-13 01:57 - 2013-07-01 11:41 - 00000000 ____D C:\Users\Sascha\.VirtualBox
2016-04-13 00:32 - 2013-06-30 12:32 - 00000000 ____D C:\Users\Sascha\Downloads\Video
2016-04-13 00:16 - 2013-06-06 18:37 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\vlc
2016-04-12 00:38 - 2013-06-06 22:30 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\DAEMON Tools Lite
2016-04-11 23:01 - 2013-06-06 23:55 - 00000000 ____D C:\Windows\pss
2016-04-11 22:32 - 2013-06-06 21:32 - 01952155 _____ C:\Users\Sascha\DesktopStCenter.txt
2016-04-11 15:43 - 2015-06-27 11:11 - 00036218 _____ C:\Users\Sascha\Desktop\Geld zurück Aktionen_stand 27.06.xlsx
2016-04-11 15:36 - 2015-08-30 21:27 - 00000000 ____D C:\Users\Sascha\Documents\My Snips
2016-04-11 14:44 - 2013-06-12 09:04 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Nitro PDF
2016-04-11 14:17 - 2013-06-06 09:33 - 00000000 ____D C:\Users\Sascha\AppData\Local\Deployment
2016-04-11 13:09 - 2015-06-24 01:12 - 00000000 ____D C:\Users\Sascha\Desktop\Coupons&Aktionen
2016-04-10 13:37 - 2013-06-08 11:02 - 00000000 ____D C:\Users\Sascha\Desktop\scan
2016-04-10 10:15 - 2016-02-04 15:18 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Kodi
2016-04-08 21:39 - 2013-12-15 14:28 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-04-08 21:39 - 2013-12-15 14:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-04-07 19:39 - 2016-02-05 23:13 - 00000405 ____H C:\Users\Sascha\.swfinfo
2016-04-05 13:30 - 2015-04-21 10:03 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-05 11:34 - 2013-06-06 11:18 - 00000000 ____D C:\ProgramData\Skype
2016-04-05 11:33 - 2015-12-30 23:11 - 00000000 ___RD C:\Program Files\Skype
2016-03-26 15:32 - 2016-03-16 11:03 - 00000000 ____D C:\Users\Sascha\Desktop\qipu
2016-03-24 16:47 - 2013-12-14 00:43 - 00000000 ____D C:\ProgramData\Oracle
2016-03-24 16:46 - 2016-01-16 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-24 16:46 - 2014-10-30 19:08 - 00000000 ____D C:\Program Files\Java
2016-03-24 16:38 - 2016-01-16 16:02 - 00000000 ____D C:\Users\Sascha\.oracle_jre_usage
2016-03-24 16:37 - 2016-01-16 16:02 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-03-24 01:32 - 2014-08-25 09:55 - 00000628 __RSH C:\ProgramData\ntuser.pol
2016-03-24 01:10 - 2013-06-10 14:56 - 00000000 ____D C:\WTablet
2016-03-23 22:30 - 2014-11-01 10:48 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-03-23 19:08 - 2014-11-29 16:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-23 19:03 - 2013-06-06 09:01 - 00134600 _____ C:\Users\Sascha\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-22 14:05 - 2014-12-18 23:13 - 00000000 ____D C:\Program Files\TeamViewer

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-06-06 09:02 - 2015-08-02 20:47 - 0003540 _____ () C:\Users\Sascha\AppData\Roaming\FjMenu1.XML
2006-12-11 20:13 - 2006-12-11 20:13 - 0097336 _____ (Un4seen Developments) C:\Users\Sascha\AppData\Local\bass.dll
2006-12-11 20:13 - 2006-12-11 20:13 - 0013872 _____ (Un4seen Developments) C:\Users\Sascha\AppData\Local\basscd.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0102912 _____ (Albert L Faber) C:\Users\Sascha\AppData\Local\CDRip.dll
2014-06-26 10:04 - 2014-06-26 10:04 - 0003909 ____H () C:\Users\Sascha\AppData\Local\cimiekki.ini
2014-05-09 13:42 - 2016-01-04 02:42 - 0001194 _____ () C:\Users\Sascha\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2013-07-11 22:09 - 2013-07-11 22:19 - 0004608 _____ () C:\Users\Sascha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-01 18:54 - 2013-12-01 18:57 - 0004096 ____H () C:\Users\Sascha\AppData\Local\keyfile3.drm
2007-08-13 18:46 - 2007-08-13 18:46 - 0155136 _____ () C:\Users\Sascha\AppData\Local\lame_enc.dll
2007-01-18 22:09 - 2007-01-18 22:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\Sascha\AppData\Local\No23 Recorder.exe
2005-08-23 23:34 - 2005-08-23 23:34 - 0029184 _____ () C:\Users\Sascha\AppData\Local\no23xwrapper.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0015872 _____ () C:\Users\Sascha\AppData\Local\ogg.dll
2013-12-22 21:37 - 2013-12-22 21:37 - 0001448 _____ () C:\Users\Sascha\AppData\Local\RecConfig.xml
2015-10-01 15:04 - 2015-10-01 15:04 - 0002112 _____ () C:\Users\Sascha\AppData\Local\recently-used.xbel
2015-08-30 21:27 - 2016-04-18 08:17 - 0323261 _____ () C:\Users\Sascha\AppData\Local\Snip.txt
2015-10-28 12:47 - 2016-04-18 08:12 - 0215388 _____ () C:\Users\Sascha\AppData\Local\SnipUsages.txt
2014-11-03 17:03 - 2014-12-01 21:58 - 0000000 _____ () C:\Users\Sascha\AppData\Local\Temptable.xml
2006-10-26 02:06 - 2006-10-26 02:06 - 0143872 _____ () C:\Users\Sascha\AppData\Local\vorbis.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0064000 _____ () C:\Users\Sascha\AppData\Local\vorbisenc.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0019456 _____ () C:\Users\Sascha\AppData\Local\vorbisfile.dll
2013-07-01 18:12 - 2013-09-14 14:26 - 0006947 _____ () C:\ProgramData\hpzinstall.log
2014-10-07 23:13 - 2014-10-07 23:13 - 0000095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Einige Dateien in TEMP:
====================
C:\Users\IWB\AppData\Local\Temp\avgnt.exe
C:\Users\Sascha\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-04-07 10:09

==================== Ende vom FRST.txt ============================
         

Geändert von goro11 (18.04.2016 um 09:08 Uhr) Grund: Rechtscheibung/Kommasetzung :shame:

Alt 18.04.2016, 09:05   #2
goro11
 
Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\" - Standard

Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\"



und hier noch die Addition.txt (hat leider nicht alles in den OP gepasst).

Addition.txt:

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:17-04-2016
durchgeführt von Sascha (2016-04-18 08:49:53)
Gestartet von C:\Users\Sascha\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2013-06-05 20:58:13)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2186534646-70022557-530426099-500 - Administrator - Disabled)
Gast (S-1-5-21-2186534646-70022557-530426099-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2186534646-70022557-530426099-1004 - Limited - Enabled)
IWB (S-1-5-21-2186534646-70022557-530426099-1003 - Administrator - Enabled) => C:\Users\IWB
Sascha (S-1-5-21-2186534646-70022557-530426099-1000 - Administrator - Enabled) => C:\Users\Sascha

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Ad-Aware Antivirus (Disabled - Out of date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Ad-Aware Antivirus (Disabled - Out of date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
ActivDriver x86 v5.9 (HKLM\...\{3B9BDF03-96EA-424C-9413-45D80C5B2F08}) (Version: 5.9.22 - Promethean)
ActivInspire Core Resources (DEU) v1 (HKLM\...\{06C9F624-9F53-4C89-9720-1601A295769A}) (Version: 1.6.3 - Promethean)
ActivInspire Help (DEU) v1 (HKLM\...\{B18A62F5-296F-4BC4-B8DD-A9FB16EE9106}) (Version: 1.6.3 - Promethean)
ActivInspire HWR Resources (DEU) v1 (HKLM\...\{CB2158F5-B05D-41BF-B8F8-05A85695BA4E}) (Version: 1.7.1 - Promethean)
ActivInspire v2 (HKLM\...\{84007E42-A06F-4FFE-90D2-85F82CB48615}) (Version: 2.4.66096 - Promethean)
Ad-Aware Antivirus (HKLM\...\{A6E2BA31-F8AF-4DD0-806D-B884D8DDBBAD}_AdAwareUpdater) (Version: 11.10.767.8917 - Lavasoft)
AdAwareInstaller (Version: 11.10.767.8917 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.10.767.8917 - Lavasoft) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.05 - Adobe Systems)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v3.00 (HKLM\...\AIDA64 Extreme Edition_is1) (Version: 3.00 - FinalWire Ltd.)
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Android USB Driver (HKLM\...\Z5 Android USB Driver_is1) (Version:  - )
Angry Birds (HKLM\...\{370CA4B0-A1D8-4863-A3C5-6879AEE1663A}) (Version: 3.0.0 - Rovio)
Angry Birds Rio (HKLM\...\{0D637670-BC00-4FAC-8E00-518EB7F65091}) (Version: 1.4.4 - Rovio)
Angry Birds Seasons (HKLM\...\{A0CDDE99-D170-426F-917E-B2E51EB3B78F}) (Version: 3.2.0 - Rovio Entertainment Ltd.)
Angry Birds Space (HKLM\...\{561AA971-37EB-4D63-9FB9-810B663B5CC7}) (Version: 1.4.1 - Rovio)
Angry Birds Star Wars (HKLM\...\{C336AA55-BBA3-4908-886F-25CF6D302D13}) (Version: 1.2.0 - Rovio Entertainment Ltd.)
AntimalwareEngine (Version: 3.0.99.0 - Lavasoft) Hidden
AnVir Task Manager (HKLM\...\AnVir Task Manager) (Version:  - AnVir Software)
Any Video Converter 5.5.1 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Ashampoo Photo Optimizer 4 v.4.0.3 (HKLM\...\Ashampoo Photo Optimizer 4_is1) (Version: 4.0.3 - Ashampoo GmbH & Co. KG)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AuthenTec Fingerprint Software (HKLM\...\{6B99AF03-2668-4572-BD3D-8C7A5D103065}) (Version: 8.5.1.28 - Ihr Firmenname)
AuthenTec WinBio FingerPrint Software 32-bit (HKLM\...\{580C9CA9-9293-470F-8762-2925A2B3D4B7}) (Version: 3.4.4.1027 - AuthenTec, Inc.)
Avira Professional Security (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.16.208 - Avira Operations GmbH & Co. KG)
Bad Piggies (HKLM\...\{9577B943-AEDD-462A-AF22-5F55BB3BFB1D}) (Version: 1.1.0.0 - Rovio)
Bluetooth Feature Pack 5.0 (HKLM\...\{0439D13F-C7CD-458A-90DE-44135CBD40B8}) (Version: 5.0.13 - CSR Plc.)
Bouquet Wizard (HKLM\...\BouquetWizard) (Version:  - )
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.18.8 - Broadcom Corporation)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4380 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
C4380_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{8C31E86B-2A66-40E8-BF47-32A25D65DB12}) (Version: 1.15.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Chipcardmaster 7.11 (HKLM\...\Chipcardmaster_is1) (Version:  - Dr. Olaf Jacobsen)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.1.08005 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 4.1.08005 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citavi 4 (HKLM\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
Crazy Machines - Neue Herausforderungen (HKLM\...\{294EF51E-1453-4F42-8792-77DBFB47D0EC}) (Version: 1.12 - FAKT Software GmbH)
Crazy Machines - Neues aus dem Labor (HKLM\...\{BFF2D920-80F2-46E9-8246-79A20BB9D8B2}) (Version: 1.20 - FAKT Software GmbH)
Crazy Machines (HKLM\...\{8E6A3B40-DCE3-47D9-835B-FE1AD9C083D0}) (Version: 1.0 - FAKT Software GmbH)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
dboxTV v4.0.0.0 (HKLM\...\dboxTV_is1) (Version:  - DsChAeK)
DeskUpdate (HKLM\...\DeskUpdate_is1) (Version: 4.15.0144 - Fujitsu Technology Solutions)
DeskViewClient (HKLM\...\{EF1A6D76-8DEB-4C50-88C5-7204D8817C8F}) (Version: 6.55.0093 - Fujitsu Technology Solutions)
Dexpot (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Dexpot) (Version: 1.6.10 - Dexpot GbR)
Dkill95 (HKLM\...\Dkill95) (Version:  - )
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
DVD Identifier (HKLM\...\DVD Identifier_is1) (Version: 5.2.0 - Kris Schoofs)
eBeam Capture 2.4.4.11 (HKLM\...\eBeamCapture_is1) (Version: 2.4.4.11 - Luidia, Inc.)
eBeam Device Service 2.5.0.9 (HKLM\...\eBeamDeviceService_is1) (Version: 2.5.0.9 - Luidia, Inc.)
eBeam Education Suite 2.5.0.9 (HKLM\...\eBeamInteract_is1) (Version: 2.5.0.9 - Luidia, Inc.)
Extended Asian Language font pack for Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\2db37667170956ee) (Version: 2.3.3.2 - AVM Berlin)
Fujitsu Button Utilities (HKLM\...\{207E8B60-07D2-4B7F-97FE-0DA448606861}) (Version: 7.02.0722.2009 - Fujitsu Computer Systems Corporation)
Fujitsu Display Manager (HKLM\...\InstallShield_{2BDE2BF2-AD90-4191-B3C8-D0046CE54916}) (Version: 7.00.20.200 - Ihr Firmenname)
Fujitsu Display Manager (Version: 7.00.20.200 - Ihr Firmenname) Hidden
Fujitsu Hotkey Utility (HKLM\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.0.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (Version: 3.60.0.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM\...\InstallShield_{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}) (Version: 3.00.00.000 - Ihr Firmenname)
Fujitsu MobilityCenter Extension Utility (Version: 3.00.00.000 - Ihr Firmenname) Hidden
Fujitsu System Extension Utility (HKLM\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.1.0.0 - FUJITSU LIMITED)
Fujitsu System Extension Utility (Version: 3.1.0.0 - FUJITSU LIMITED) Hidden
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version:  - EFD Software)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP)
HP Photosmart Appliance Printer Driver Software 8.0.D (HKLM\...\{596A8F65-C705-4e68-B85E-CE0B45490712}) (Version: 8.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HyperCam 2 (HKLM\...\HyperCam 2) (Version: 2.28.01 - Hyperionics Technology LLC)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.2 - Intel)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version:  - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM\...\{b56d9ff6-9167-47a4-8563-554f20201871}) (Version: 15.8.0 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 77 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Kodi (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Kodi) (Version:  - XBMC-Foundation)
Langenscheidt Grammatiktrainer 6.0 Englisch (HKLM\...\Grammatiktrainer 6.0 Englisch) (Version: 01.00.00.00 - Langenscheidt)
Langenscheidt Grammatiktrainer 6.0 Italienisch (HKLM\...\Grammatiktrainer 6.0 Italienisch) (Version: 01.00.00.00 - Langenscheidt)
Langenscheidt Grammatiktrainer 6.0 Spanisch (HKLM\...\Grammatiktrainer 6.0 Spanisch) (Version: 01.00.00.00 - Langenscheidt)
Langenscheidt Kurs 1 6.0 Englisch (HKLM\...\Kurs 1 6.0 Englisch) (Version: 01.00.00.00 - Langenscheidt)
Langenscheidt Kurs 2 6.0 Englisch (HKLM\...\Kurs 2 6.0 Englisch) (Version: 01.00.00.00 - Langenscheidt)
Langenscheidt Kurs 2 6.0 Italienisch (HKLM\...\Kurs 2 6.0 Italienisch) (Version: 01.00.00.00 - Langenscheidt)
Langenscheidt Kurs 2 6.0 Spanisch (HKLM\...\Kurs 2 6.0 Spanisch) (Version: 01.00.00.00 - Langenscheidt)
Langenscheidt Kurs 6.0 Italienisch (HKLM\...\Kurs 6.0 Italienisch) (Version: 01.00.00.00 - Langenscheidt)
Langenscheidt Kurs 6.0 Spanisch (HKLM\...\Kurs 6.0 Spanisch) (Version: 01.00.00.00 - Langenscheidt)
Langenscheidt Vokabeltrainer 6.0 Englisch (HKLM\...\{67F91DB9-1958-4328-869C-032415F04AD1}) (Version: 6.0.21 - Langenscheidt)
Langenscheidt Vokabeltrainer 6.0 Italienisch (HKLM\...\{39DFF58C-ECB7-4317-BC1E-C567ABDBE31C}) (Version: 6.0.21 - Langenscheidt)
Langenscheidt Vokabeltrainer 6.0 Spanisch (HKLM\...\{C2FFB8DE-7713-4A56-8EFA-C9126955BFDD}) (Version: 6.0.21 - Langenscheidt)
LenovoUsbDriver 1.0.4 (HKLM\...\LenovoUsbDriver) (Version: 1.0.4 - Lenovo)
lingDIALOG (HKLM\...\InstallShield_{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}) (Version: 3.0908 - WEVOSYS)
lingDIALOG (Version: 3.0908 - WEVOSYS) Hidden
LinuxLive USB Creator (HKLM\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
LSI V92 MOH Application (HKLM\...\LTMOH) (Version:  - LSI Corporation)
MakeMKV v1.8.6 (HKLM\...\MakeMKV) (Version: v1.8.6 - GuinpinSoft inc)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MATLAB R2014a (HKLM\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
MediaManager (HKLM\...\MediaManager) (Version:  - )
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\OneDriveSetup.exe) (Version: 17.3.5930.0814 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPRO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.1.3 (HKLM\...\{DE46417A-9E9E-4BCD-BBDD-DA21943193BB}_is1) (Version: 1.1.3 - )
Mozilla Firefox 45.0.2 (x86 de) (HKLM\...\Mozilla Firefox 45.0.2 (x86 de)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyScript Stylus 2.6 (HKLM\...\MyScript Stylus_is1) (Version: 2.6.0.11 - Vision Objects)
MyScript Stylus Shared Files (HKLM\...\{FCB95BA2-F685-48D0-AB04-C88E79133B75}) (Version: 1.0.0 - Vision Objects)
NAVIGON Fresh 3.5.1 (HKLM\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Nitro Pro 8 (HKLM\...\{024201B6-AE55-4A53-B17C-00D4906990F8}) (Version: 8.5.4.11 - Nitro)
Nitro Pro 9 (HKLM\...\{0E4D0DAF-ADE8-45E3-8B1B-2AFD78BCB064}) (Version: 9.0.4.5 - Nitro)
Nmap 6.46 (HKLM\...\Nmap) (Version:  - )
No23 Recorder (HKLM\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
Noten-Manager 7.1 (HKLM\...\{3697BA5C-3C7E-436C-A783-677160B31B9F}) (Version: 1.0.0 - schule_kranz)
Novacomd (HKLM\...\{BA9A297F-0198-4EE8-90CB-F5036C180E1D}) (Version: 1.0.0.76 - Palm, Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - )
O2Micro Flash Memory Card Windows Driver (HKLM\...\InstallShield_{469ED3E8-D21E-40E8-B00F-63516D26FAE3}) (Version: 3.00.0006 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 3.00.0006 - O2Micro International LTD.) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Oracle VM VirtualBox 4.2.14 (HKLM\...\{F56A55E8-F340-484B-83A5-39C440F0407C}) (Version: 4.2.14 - Oracle Corporation)
Origin (HKLM\...\Origin) (Version: 9.3.2.2730 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
OZ711 SCR Driver  (HKLM\...\InstallShield_{5C3EA21C-22C0-4A44-BE58-D8CBB2F2B6B2}) (Version: 3.0.1.6D - O2Micro)
OZ711 SCR Driver  (Version: 3.0.1.6D - O2Micro) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
Power Saving Utility (HKLM\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version: 31.00.11.006 - FUJITSU LIMITED)
Power Saving Utility (Version: 31.00.11.006 - FUJITSU LIMITED) Hidden
Protector Suite 2012 (HKLM\...\{C767056D-3CE2-442D-BC78-F05E94F450D0}) (Version: 5.9.8.7279 - Authentec Inc.)
PS_AIO_02_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
PSPad editor (HKLM\...\PSPad editor_is1) (Version: 4.5.7.2450 - Jan Fiala)
psynetic® Gif-X 3.00 (HKLM\...\psynetic® Gif-X) (Version: 3.00 - Robert Mundt)
Python 2.7 lxml-3.3.5 (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\lxml-py2.7) (Version:  - )
Python 2.7.8 (HKLM\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
QIP 2012 4.0.9340 (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\QIP 2012) (Version: 4.0.9340 - )
QIP Infium 3.0.9044 (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\QIP Infium) (Version: 3.0.9044 - )
QIP Internet Guardian (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\QipGuard) (Version:  - )
Rainlendar2 (remove only) (HKLM\...\Rainlendar2) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
Sandboxie 4.16 (32-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Secure Download Manager (HKLM\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Security Panel (HKLM\...\InstallShield_{45CA9B23-5EF8-43AA-9851-E9E062BF0147}) (Version: 2.1.0.0 - FUJITSU LIMITED)
Security Panel Application (Version: 2.1.0.0 - FUJITSU LIMITED) Hidden
Security Panel Application for Supervisor (Version: 2.1.0.0 - FUJITSU LIMITED) Hidden
Security Panel for Supervisor (HKLM\...\InstallShield_{17F82182-0E3D-4A14-8843-5ECBFAF4F12F}) (Version: 2.1.0.0 - FUJITSU LIMITED)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version:  - Microsoft)
Shock Sensor Utility (HKLM\...\InstallShield_{827517C3-9B89-458E-A8F2-96DD24BDFE29}) (Version: 2.2.0.0 - FUJITSU LIMITED)
Shock Sensor Utility (HKLM\...\InstallShield_{ABE8CE7E-01CC-4500-BAF5-FFC29EA108A1}) (Version: 4.00.01.000 - Ihr Firmenname)
Shock Sensor Utility (Version: 2.2.0.0 - FUJITSU LIMITED) Hidden
Shock Sensor Utility (Version: 4.00.01.000 - Ihr Firmenname) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Sierra Wireless AirCard Watcher (HKLM\...\{CE619CFC-F5C0-43CC-AA66-BEDDA623CCA1}) (Version: 6.0.2849.0001 - Sierra Wireless Inc.)
SimpleTV 0.4.6 r (HKLM\...\{290A2821-B1F8-4565-B49A-25F349A5B5CB}_is1) (Version:  - SergeyVS)
Skype™ 7.21 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{746AB259-6474-4111-8966-1C62F9A6E063}) (Version: 2.3.1 - SlimWare Utilities, Inc.)
SMART Ink (HKLM\...\{FC69B741-DC56-4591-97A2-A6BA211B7E76}) (Version: 2.2.589.1 - SMART Technologies ULC)
SMART Notebook (HKLM\...\{84579080-E961-4DE7-93AB-5E2B81A96387}) (Version: 14.1.843.0 - SMART Technologies ULC)
SMART Produkttreiber (HKLM\...\{890680EC-2F88-47F0-970C-593081E62593}) (Version: 11.6.428.0 - SMART Technologies ULC)
SmartPack 1.19.0 (HKLM\...\PlexUtil) (Version: 1.19.0 - PLDS)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
Snip (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\{525d439e-e22a-4221-8fd1-25b845fe0038}) (Version: 0.1.5119.0 - Microsoft Corporation)
Snip (Version: 0.1.5119.0 - Microsoft) Hidden
SolidWorks 2014 German Resources (Version: 22.120.40 - SolidWorks Corporation) Hidden
SolidWorks 2014 SP02 (HKLM\...\SolidWorks Installation Manager 20140-40200-1100-200) (Version: 22.2.0.40 - SolidWorks Corporation)
SolidWorks 2014 SP02 (Version: 22.120.40 - SolidWorks) Hidden
SolidWorks Composer Player 2014 SP02 (Version: 22.20.40 - Dassault Systemes SolidWorks) Hidden
SolidWorks eDrawings 2014 SP02 (Version: 14.2.116 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Flow Simulation 2014 SP02 (Version: 22.20.41 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2014 SP02 (Version: 22.20.40 - SolidWorks Corporation) Hidden
Sony Ericsson PC Companion 1.60.13 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 1.60.13 - Sony Ericsson)
SopCast 3.5.0 (HKLM\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Stifttablett (HKLM\...\Pen Tablet Driver) (Version: 5.1.1.11 - Wacom Technology Corp.)
SuperEasy Driver Updater v.1.1.1 (HKLM\...\{039BC111-D60F-A6FF-85F4-7992EA886B8D}_is1) (Version: 1.1.1 - SuperEasy Software GmbH & Co. KG)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
The Video Diary (HKLM\...\The Video Diary) (Version: 1.1 - www.TheVideoDiary.com)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torrent Stream 2.0.8.11.1 (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\TorrentStream) (Version: 2.0.8.11.1 - Torrent Stream)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
Transfer Utility (HKLM\...\{0ECE15AC-CB68-40EC-B70D-1B220717844C}) (Version: 1.00.012 - PIXELA)
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
URL Snooper v2.35.02 (HKLM\...\URLSnooper 2_is1) (Version:  - DonationCoder.com)
USB2.0 Digital Camera (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 1.8.1224.01 - Vimicro Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6000 - Broadcom Corporation)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Palm (WinUSB) Palm Devices  (10/09/2009 1.0.1) (HKLM\...\332CCC08910F1AE2E4D90D25DEDE87E3EF797832) (Version: 10/09/2009 1.0.1 - Palm)
Windows-Treiberpaket - Fujitsu America, Inc. (FjBtnDrv) HIDClass  (08/27/2009 4.2.0827.2009) (HKLM\...\F02860D720F53C6FCD75A013226E3E82F54FAB68) (Version: 08/27/2009 4.2.0827.2009 - Fujitsu America, Inc.)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (12/06/2010 4.0.0000.00000) (HKLM\...\76F6B4A696B8C9A7ACFF01D4E1D6EF2D974C3E67) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
Windows-Treiberpaket - MediaTek Inc. (usbser) Ports  (01/05/2012 2.0000.0.1) (HKLM\...\49D9ABA9270C5BDFD7AE1BEB607D36B26BB90235) (Version: 01/05/2012 2.0000.0.1 - MediaTek Inc.)
Windows-Treiberpaket - MediaTek Inc. (usbser) Ports  (09/01/2011 2.0.1136.0) (HKLM\...\32DC281B7E359EA3D16ECC7D98609F6A592B981D) (Version: 09/01/2011 2.0.1136.0 - MediaTek Inc.)
Windows-Treiberpaket - MediaTek Inc. (usbser) Ports  (12/24/2011 2.0000.0.0) (HKLM\...\D0E6296D177F42BB31C0200E49412003DB6C4633) (Version: 12/24/2011 2.0000.0.0 - MediaTek Inc.)
Windows-Treiberpaket - MediaTek Inc. Net  (07/14/2011 1.1129.00) (HKLM\...\8BC3CF920AF63C7AEF78B82D1C60D94704FB95CD) (Version: 07/14/2011 1.1129.00 - MediaTek Inc.)
Windows-Treiberpaket - Microsoft (WUDFRd) WPD  (02/22/2006 5.2.5326.4762) (HKLM\...\B77DDB8A5697AAF5DA4E4859E53C301B877DD206) (Version: 02/22/2006 5.2.5326.4762 - Microsoft)
WinHTTrack Website Copier 3.48-21 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.21 - HTTrack)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireless Selector (HKLM\...\InstallShield_{51202133-E0F9-4314-ACA4-AACBA46A6C69}) (Version: 4.00.00.100 - FUJITSU LIMITED)
Wireless Selector (Version: 4.00.00.100 - FUJITSU LIMITED) Hidden
XYplorer 13.40 (HKLM\...\XYplorer) (Version: 13.40 - Donald Lessau)
YouTube PowerPoint (HKLM\...\{496B5310-3EEB-4412-B3CC-0D013AB916CC}) (Version: 2.0.0 - PPTAlchemy)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\shlxthdl.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Sascha\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{28E3B95D-371D-42D5-A276-8A3EE70100FD}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Sascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> D:\OpenOffice\INSTALLATION\program\soffice.exe -nodefault -nologo => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\shlxthdl.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\shlxthdl.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\ooofilt.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> D:\OpenOffice\INSTALLATION\program\soffice.exe -nodefault -nologo => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Sascha\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Sascha\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\propertyhdl.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Sascha\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Sascha\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\shlxthdl.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> D:\OpenOffice\INSTALLATION\program\soffice.exe -nodefault -nologo => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> D:\OpenOffice\INSTALLATION\program\soffice.exe -nodefault -nologo => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> D:\OpenOffice\INSTALLATION\program\soffice.exe -nodefault -nologo => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Sascha\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {03531F76-EDF1-402D-BAA0-D324555F9BDC} - System32\Tasks\Schnellstart => Rundll32.exe powrprof.dll,SetSuspendState Hibernate
Task: {431FBC2C-0EF4-4E5F-A693-4FD93D052F2E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2186534646-70022557-530426099-1000Core => C:\Users\Sascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {68AC8C81-D4EF-4001-87B2-FFC607A59D33} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {A332F39B-AF1E-4B60-AAF5-E55D2084D584} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {A7255C0B-70B2-4860-AA79-660C24543C40} - System32\Tasks\Fujitsu\DeskUpdate => C:\Program Files\Fujitsu\DeskUpdate\ducmd.exe [2015-06-15] (Fujitsu Technology Solutions)
Task: {C88E4571-AFD3-45A3-A0F5-DABF9E6CDDE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-16] (Google Inc.)
Task: {DBFC2214-B439-4573-B475-BF34B04460FA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2186534646-70022557-530426099-1000UA => C:\Users\Sascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {F0C6B1B3-9A5F-44A3-88A7-E7FC1FE4C4CA} - System32\Tasks\MATLAB R2014a Startup Accelerator => E:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe [2014-01-29] ()

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2186534646-70022557-530426099-1000Core.job => C:\Users\Sascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2186534646-70022557-530426099-1000UA.job => C:\Users\Sascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job => E:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{07CCC520-5524-4F5E-AEB1-296B99396CD2}.job => C:\Windows\system32\msfeedssync.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Sascha\Desktop\Sonstiges\Synaptics Neustart.bat - Verknüpfung.lnk -> C:\Users\Sascha\Desktop\Sonstiges\Synaptics Neustart.bat ()
Shortcut: C:\Users\Sascha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Synaptics Neustart.bat - Verknüpfung.lnk -> C:\Users\Sascha\Desktop\Sonstiges\Synaptics Neustart.bat ()

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-11-03 12:21 - 2015-11-03 12:21 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-01-28 16:47 - 2016-01-28 16:47 - 02595576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareShellExtension.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 02372816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\RCF.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00108808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_filesystem-vc120-mt-1_57.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00023296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_system-vc120-mt-1_57.dll
2013-06-10 11:02 - 2009-11-16 20:31 - 00069632 _____ () C:\Program Files\PSPad editor\PSPadShell.dll
2016-01-28 16:44 - 2016-01-28 16:44 - 00659872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
2016-01-28 16:47 - 2016-01-28 16:47 - 00047368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_date_time-vc120-mt-1_57.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 08872184 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareServiceKernel.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00634624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_regex-vc120-mt-1_57.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00089344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_thread-vc120-mt-1_57.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00032000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_chrono-vc120-mt-1_57.dll
2016-01-28 16:46 - 2016-01-28 16:46 - 00783088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareActivation.dll
2016-01-28 16:46 - 2016-01-28 16:46 - 00452864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareApplicationUpdater.dll
2016-01-28 16:46 - 2016-01-28 16:46 - 00679664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareGamingMode.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00084712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareReset.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00102624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTime.dll
2016-01-28 16:46 - 2016-01-28 16:46 - 00821504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdater.dll
2016-01-28 16:46 - 2016-01-28 16:46 - 00729872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdaterScheduler.dll
2016-01-28 16:46 - 2016-01-28 16:46 - 00897264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIgnoreList.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00205552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareQuarantine.dll
2016-01-28 16:46 - 2016-01-28 16:46 - 01274624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiMalwareEngine.dll
2016-01-28 16:46 - 2016-01-28 16:46 - 00169728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiRootkitEngine.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00902392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerHistory.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 01082088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScanner.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00032512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_timer-vc120-mt-1_57.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00812280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerScheduler.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00940288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealTimeProtection.dll
2016-01-28 16:46 - 2016-01-28 16:46 - 02081528 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIncompatibles.dll
2016-01-28 16:46 - 2016-01-28 16:46 - 01188584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiSpam.dll
2016-01-28 16:46 - 2016-01-28 16:46 - 01143536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiPhishing.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 02519288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareParentalControl.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 02806008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareWebProtection.dll
2016-01-28 16:46 - 2016-01-28 16:46 - 01045752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareEmailProtection.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00048392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_iostreams-vc120-mt-1_57.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 01477376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNetworkProtection.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00825576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePromo.dll
2016-01-28 16:46 - 2016-01-28 16:46 - 00377576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareFeedback.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 02280192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareThreatWorkAlliance.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 01062120 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePinCode.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00827112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNotice.dll
2016-01-28 16:46 - 2016-01-28 16:46 - 01252080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAvcEngine.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00955664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealTimeProtectionHistory.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00424176 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareStatistics.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 08007392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe
2016-01-28 16:47 - 2016-01-28 16:47 - 00386816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_locale-vc120-mt-1_57.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 01731304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\HtmlFramework.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00867576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTrayDefaultSkin.dll
2013-03-10 19:58 - 2013-03-10 19:58 - 02598496 _____ () C:\Program Files\Rainlendar2\Rainlendar2.exe
2012-05-16 21:01 - 2012-05-16 21:01 - 00140800 _____ () C:\Program Files\Rainlendar2\lua52.dll
2013-03-10 19:59 - 2013-03-10 19:59 - 00215648 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
2012-06-17 15:22 - 2012-06-17 15:22 - 00012800 _____ () C:\Program Files\Rainlendar2\lfs.dll
2013-06-05 23:57 - 2008-04-28 07:32 - 00647168 _____ () C:\Windows\system32\vmprp331.ax
2016-04-16 12:57 - 2016-03-21 23:50 - 00034768 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-04-16 12:57 - 2016-03-21 23:51 - 00019408 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-04-16 12:57 - 2016-03-21 23:50 - 00116688 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-04-16 12:57 - 2016-03-21 23:50 - 00093640 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-04-16 12:57 - 2016-03-21 23:50 - 00018376 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\select.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00019760 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00105928 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-04-16 12:57 - 2016-03-21 23:50 - 00392144 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-04-16 12:57 - 2016-04-08 20:20 - 00381752 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-04-16 12:57 - 2016-03-21 23:50 - 00692688 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-04-16 12:57 - 2016-04-08 20:19 - 00020816 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-04-16 12:57 - 2016-03-21 23:51 - 00112592 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-04-16 12:57 - 2016-04-08 20:19 - 01682760 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-04-16 12:57 - 2016-04-08 20:19 - 00020808 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00021840 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-04-16 12:57 - 2016-04-08 20:19 - 00038696 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00020936 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00024528 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00114640 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00124880 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00021832 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00024016 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00175560 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00030160 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00043472 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00028616 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00048592 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-04-16 12:57 - 2016-04-08 20:19 - 00026456 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00057808 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00024016 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-04-16 12:57 - 2016-04-08 20:19 - 00117056 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00023376 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-04-16 12:57 - 2016-03-21 23:50 - 00134608 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-04-16 12:57 - 2016-03-21 23:50 - 00134088 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-04-16 12:57 - 2016-03-21 23:51 - 00240584 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-04-16 12:57 - 2016-04-08 20:19 - 00024392 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00036296 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\librsync.dll
2016-04-16 12:57 - 2016-04-08 20:19 - 00052024 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00020800 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00021824 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00019776 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00020800 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-04-16 12:57 - 2016-04-08 20:19 - 00020280 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00350152 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00022352 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-04-16 12:57 - 2016-04-08 20:19 - 00084280 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-04-16 12:57 - 2016-04-08 20:20 - 01826096 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-04-16 12:57 - 2016-03-21 23:51 - 00083912 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\sip.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 03928880 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 01971504 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00531248 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00132912 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00223544 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00207672 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00158008 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00042808 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-04-16 12:57 - 2016-03-21 23:54 - 00017864 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-04-16 12:57 - 2016-03-21 23:54 - 01631184 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-04-16 12:57 - 2016-04-08 20:20 - 00546096 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00357680 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-04-16 12:57 - 2016-03-21 23:56 - 00697304 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2008-10-09 10:25 - 2008-10-09 10:25 - 00062760 _____ () C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows:nlsPreferences [514]
AlternateDataStreams: C:\Users\Sascha\Documents\SPSS:com.dropbox.attributes [168]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2014-09-10 18:25 - 2014-11-04 23:21 - 00001974 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com127.0.0.1 tonec.com
127.0.0.1 www.tonec.com127.0.0.1 internetdownloadmanager.com127.0.0.1 star.tonec.com
184.173.188.107 localhost 127.0.0.1 home.sopserv.com 

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2186534646-70022557-530426099-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FRITZ!DSL Startcenter.lnk => C:\Windows\pss\FRITZ!DSL Startcenter.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks 2014 Schnellstart.lnk => C:\Windows\pss\SolidWorks 2014 Schnellstart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Sascha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FRITZ!DSL Protect.lnk => C:\Windows\pss\FRITZ!DSL Protect.lnk.Startup
MSCONFIG\startupreg: ActivManager => C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AVMUSBFernanschluss => "C:\Users\Sascha\AppData\Local\Apps\2.0\LLAXTKYE.MD6\OQP2CGHO.J48\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\AVMAutoStart.exe"
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: LtMoh => C:\Program Files\ltmoh\Ltmoh.exe
MSCONFIG\startupreg: QIP Internet Guardian => C:\Users\Sascha\AppData\Roaming\QipGuard\QipGuard.exe /p
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: sbsdk-server => "C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe"
MSCONFIG\startupreg: SMART Board Service => "C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe" -d
MSCONFIG\startupreg: SMART Floating Tools => "C:\Program Files\SMART Technologies\Education Software\FloatingTools.exe"
MSCONFIG\startupreg: SMART Ink => "C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe" -a
MSCONFIG\startupreg: SMART Tray Tools => "C:\Program Files\SMART Technologies\Education Software\SMARTSystemMenu.exe"
MSCONFIG\startupreg: SMARTNotification => "C:\Program Files\SMART Technologies\Education Software\SMARTNotification.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A83C87B6-9C47-4329-A981-313B7B553DE4}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{245525EE-8D2C-4455-9B8F-AB60362FA866}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F1CB6BE8-635C-444E-AE96-A2E46AB81277}] => (Allow) D:\Program Files\Opera\opera.exe
FirewallRules: [{2C1EB595-8602-4EE9-8D7E-61EB61AEF740}] => (Allow) D:\Program Files\Opera\opera.exe
FirewallRules: [{8D98E885-2D75-4487-AE44-DF580D4977CE}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{7F27EEF5-AC05-489D-BBB7-CE0D21F3AED9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{ED3AE3F5-B686-4C72-8349-E0522F73E6D6}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{757F737F-676D-4FA5-9B05-82023E1930B5}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{527D3E2B-6D36-4533-8010-7E6E8EDA3A3F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{C0DC2148-E407-499E-94CA-355DFCA61F87}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{641F97BA-D8B3-438C-8FAF-8312D118C44E}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{842EDFE3-C585-4F3F-B1B6-4783E1D8EB29}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{42818F63-DA5A-4B37-8093-A1FD74DF2624}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{FD0B82AD-7ED6-4393-9AD3-1CA9441AFE44}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{9A132DC9-71FF-4828-8E1D-36FEDB948A54}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{A4111A70-377C-4BAE-9F9D-0B800E22CA8A}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{8B3C1031-8B28-44DA-B884-A725AC8C72A7}] => (Allow) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A32F2FD6-22B2-41C9-ABB3-4873F9197A33}] => (Allow) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BDBDEA11-B09F-4E5B-A132-6C59EC8923BA}] => (Allow) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F14909D0-1813-40A0-A08F-3595689F7D9A}] => (Allow) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{923120DE-F6E0-4684-AAE1-8BD4BC4AE6F7}] => (Allow) D:\Program Files\Opera\opera.exe
FirewallRules: [{74226C5C-1393-4DC5-B5CA-77BC76604BC0}] => (Allow) D:\Program Files\Opera\opera.exe
FirewallRules: [{9CADDBC4-A5F0-4C1B-AC05-8B773BBDE4A8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{B9298326-F53C-494C-854F-B740A552A642}] => (Allow) E:\Program Files\Steam\Steam.exe
FirewallRules: [{D127F059-E7D2-4535-9AEF-CC127E8A3CE9}] => (Allow) E:\Program Files\Steam\Steam.exe
FirewallRules: [{707F581C-EC89-4558-8571-F047E168334F}] => (Allow) C:\Program Files\SMART Technologies\Education Software\UCGui.exe
FirewallRules: [{93941037-1AC9-4C7A-AC45-357FBF5F0A15}] => (Allow) C:\Program Files\SMART Technologies\Education Software\UCGui.exe
FirewallRules: [{66A42203-55E6-4F88-B32C-6A881C9B768F}] => (Allow) C:\Program Files\SMART Technologies\Education Software\UCService.exe
FirewallRules: [{D19E6BF9-2484-44DF-B2E4-ACC256D7C0EB}] => (Allow) C:\Program Files\SMART Technologies\Education Software\UCService.exe
FirewallRules: [{2299909A-DF84-444A-B595-AC255F6BD843}] => (Allow) C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe
FirewallRules: [{FD5C8F3B-ADF7-4C31-955D-AE743F24077B}] => (Allow) C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe
FirewallRules: [{92A5C3E4-08B8-4AF5-B661-C65BDB2C274B}] => (Allow) C:\Program Files\SMART Technologies\Education Software\Notebook.exe
FirewallRules: [{1AC759F0-EFEC-441F-ADD7-F6C87593A8A3}] => (Allow) C:\Program Files\SMART Technologies\Education Software\Notebook.exe
FirewallRules: [{13C4DDC3-1D66-4029-90B9-23A89E36BC5B}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{B85DE4CD-FEF0-472B-B9C4-06905561C7E4}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{F24756D4-F4BB-40CA-892C-90DB818FA866}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{2937378E-6C9E-43B3-9444-E6C675FB999F}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{361A70E2-63E2-4EB6-9128-4518D860275B}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{AB8FE976-A1C3-4E9D-9597-24788DB0698F}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{F70BDE79-70B2-49DB-B3E5-98D0D4E5C078}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{66AC216C-92FE-404D-971C-E5200C2A3ED4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{303EC7BE-8463-495C-985E-1C10D8ACA5B2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{F312D27E-AA80-4C2F-ADFD-F45DC45CFD63}] => (Allow) C:\Users\Sascha\AppData\Local\Apps\2.0\LLAXTKYE.MD6\OQP2CGHO.J48\frit..tion_1acae14e4778b8d2_0002.0003_60014d656f6786b9\fritzbox-usb-fernanschluss.exe
FirewallRules: [{7EEBA0E5-7AF5-4440-B832-AAA61F4540A8}] => (Allow) C:\Users\Sascha\AppData\Local\Apps\2.0\LLAXTKYE.MD6\OQP2CGHO.J48\frit..tion_1acae14e4778b8d2_0002.0003_60014d656f6786b9\fritzbox-usb-fernanschluss.exe
FirewallRules: [{E419D278-7C82-436E-9F21-C6ECF689FD2F}] => (Allow) C:\Users\Sascha\AppData\Local\Apps\2.0\LLAXTKYE.MD6\OQP2CGHO.J48\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [{1354F72F-CACF-4F26-856E-7B0F8B948875}] => (Allow) C:\Users\Sascha\AppData\Local\Apps\2.0\LLAXTKYE.MD6\OQP2CGHO.J48\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [{9892A008-27C3-492C-8EA2-2E31704CB3E0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AE5593C2-C283-454A-9317-D6CE20CDB0FD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8A6FB239-06FC-4976-93F2-BB37F710D243}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{925717CE-0A4F-47DF-850E-EA3A35067E9E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{B60ECD7B-936F-45D7-BE29-C089964D0BF2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CD055597-24CE-47BF-B98F-64934E30BCE7}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
StandardProfile\AuthorizedApplications: [C:\Users\Sascha\AppData\Local\Temp\RarSFX0\SwiApiMux.exe] => Enabled:SwiApiMux
StandardProfile\AuthorizedApplications: [C:\Program Files\Sierra Wireless Inc\3G Watcher2\TRUUpdater.exe] => C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: SMART Virtual TabletPC
Description: SMART Virtual TabletPC
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: SMART Technologies ULC
Service: SMARTVTabletPCx86
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4380 series
Description: Photosmart C4380 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4380 series
Description: Photosmart C4380 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 9100 series
Description: Officejet 9100 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: hewlett-packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 9100 series
Description: Officejet 9100 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: hewlett-packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 9100 series
Description: Officejet 9100 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: hewlett-packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 9100 series
Description: Officejet 9100 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: hewlett-packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (04/18/2016 08:12:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2016 11:42:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2016 03:52:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2016 12:48:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2016 01:17:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2016 10:43:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2016 09:55:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2016 08:52:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2016 08:51:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AtService.exe, Version: 8.5.1.28, Zeitstempel: 0x4a73b035
Name des fehlerhaften Moduls: AtService.exe, Version: 8.5.1.28, Zeitstempel: 0x4a73b035
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00021b26
ID des fehlerhaften Prozesses: 0x31c
Startzeit der fehlerhaften Anwendung: 0xAtService.exe0
Pfad der fehlerhaften Anwendung: AtService.exe1
Pfad des fehlerhaften Moduls: AtService.exe2
Berichtskennung: AtService.exe3

Error: (04/13/2016 11:01:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Systemfehler:
=============
Error: (04/18/2016 12:17:17 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst UNS erreicht.

Error: (04/17/2016 11:46:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (04/17/2016 11:43:06 AM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Die Smartcard konnte nicht zurückgesetzt werden.O2Micro PCMCIA Reader 0POWER01 00 00 00

Error: (04/16/2016 11:53:13 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Die Smartcard konnte nicht zurückgesetzt werden.O2Micro PCMCIA Reader 0POWER01 00 00 00

Error: (04/16/2016 10:49:02 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Die Smartcard konnte nicht zurückgesetzt werden.O2Micro PCMCIA Reader 0POWER01 00 00 00

Error: (04/16/2016 09:25:37 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Die Smartcard konnte nicht zurückgesetzt werden.O2Micro PCMCIA Reader 0POWER01 00 00 00

Error: (04/16/2016 08:09:55 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (04/16/2016 08:09:55 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (04/16/2016 07:17:52 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Die Smartcard konnte nicht zurückgesetzt werden.O2Micro PCMCIA Reader 0POWER01 00 00 00

Error: (04/16/2016 07:14:25 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz
Prozentuale Nutzung des RAM: 53%
Installierter physikalischer RAM: 3023.87 MB
Verfügbarer physikalischer RAM: 1396.72 MB
Summe virtueller Speicher: 6046.07 MB
Verfügbarer virtueller Speicher: 3856.34 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:142.23 GB) (Free:50.31 GB) NTFS
Drive d: () (Fixed) (Total:323.43 GB) (Free:247.63 GB) NTFS
Drive e: (DATA) (Fixed) (Total:232.88 GB) (Free:3.03 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 43ED5D1E)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 97CAB5A0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=142.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=323.4 GB) - (Type=07 NTFS)

==================== Ende vom Addition.txt ============================
         
...und gleich kommt Cosinus und haut mir Avira um die Ohren XD
__________________


Geändert von goro11 (18.04.2016 um 09:16 Uhr)

Alt 20.04.2016, 13:17   #3
burningice
/// Malwareteam
 
Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\" - Standard

Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\"




Mein Name ist Rafael und ich werde dir bei der Bereinigung helfen.

Damit ich dir optimal helfen kann, halte dich bitte an folgende Regeln:
  • Bitte lies meine Posts komplett durch bevor du sie abarbeitest
  • Wenn ein Problem auftauchen sollte oder dir etwas unklar ist, unterbreche deine Arbeit und beschreibe es so genau wie möglich.
  • Bitte kein Crossposting
  • Installiere oder Deinstalliere keine Software ohne Aufforderung
  • Bitte verwende nur die Tools, welche hier im Thread erwähnt werden und führe sie nur gemäß Anweisung aus
  • Bitte antworte innerhalb von 24h um eine sinnvolle Bereinigung zu ermöglichen
  • Poste die Logs immer in CODE-Tags (#-Button), zur Not die Logs einfach aufteilen
  • Wichtig: Nur weil dein Problem mit einem Schritt plötzlich behoben ist, bedeutet das nicht, dass dein PC auch sauber ist. Mache solange weiter, bis ich dir sage, dass dein PC "clean" ist
  • Wenn ich dir nicht binnen 36h antworte, sende mir bitte eine persönliche Nachricht!
Los geht's

Nein bin nur ich diesmal

Aber:
Zitat:
Was ich an der Zusammenarbeit von Avira und Adaware interessant finde: Wenn ich den Scan durch AdAware durchführen lasse, meldet sich Avira bei Fund (ich nehme an, dass AdAware bei der Suche bestimmte Pfade aufruft und der Echtzeitscanner dann Alarm schlägt). Nach dem Scan jedoch enthält der Bericht von Avira keine Viren/Trojaner, dessen Ereignisliste ist jedoch voll von Funden. Der Bericht von AdAware enthält ebenfalls Funde.
genau darum ist das Schrott.

Mehrere Anti-Virus-Programme

Code:
ATTFilter
Avira 
Ad-Aware Antivirus
Spybot - Search and Destroy
         
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Ausserdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über die Systemsteuerung => Software.

Zitat:
Speedy hat letztens eine einleuchtende Erklärung dazu geliefert: "Man stelle sich einen Torwart vor, der das Tor hüten soll (Anti-Virus-Programm), der Ball kommt angeflogen (Virus), der Torhüter konzentriert sich auf den Ball und fängt ihn. Jetzt stelle Dir zwei Torhüter im Tor vor ...., die knallen aneinander und der Ball kann ungehindert ins Tor wandern."
Deinstalliere Mimimum Ad-Aware Antivirus (Lavasoft *schauder*) und Spybot - Search and Destroy, beides Crap.
Avira, meine Güte - wenn du es gekauft hast selber schuld


Wenn du das gemacht hast:
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.
__________________
__________________

Alt 20.04.2016, 17:18   #4
goro11
 
Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\" - Icon24

Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\"



Hallo Rafael!
Vielen Dank für deine Hilfe! Spybot und Ad-Aware habe ich deinstalliert. Avira Pro geht über die Uni, somit kostet es mich nichts (ausser meiner Daten, die Avira womöglich hochlädt - ist mir persönlich eher schnuppe).

Da die Logs zu groß sind, muss ich die in mehrere Posts aufteilen :-(

Hier kommt die FRST.txt:

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:17-04-2016
durchgeführt von Sascha (Administrator) auf SASCHA-PC (20-04-2016 17:52:43)
Gestartet von C:\Users\Sascha\Desktop
Geladene Profile: Sascha (Verfügbare Profile: Sascha & IWB)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Authentec Inc.) C:\Program Files\Protector Suite\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Fujitsu Technology Solutions) C:\Program Files\Fujitsu\DeskView\Common\FscHMCfg.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Nitro PDF Software) D:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Windows\System32\WTablet\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
() C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Microsoft Corporation) C:\Users\Sascha\AppData\Local\Snip\Snip.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7703072 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [764528 2016-03-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [IndicatorUtility] => C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47464 2009-06-22] (FUJITSU LIMITED)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975760 2015-11-03] (Cisco Systems, Inc.)
HKLM\...\Run: [FUJ02B1_Apps] => C:\Program Files\Fujitsu\FUJ02B1\CheckBatteryPack.exe [366376 2016-03-17] (FUJITSU LIMITED)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll [2012-10-23] (Authentec Inc.)
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Run: [Dropbox Update] => C:\Users\Sascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Run: [Snip] => C:\Users\Sascha\AppData\Local\Snip\Snip.exe [1713312 2015-10-19] (Microsoft Corporation)
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50676864 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\MountPoints2: {0cebd7cc-ce8f-11e2-b157-00a0d5ffffa5} - F:\Startme.exe
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\MountPoints2: {50d5c9c3-7f73-11e4-b352-001742fd5e4f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\autorun.exe /auto
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\MountPoints2: {f690ec43-7c86-11e4-b1bc-fc6fd48a52bd} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\autorun.exe /auto
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\MountPoints2: {fb8e2f6d-7ebc-11e4-9153-001742fd5e4f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\autorun.exe /auto
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\MountPoints2: {fb8e3063-7ebc-11e4-9153-001742fd5e4f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\autorun.exe /auto
HKU\S-1-5-18\...\Run: [FRITZ!protect] => FwebProt.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite\farchns.dll [2012-10-23] (Authentec Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite\farchns.dll [2012-10-23] (Authentec Inc.)
Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe - Verknüpfung.lnk [2013-11-22]
ShortcutTarget: ctfmon.exe - Verknüpfung.lnk -> C:\Windows\System32\ctfmon.exe (Microsoft Corporation)
Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-16]
ShortcutTarget: Dropbox.lnk -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 01 C:\Windows\system32\NLAapi.dll [52224 2012-10-03] (Microsoft Corporation) ACHTUNG: LibraryPath sollte sein "C:\Windows)\system32\NLAapi.dll"
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{69767269-0577-45C1-88DC-B1D78DE44DAF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AB78458C-7E79-49A8-8741-7B110BCDCC40}: [NameServer] 62.134.11.4 195.182.110.132塚BḈ¿ↅ䍟謓並BḈ¿

Internet Explorer:
==================
HKU\S-1-5-21-2186534646-70022557-530426099-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-09-05] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-09-05] (Adobe Systems Incorporated)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-09-05] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2186534646-70022557-530426099-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-09-05] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-03-18] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094
FF Homepage: hxxp://www.google.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> E:\Program Files\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> D:\Program Files\Nitro\Pro 8\npnitromozilla.dll [2013-05-27] (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC 0.8.6\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Acrobat -> D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2186534646-70022557-530426099-1000: @torrentstream.net/tsplugin,version=2.0.8.11.1 -> C:\Users\Sascha\AppData\Roaming\TorrentStream\player\npts_plugin.dll [2014-04-25] (Innovative Digital Technologies)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll [2014-01-09] (Dassault Systèmes SolidWorks Corp.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-04-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-04-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-04-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-04-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-04-24] (Apple Inc.)
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-12-02] [ist nicht signiert]
FF Extension: Web Developer - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2015-07-12]
FF Extension: NoScript - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-07]
FF Extension: DownThemAll! AntiContainer - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094\extensions\anticontainer@downthemall.net.xpi [2016-04-15]
FF Extension: DownThemAll! - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-04-15]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094\Extensions\elemhidehelper@adblockplus.org.xpi [2016-02-18]
FF Extension: uBlock Origin - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094\Extensions\uBlock0@raymondhill.net.xpi [2016-04-07]
FF Extension: Adblock Plus - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-01] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-04-01] [ist nicht signiert]
FF HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\Sascha\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\Sascha\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org [2015-03-04] [ist nicht signiert]
FF HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - D:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-03-10]
FF HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Sascha\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Sascha\AppData\Roaming\IDM\idmmzcc5 [2016-04-16] [ist nicht signiert]
FF HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files\Internet Download Manager\idmmzcc2.xpi

Chrome: 
=======
CHR Profile: C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Web Developer) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2015-05-27]
CHR Extension: (kimono) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoaddaobnieaecelinfdllcgdehimih [2016-04-14]
CHR Extension: (Adobe Acrobat) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-12]
CHR Extension: (AdBlock) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-12]
CHR Extension: (IDM Integration Module) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-04-14]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Citavi Picker) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2015-11-02]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-09-05]
CHR HKLM\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - D:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-02-11]
CHR HKLM\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - D:\Program Files\Citavi 4\Pickers\Chrome\ChromePicker.crx [2014-02-07]

Opera: 
=======
StartMenuInternet: (HKLM) Opera - D:\Program Files\Opera\Opera.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 ActivControl; C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe [21328 2013-04-25] (Promethean)
S3 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [593376 2013-04-11] (Intel Corporation)
R2 AntiVirFireWallService; C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe [1055488 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [856760 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [463720 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [463720 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1043664 2016-03-10] (Avira Operations GmbH & Co. KG)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1807608 2009-07-31] (AuthenTec, Inc.)
S3 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104240 2012-09-12] (Intel(R) Corporation)
S3 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [76328 2014-01-11] (Dassault Systèmes SolidWorks Corp.)
S3 eBeam Device Service; C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe [180224 2013-06-05] (Luidia, Inc.) [Datei ist nicht signiert]
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1074480 2014-06-28] (Flexera Software LLC)
R2 FscHmCfg; C:\Program Files\Fujitsu\DeskView\Common\FscHMCfg.exe [150656 2012-11-13] (Fujitsu Technology Solutions)
R2 HPSLPSVC; C:\Users\Sascha\AppData\Local\Temp\7zS38EB\hpslpsvc32.dll [701288 2013-02-06] (Hewlett-Packard Co.)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [73528 2009-07-28] (AVM Berlin)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files\Microsoft Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [242928 2013-04-18] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NitroDriverReadSpool8; D:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe [196616 2013-05-27] (Nitro PDF Software)
R2 NitroDriverReadSpool9; D:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2013-11-12] (Nitro PDF Software)
S3 NovacomD; C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe [61440 2011-06-24] (Palm) [Datei ist nicht signiert]
S3 O2Flash; C:\Windows\system32\o2flash.exe [65536 2007-02-12] (O2Micro International) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [62824 2009-07-27] (FUJITSU LIMITED)
S3 RemoteSolverDispatcher; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [191112 2014-01-10] (Mentor Graphics Corporation) [Datei ist nicht signiert]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [135176 2015-02-18] (Sandboxie Holdings, LLC)
S3 SMARTHelperService; C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe [538928 2014-05-29] (SMART Technologies)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-11-01] (SolidWorks) [Datei ist nicht signiert]
R2 SwiCardDetectSvc; C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe [238960 2010-12-02] (Sierra Wireless, Inc.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 TomTomHOMEService; D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-08-27] (TomTom)
S3 UDisk Monitor Z5 Phone; C:\Program Files\Android_USB_Driver_Z\Bin\MonServiceUDisk.exe [585416 2013-11-18] ()
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-08-04] (Intel Corporation)
S3 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [111488 2009-10-12] (CSR, plc)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [579984 2015-11-03] (Cisco Systems, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62760 2008-10-09] ()
S3 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2532592 2013-04-18] (Intel® Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [109248 2015-11-03] (Cisco Systems, Inc.)
S3 ACTIVhidmini; C:\Windows\System32\DRIVERS\ACTIVhidmini.sys [87296 2012-10-30] (Promethean Technologies Ltd)
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [112608 2013-04-11] (Windows (R) Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [112608 2013-04-11] (Windows (R) Win 7 DDK provider)
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [92448 2014-08-15] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [113024 2014-08-15] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [109016 2016-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136272 2016-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-08-15] (Avira Operations GmbH & Co. KG)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [105728 2013-06-06] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-06-06] (DT Soft Ltd)
R3 FjBtnDrv; C:\Windows\System32\DRIVERS\FjBtnDrv.sys [18816 2009-08-27] (Fujitsu America, Inc.)
R0 FJGSDisk; C:\Windows\System32\DRIVERS\FJGSDisk.sys [12712 2013-06-06] (FUJITSU LIMITED)
R2 FJSPA; C:\Program Files\Fujitsu\FJSPA\FJSPA.sys [17712 2006-12-07] (FUJITSU LIMITED)
R3 FlashDrv; C:\Windows\System32\DRIVERS\FlashDrv.sys [22344 2012-11-13] (Fujitsu Technology Solutions)
R3 FscCmos; C:\Windows\System32\DRIVERS\FscCmos.sys [17224 2012-11-13] (Fujitsu Technology Solutions)
R3 FscCpuid; C:\Windows\System32\DRIVERS\FscCpuid.sys [18248 2012-11-13] (Fujitsu Technology Solutions)
R3 FscEfDmi; C:\Windows\System32\DRIVERS\FscEfDmi.sys [18760 2012-11-13] (Fujitsu Technology Solutions)
R3 FscGabi; C:\Windows\System32\DRIVERS\FscGabi.sys [21064 2012-11-13] (Fujitsu Technology Solutions)
R3 FscTime; C:\Windows\System32\DRIVERS\FscTime.sys [20296 2012-11-13] (Fujitsu Technology Solutions)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [48552 2016-03-17] (FUJITSU LIMITED)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [42592 2014-08-25] (hxxp://libusb-win32.sourceforge.net)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7523840 2012-01-23] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc.)
R3 O2SCBUS; C:\Windows\System32\DRIVERS\ozscr.sys [102560 2009-05-15] (O2Micro)
S3 prmvmouse; C:\Windows\System32\DRIVERS\activmouse.sys [6656 2012-10-30] (Promethean Technologies Ltd)
S3 s1029bus; C:\Windows\System32\DRIVERS\s1029bus.sys [90280 2009-05-25] (MCCI Corporation)
S3 s1029mdfl; C:\Windows\System32\DRIVERS\s1029mdfl.sys [15016 2009-05-25] (MCCI Corporation)
S3 s1029mdm; C:\Windows\System32\DRIVERS\s1029mdm.sys [122280 2009-05-25] (MCCI Corporation)
S3 s1029mgmt; C:\Windows\System32\DRIVERS\s1029mgmt.sys [115880 2009-05-25] (MCCI Corporation)
S3 s1029nd5; C:\Windows\System32\DRIVERS\s1029nd5.sys [26024 2009-05-25] (MCCI Corporation)
S3 s1029obex; C:\Windows\System32\DRIVERS\s1029obex.sys [111912 2009-05-25] (MCCI Corporation)
S3 s1029unic; C:\Windows\System32\DRIVERS\s1029unic.sys [116904 2009-05-25] (MCCI Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161288 2015-02-18] (Sandboxie Holdings, LLC)
R3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [8192 2014-05-29] (SMART Technologies)
R3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [7680 2014-05-29] (SMART Technologies)
S3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [15872 2014-05-29] (SMART Technologies ULC)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [27696 2015-06-22] (Avira Operations GmbH & Co. KG)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13368 2015-12-26] (SlimWare Utilities, Inc.)
S3 swiwdmbus; C:\Windows\System32\DRIVERS\swiwdmbus.sys [82048 2010-11-16] (Sierra Wireless Inc.)
S3 SWNC8U3C; C:\Windows\System32\DRIVERS\swnc8u3C.sys [231936 2010-11-16] (Sierra Wireless Inc.)
S3 SWUMX3C; C:\Windows\System32\DRIVERS\swumx3C.sys [156672 2010-11-16] (Sierra Wireless Inc.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [977024 2009-08-25] (Vimicro Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-08-15] (Cisco Systems, Inc.)
R3 vvftav323; C:\Windows\System32\drivers\vvftav323.sys [475136 2007-03-19] (Vimicro Corporation)
R3 WISDPen; C:\Windows\System32\DRIVERS\wisdpen.sys [36648 2009-08-24] (Wacom Technology)
S3 FscBapi; system32\DRIVERS\FscBapi.sys [X]
S3 OemF0211; system32\DRIVERS\OemF0211.sys [X]
S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-20 17:52 - 2016-04-20 17:56 - 00031427 _____ C:\Users\Sascha\Desktop\FRST.txt
2016-04-20 17:41 - 2016-04-20 17:41 - 00000079 _____ C:\Windows\wininit.ini
2016-04-18 13:52 - 2016-04-18 14:00 - 00253194 _____ C:\TDSSKiller.3.1.0.9_18.04.2016_13.52.20_log.txt
2016-04-18 13:50 - 2016-04-18 13:50 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Sascha\Desktop\tdsskiller.exe
2016-04-18 10:10 - 2016-04-18 10:11 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Sascha\Desktop\mbar-1.09.3.1001.exe
2016-04-18 09:21 - 2016-04-18 09:21 - 00023336 _____ C:\Users\Sascha\Desktop\Ereignisse.txt
2016-04-18 08:47 - 2016-04-20 17:52 - 00000000 ____D C:\FRST
2016-04-18 08:42 - 2016-04-18 08:42 - 01726464 _____ (Farbar) C:\Users\Sascha\Desktop\FRST.exe
2016-04-17 22:41 - 2016-04-17 22:41 - 00001892 _____ C:\Users\Sascha\Desktop\Ad-Aware_Report_Full_Manual_2016-04-17T22-30-36.318465.xml
2016-04-16 16:08 - 2016-03-31 20:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-16 16:08 - 2016-03-31 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-16 16:08 - 2016-03-31 02:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-16 16:08 - 2016-03-31 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-16 16:08 - 2016-03-31 01:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-16 16:08 - 2016-03-31 01:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-16 16:08 - 2016-03-31 01:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-16 16:08 - 2016-03-31 01:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-16 16:08 - 2016-03-31 01:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-16 16:08 - 2016-03-31 01:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-16 16:08 - 2016-03-31 01:45 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-16 16:08 - 2016-03-31 01:41 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-16 16:08 - 2016-03-31 01:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-16 16:08 - 2016-03-31 01:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-16 16:08 - 2016-03-31 01:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-16 16:08 - 2016-03-31 01:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-16 16:08 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-16 16:08 - 2016-03-31 01:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-16 16:08 - 2016-03-31 01:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-16 16:08 - 2016-03-31 01:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-16 16:08 - 2016-03-31 01:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-16 16:08 - 2016-03-31 01:23 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-16 16:08 - 2016-03-31 01:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-16 16:08 - 2016-03-31 01:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-16 16:08 - 2016-03-31 01:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-16 16:08 - 2016-03-31 01:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-16 16:07 - 2016-03-31 02:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-16 16:07 - 2016-03-31 01:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-16 16:07 - 2016-03-31 01:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-16 16:07 - 2016-03-31 01:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-16 16:07 - 2016-03-31 01:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-16 16:07 - 2016-03-31 01:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-16 16:07 - 2016-03-31 01:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-16 16:07 - 2016-03-31 01:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-16 16:07 - 2016-03-31 01:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-16 16:07 - 2016-03-11 20:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-16 13:10 - 2016-03-18 00:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-04-16 13:10 - 2016-03-18 00:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-16 13:10 - 2016-03-18 00:36 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-16 13:10 - 2016-03-18 00:36 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-16 13:10 - 2016-03-18 00:33 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-16 13:10 - 2016-03-18 00:30 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-16 13:10 - 2016-03-18 00:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-16 13:10 - 2016-03-18 00:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-16 13:10 - 2016-03-18 00:30 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-16 13:10 - 2016-03-18 00:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-16 13:10 - 2016-03-18 00:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-16 13:10 - 2016-03-18 00:29 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-16 13:10 - 2016-03-18 00:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-16 13:10 - 2016-03-18 00:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-16 13:10 - 2016-03-18 00:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-16 13:10 - 2016-03-18 00:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-16 13:10 - 2016-03-18 00:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-16 13:10 - 2016-03-18 00:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-16 13:10 - 2016-03-18 00:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-16 13:10 - 2016-03-18 00:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-16 13:10 - 2016-03-18 00:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-16 13:10 - 2016-03-18 00:26 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-16 13:10 - 2016-03-18 00:26 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-16 13:10 - 2016-03-18 00:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-16 13:10 - 2016-03-18 00:26 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-16 13:10 - 2016-03-18 00:25 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-16 13:10 - 2016-03-18 00:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-16 13:10 - 2016-03-17 23:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-16 13:10 - 2016-03-17 23:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-16 13:10 - 2016-03-17 23:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-16 13:10 - 2016-03-17 23:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-16 13:10 - 2016-03-17 23:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-16 13:10 - 2016-03-17 23:36 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-16 13:10 - 2016-03-17 23:35 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-16 13:10 - 2016-03-17 23:30 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-16 13:10 - 2016-03-17 23:30 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-16 13:10 - 2016-03-17 23:30 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-16 13:10 - 2016-03-17 23:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-16 13:10 - 2016-03-17 23:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-16 13:10 - 2016-03-17 23:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-16 13:10 - 2016-03-17 23:29 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-16 13:10 - 2016-03-17 23:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-16 13:10 - 2016-03-17 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-16 13:10 - 2016-03-17 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-16 13:10 - 2016-03-17 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-16 13:08 - 2016-03-06 20:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-16 13:08 - 2016-03-06 20:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-16 13:04 - 2016-03-29 19:35 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-16 13:03 - 2016-04-16 13:03 - 00000000 ____D C:\Program Files\Lavasoft
2016-04-16 12:58 - 2016-04-16 12:58 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-15 01:24 - 2016-03-16 01:53 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-15 01:24 - 2016-03-16 01:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-14 00:18 - 2016-04-14 00:18 - 01695703 _____ C:\Users\Sascha\Desktop\1366_269-13.pdf
2016-04-12 21:36 - 2016-04-13 09:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-04-11 17:02 - 2016-04-11 17:02 - 61815001 _____ C:\Users\Sascha\Desktop\d9722cf018848242e0bb565de93b5dc1.mp4
2016-04-11 16:46 - 2016-04-16 13:52 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\IDM
2016-04-11 16:46 - 2016-04-11 16:46 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-04-11 16:46 - 2016-04-11 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-04-11 16:42 - 2016-04-11 16:42 - 00000000 ____D C:\Users\Sascha\Desktop\IDM_6.25_Build_14_Fix_exe___Serials
2016-04-10 22:08 - 2016-04-10 22:08 - 00000000 ____D C:\php
2016-04-10 22:07 - 2016-04-10 22:07 - 21790696 _____ C:\Users\Sascha\Desktop\php-7.0.5-nts-Win32-VC14-x86.zip
2016-04-05 11:47 - 2016-03-25 20:36 - 00034024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-05 11:47 - 2016-03-25 20:25 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-05 11:47 - 2016-03-23 16:02 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-05 11:47 - 2016-03-23 16:02 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-05 11:47 - 2016-03-17 20:04 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-05 11:47 - 2016-03-17 20:04 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-05 11:47 - 2016-03-17 20:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-05 11:47 - 2016-03-17 20:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-05 11:47 - 2016-02-02 20:48 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-05 11:47 - 2016-02-01 21:02 - 00105408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-04-05 11:47 - 2016-02-01 20:49 - 02364928 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-04-05 11:47 - 2016-02-01 20:49 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-04-05 11:47 - 2016-02-01 20:49 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-04-05 11:47 - 2016-02-01 20:45 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-04-05 11:47 - 2016-02-01 20:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-04-05 11:47 - 2016-01-21 02:51 - 00057280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-05 11:46 - 2016-02-05 20:44 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-05 11:46 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-05 11:46 - 2015-06-03 22:22 - 00355456 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-05 11:33 - 2016-04-05 11:33 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-03-24 16:38 - 2016-03-24 16:38 - 00000000 ____D C:\Program Files\Common Files\Java
2016-03-24 12:48 - 2016-03-24 12:48 - 01474560 _____ C:\Users\Sascha\Desktop\vmscsi-1.2.0.4.flp
2016-03-24 12:12 - 2016-04-12 00:27 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\VMware
2016-03-24 12:12 - 2016-04-10 22:31 - 00000000 ____D C:\Users\Sascha\AppData\Local\VMware
2016-03-24 12:03 - 2016-04-12 00:33 - 00000000 ____D C:\ProgramData\VMware
2016-03-24 12:03 - 2016-04-12 00:33 - 00000000 ____D C:\Program Files\Common Files\VMware
2016-03-23 23:44 - 2016-03-23 23:44 - 00000000 ____D C:\ProgramData\Dell
2016-03-23 20:27 - 2009-07-21 01:48 - 00485920 _____ (NVIDIA Corporation) C:\Windows\system32\NVUNINST.EXE
2016-03-23 19:17 - 2016-04-18 08:19 - 00000000 ____D C:\Users\Sascha\Desktop\VMware-convertercd-4.1.1-206170
2016-03-22 14:04 - 2016-03-22 14:04 - 00000889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-03-22 14:04 - 2016-03-22 14:04 - 00000877 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-03-22 13:09 - 2016-03-22 13:22 - 345040098 _____ C:\Users\Sascha\Downloads\Weka.zip

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-20 17:56 - 2015-08-30 21:27 - 00323476 _____ C:\Users\Sascha\AppData\Local\Snip.txt
2016-04-20 17:54 - 2009-07-14 06:34 - 00022048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-20 17:54 - 2009-07-14 06:34 - 00022048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-20 17:51 - 2015-10-28 12:47 - 00215268 _____ C:\Users\Sascha\AppData\Local\SnipUsages.txt
2016-04-20 17:49 - 2013-10-14 14:47 - 00000000 ____D C:\Users\Sascha\.rainlendar2
2016-04-20 17:48 - 2013-12-03 14:29 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-04-20 17:48 - 2013-06-11 17:55 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\WTablet
2016-04-20 17:48 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-20 17:41 - 2013-12-03 14:29 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-04-20 17:39 - 2014-01-17 19:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-20 17:35 - 2013-06-06 11:18 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Skype
2016-04-20 01:24 - 2013-06-06 18:37 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\vlc
2016-04-20 01:01 - 2015-06-16 09:50 - 00001228 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2186534646-70022557-530426099-1000UA.job
2016-04-19 23:00 - 2013-06-06 09:33 - 00000000 ____D C:\Users\Sascha\AppData\Local\Deployment
2016-04-19 22:53 - 2016-02-04 15:18 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Kodi
2016-04-18 23:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2016-04-18 10:20 - 2013-06-09 09:27 - 00003268 _____ C:\Windows\Sandboxie.ini
2016-04-18 10:01 - 2015-06-16 09:50 - 00001176 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2186534646-70022557-530426099-1000Core.job
2016-04-18 09:09 - 2014-11-29 16:00 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-18 09:09 - 2014-11-29 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-04-18 09:09 - 2014-11-29 15:59 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2016-04-18 08:24 - 2015-09-25 22:13 - 00000000 ____D C:\Users\Sascha\Desktop\Family
2016-04-18 08:22 - 2015-09-25 22:06 - 00000000 ____D C:\Users\Sascha\Desktop\Rechnungen + Reisen
2016-04-18 08:21 - 2015-11-17 00:21 - 00000000 ____D C:\Users\Sascha\Desktop\Work
2016-04-18 08:21 - 2015-06-08 13:52 - 00000000 ____D C:\Users\Sascha\Desktop\Uni
2016-04-17 11:48 - 2011-04-12 03:30 - 00699342 _____ C:\Windows\system32\perfh007.dat
2016-04-17 11:48 - 2011-04-12 03:30 - 00149450 _____ C:\Windows\system32\perfc007.dat
2016-04-17 11:48 - 2010-11-20 23:01 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-17 11:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-04-17 11:42 - 2009-07-14 06:33 - 00489496 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-17 01:26 - 2015-01-26 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-04-16 14:27 - 2013-07-12 10:44 - 00000000 ____D C:\Windows\system32\MRT
2016-04-16 14:13 - 2013-06-06 00:10 - 132539272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-16 14:08 - 2013-06-30 12:32 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\DMCache
2016-04-16 12:59 - 2013-07-01 21:54 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Dropbox
2016-04-15 01:16 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-13 09:49 - 2013-07-03 07:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-04-13 01:57 - 2013-07-01 11:41 - 00000000 ____D C:\Users\Sascha\.VirtualBox
2016-04-13 00:32 - 2013-06-30 12:32 - 00000000 ____D C:\Users\Sascha\Downloads\Video
2016-04-12 00:38 - 2013-06-06 22:30 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\DAEMON Tools Lite
2016-04-11 23:01 - 2013-06-06 23:55 - 00000000 ____D C:\Windows\pss
2016-04-11 22:32 - 2013-06-06 21:32 - 01952155 _____ C:\Users\Sascha\DesktopStCenter.txt
2016-04-11 15:43 - 2015-06-27 11:11 - 00036218 _____ C:\Users\Sascha\Desktop\Geld zurück Aktionen_stand 27.06.xlsx
2016-04-11 15:36 - 2015-08-30 21:27 - 00000000 ____D C:\Users\Sascha\Documents\My Snips
2016-04-11 14:44 - 2013-06-12 09:04 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Nitro PDF
2016-04-11 13:09 - 2015-06-24 01:12 - 00000000 ____D C:\Users\Sascha\Desktop\Coupons&Aktionen
2016-04-10 13:37 - 2013-06-08 11:02 - 00000000 ____D C:\Users\Sascha\Desktop\scan
2016-04-08 21:39 - 2013-12-15 14:28 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-04-08 21:39 - 2013-12-15 14:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-04-07 19:39 - 2016-02-05 23:13 - 00000405 ____H C:\Users\Sascha\.swfinfo
2016-04-05 13:30 - 2015-04-21 10:03 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-05 11:34 - 2013-06-06 11:18 - 00000000 ____D C:\ProgramData\Skype
2016-04-05 11:33 - 2015-12-30 23:11 - 00000000 ___RD C:\Program Files\Skype
2016-03-26 15:32 - 2016-03-16 11:03 - 00000000 ____D C:\Users\Sascha\Desktop\qipu
2016-03-24 16:47 - 2013-12-14 00:43 - 00000000 ____D C:\ProgramData\Oracle
2016-03-24 16:46 - 2016-01-16 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-24 16:46 - 2014-10-30 19:08 - 00000000 ____D C:\Program Files\Java
2016-03-24 16:38 - 2016-01-16 16:02 - 00000000 ____D C:\Users\Sascha\.oracle_jre_usage
2016-03-24 16:37 - 2016-01-16 16:02 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-03-24 01:32 - 2014-08-25 09:55 - 00000628 __RSH C:\ProgramData\ntuser.pol
2016-03-24 01:10 - 2013-06-10 14:56 - 00000000 ____D C:\WTablet
2016-03-23 22:30 - 2014-11-01 10:48 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-03-23 19:03 - 2013-06-06 09:01 - 00134600 _____ C:\Users\Sascha\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-22 14:05 - 2014-12-18 23:13 - 00000000 ____D C:\Program Files\TeamViewer

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-06-06 09:02 - 2015-08-02 20:47 - 0003540 _____ () C:\Users\Sascha\AppData\Roaming\FjMenu1.XML
2006-12-11 20:13 - 2006-12-11 20:13 - 0097336 _____ (Un4seen Developments) C:\Users\Sascha\AppData\Local\bass.dll
2006-12-11 20:13 - 2006-12-11 20:13 - 0013872 _____ (Un4seen Developments) C:\Users\Sascha\AppData\Local\basscd.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0102912 _____ (Albert L Faber) C:\Users\Sascha\AppData\Local\CDRip.dll
2014-06-26 10:04 - 2014-06-26 10:04 - 0003909 ____H () C:\Users\Sascha\AppData\Local\cimiekki.ini
2014-05-09 13:42 - 2016-01-04 02:42 - 0001194 _____ () C:\Users\Sascha\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2013-07-11 22:09 - 2013-07-11 22:19 - 0004608 _____ () C:\Users\Sascha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-01 18:54 - 2013-12-01 18:57 - 0004096 ____H () C:\Users\Sascha\AppData\Local\keyfile3.drm
2007-08-13 18:46 - 2007-08-13 18:46 - 0155136 _____ () C:\Users\Sascha\AppData\Local\lame_enc.dll
2007-01-18 22:09 - 2007-01-18 22:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\Sascha\AppData\Local\No23 Recorder.exe
2005-08-23 23:34 - 2005-08-23 23:34 - 0029184 _____ () C:\Users\Sascha\AppData\Local\no23xwrapper.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0015872 _____ () C:\Users\Sascha\AppData\Local\ogg.dll
2013-12-22 21:37 - 2013-12-22 21:37 - 0001448 _____ () C:\Users\Sascha\AppData\Local\RecConfig.xml
2015-10-01 15:04 - 2015-10-01 15:04 - 0002112 _____ () C:\Users\Sascha\AppData\Local\recently-used.xbel
2015-08-30 21:27 - 2016-04-20 17:56 - 0323476 _____ () C:\Users\Sascha\AppData\Local\Snip.txt
2015-10-28 12:47 - 2016-04-20 17:51 - 0215268 _____ () C:\Users\Sascha\AppData\Local\SnipUsages.txt
2014-11-03 17:03 - 2014-12-01 21:58 - 0000000 _____ () C:\Users\Sascha\AppData\Local\Temptable.xml
2006-10-26 02:06 - 2006-10-26 02:06 - 0143872 _____ () C:\Users\Sascha\AppData\Local\vorbis.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0064000 _____ () C:\Users\Sascha\AppData\Local\vorbisenc.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0019456 _____ () C:\Users\Sascha\AppData\Local\vorbisfile.dll
2013-07-01 18:12 - 2013-09-14 14:26 - 0006947 _____ () C:\ProgramData\hpzinstall.log
2014-10-07 23:13 - 2014-10-07 23:13 - 0000095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Einige Dateien in TEMP:
====================
C:\Users\IWB\AppData\Local\Temp\avgnt.exe
C:\Users\Sascha\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-04-07 10:09

==================== Ende vom FRST.txt ============================
         

Alt 20.04.2016, 17:24   #5
goro11
 
Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\" - Icon22

Addition.txt



Addition.txt:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:17-04-2016
durchgeführt von Sascha (2016-04-20 17:57:12)
Gestartet von C:\Users\Sascha\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2013-06-05 20:58:13)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2186534646-70022557-530426099-500 - Administrator - Disabled)
Gast (S-1-5-21-2186534646-70022557-530426099-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2186534646-70022557-530426099-1004 - Limited - Enabled)
IWB (S-1-5-21-2186534646-70022557-530426099-1003 - Administrator - Enabled) => C:\Users\IWB
Sascha (S-1-5-21-2186534646-70022557-530426099-1000 - Administrator - Enabled) => C:\Users\Sascha

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
ActivDriver x86 v5.9 (HKLM\...\{3B9BDF03-96EA-424C-9413-45D80C5B2F08}) (Version: 5.9.22 - Promethean)
ActivInspire Core Resources (DEU) v1 (HKLM\...\{06C9F624-9F53-4C89-9720-1601A295769A}) (Version: 1.6.3 - Promethean)
ActivInspire Help (DEU) v1 (HKLM\...\{B18A62F5-296F-4BC4-B8DD-A9FB16EE9106}) (Version: 1.6.3 - Promethean)
ActivInspire HWR Resources (DEU) v1 (HKLM\...\{CB2158F5-B05D-41BF-B8F8-05A85695BA4E}) (Version: 1.7.1 - Promethean)
ActivInspire v2 (HKLM\...\{84007E42-A06F-4FFE-90D2-85F82CB48615}) (Version: 2.4.66096 - Promethean)
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.05 - Adobe Systems)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v3.00 (HKLM\...\AIDA64 Extreme Edition_is1) (Version: 3.00 - FinalWire Ltd.)
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Android USB Driver (HKLM\...\Z5 Android USB Driver_is1) (Version:  - )
Angry Birds (HKLM\...\{370CA4B0-A1D8-4863-A3C5-6879AEE1663A}) (Version: 3.0.0 - Rovio)
Angry Birds Rio (HKLM\...\{0D637670-BC00-4FAC-8E00-518EB7F65091}) (Version: 1.4.4 - Rovio)
Angry Birds Seasons (HKLM\...\{A0CDDE99-D170-426F-917E-B2E51EB3B78F}) (Version: 3.2.0 - Rovio Entertainment Ltd.)
Angry Birds Space (HKLM\...\{561AA971-37EB-4D63-9FB9-810B663B5CC7}) (Version: 1.4.1 - Rovio)
Angry Birds Star Wars (HKLM\...\{C336AA55-BBA3-4908-886F-25CF6D302D13}) (Version: 1.2.0 - Rovio Entertainment Ltd.)
AnVir Task Manager (HKLM\...\AnVir Task Manager) (Version:  - AnVir Software)
Any Video Converter 5.5.1 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Ashampoo Photo Optimizer 4 v.4.0.3 (HKLM\...\Ashampoo Photo Optimizer 4_is1) (Version: 4.0.3 - Ashampoo GmbH & Co. KG)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AuthenTec Fingerprint Software (HKLM\...\{6B99AF03-2668-4572-BD3D-8C7A5D103065}) (Version: 8.5.1.28 - Ihr Firmenname)
AuthenTec WinBio FingerPrint Software 32-bit (HKLM\...\{580C9CA9-9293-470F-8762-2925A2B3D4B7}) (Version: 3.4.4.1027 - AuthenTec, Inc.)
Avira Professional Security (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.16.208 - Avira Operations GmbH & Co. KG)
Bad Piggies (HKLM\...\{9577B943-AEDD-462A-AF22-5F55BB3BFB1D}) (Version: 1.1.0.0 - Rovio)
Bluetooth Feature Pack 5.0 (HKLM\...\{0439D13F-C7CD-458A-90DE-44135CBD40B8}) (Version: 5.0.13 - CSR Plc.)
Bouquet Wizard (HKLM\...\BouquetWizard) (Version:  - )
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.18.8 - Broadcom Corporation)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4380 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
C4380_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{8C31E86B-2A66-40E8-BF47-32A25D65DB12}) (Version: 1.15.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Chipcardmaster 7.11 (HKLM\...\Chipcardmaster_is1) (Version:  - Dr. Olaf Jacobsen)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.1.08005 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 4.1.08005 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citavi 4 (HKLM\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
Crazy Machines - Neue Herausforderungen (HKLM\...\{294EF51E-1453-4F42-8792-77DBFB47D0EC}) (Version: 1.12 - FAKT Software GmbH)
Crazy Machines - Neues aus dem Labor (HKLM\...\{BFF2D920-80F2-46E9-8246-79A20BB9D8B2}) (Version: 1.20 - FAKT Software GmbH)
Crazy Machines (HKLM\...\{8E6A3B40-DCE3-47D9-835B-FE1AD9C083D0}) (Version: 1.0 - FAKT Software GmbH)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
dboxTV v4.0.0.0 (HKLM\...\dboxTV_is1) (Version:  - DsChAeK)
DeskUpdate (HKLM\...\DeskUpdate_is1) (Version: 4.15.0144 - Fujitsu Technology Solutions)
DeskViewClient (HKLM\...\{EF1A6D76-8DEB-4C50-88C5-7204D8817C8F}) (Version: 6.55.0093 - Fujitsu Technology Solutions)
Dexpot (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Dexpot) (Version: 1.6.10 - Dexpot GbR)
Dkill95 (HKLM\...\Dkill95) (Version:  - )
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
DVD Identifier (HKLM\...\DVD Identifier_is1) (Version: 5.2.0 - Kris Schoofs)
eBeam Capture 2.4.4.11 (HKLM\...\eBeamCapture_is1) (Version: 2.4.4.11 - Luidia, Inc.)
eBeam Device Service 2.5.0.9 (HKLM\...\eBeamDeviceService_is1) (Version: 2.5.0.9 - Luidia, Inc.)
eBeam Education Suite 2.5.0.9 (HKLM\...\eBeamInteract_is1) (Version: 2.5.0.9 - Luidia, Inc.)
Extended Asian Language font pack for Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\2db37667170956ee) (Version: 2.3.3.2 - AVM Berlin)
Fujitsu Button Utilities (HKLM\...\{207E8B60-07D2-4B7F-97FE-0DA448606861}) (Version: 7.02.0722.2009 - Fujitsu Computer Systems Corporation)
Fujitsu Display Manager (HKLM\...\InstallShield_{2BDE2BF2-AD90-4191-B3C8-D0046CE54916}) (Version: 7.00.20.200 - Ihr Firmenname)
Fujitsu Display Manager (Version: 7.00.20.200 - Ihr Firmenname) Hidden
Fujitsu Hotkey Utility (HKLM\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.0.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (Version: 3.60.0.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM\...\InstallShield_{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}) (Version: 3.00.00.000 - Ihr Firmenname)
Fujitsu MobilityCenter Extension Utility (Version: 3.00.00.000 - Ihr Firmenname) Hidden
Fujitsu System Extension Utility (HKLM\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.1.0.0 - FUJITSU LIMITED)
Fujitsu System Extension Utility (Version: 3.1.0.0 - FUJITSU LIMITED) Hidden
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version:  - EFD Software)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP)
HP Photosmart Appliance Printer Driver Software 8.0.D (HKLM\...\{596A8F65-C705-4e68-B85E-CE0B45490712}) (Version: 8.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HyperCam 2 (HKLM\...\HyperCam 2) (Version: 2.28.01 - Hyperionics Technology LLC)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.2 - Intel)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version:  - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM\...\{b56d9ff6-9167-47a4-8563-554f20201871}) (Version: 15.8.0 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 77 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Kodi (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Kodi) (Version:  - XBMC-Foundation)
Langenscheidt Grammatiktrainer 6.0 Englisch (HKLM\...\Grammatiktrainer 6.0 Englisch) (Version: 01.00.00.00 - Langenscheidt)
Langenscheidt Grammatiktrainer 6.0 Italienisch (HKLM\...\Grammatiktrainer 6.0 Italienisch) (Version: 01.00.00.00 - Langenscheidt)
Langenscheidt Grammatiktrainer 6.0 Spanisch (HKLM\...\Grammatiktrainer 6.0 Spanisch) (Version: 01.00.00.00 - Langenscheidt)
Langenscheidt Kurs 1 6.0 Englisch (HKLM\...\Kurs 1 6.0 Englisch) (Version: 01.00.00.00 - Langenscheidt)
Langenscheidt Kurs 2 6.0 Englisch (HKLM\...\Kurs 2 6.0 Englisch) (Version: 01.00.00.00 - Langenscheidt)
Langenscheidt Kurs 2 6.0 Italienisch (HKLM\...\Kurs 2 6.0 Italienisch) (Version: 01.00.00.00 - Langenscheidt)
Langenscheidt Kurs 2 6.0 Spanisch (HKLM\...\Kurs 2 6.0 Spanisch) (Version: 01.00.00.00 - Langenscheidt)
Langenscheidt Kurs 6.0 Italienisch (HKLM\...\Kurs 6.0 Italienisch) (Version: 01.00.00.00 - Langenscheidt)
Langenscheidt Kurs 6.0 Spanisch (HKLM\...\Kurs 6.0 Spanisch) (Version: 01.00.00.00 - Langenscheidt)
Langenscheidt Vokabeltrainer 6.0 Englisch (HKLM\...\{67F91DB9-1958-4328-869C-032415F04AD1}) (Version: 6.0.21 - Langenscheidt)
Langenscheidt Vokabeltrainer 6.0 Italienisch (HKLM\...\{39DFF58C-ECB7-4317-BC1E-C567ABDBE31C}) (Version: 6.0.21 - Langenscheidt)
Langenscheidt Vokabeltrainer 6.0 Spanisch (HKLM\...\{C2FFB8DE-7713-4A56-8EFA-C9126955BFDD}) (Version: 6.0.21 - Langenscheidt)
LenovoUsbDriver 1.0.4 (HKLM\...\LenovoUsbDriver) (Version: 1.0.4 - Lenovo)
lingDIALOG (HKLM\...\InstallShield_{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}) (Version: 3.0908 - WEVOSYS)
lingDIALOG (Version: 3.0908 - WEVOSYS) Hidden
LinuxLive USB Creator (HKLM\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
LSI V92 MOH Application (HKLM\...\LTMOH) (Version:  - LSI Corporation)
MakeMKV v1.8.6 (HKLM\...\MakeMKV) (Version: v1.8.6 - GuinpinSoft inc)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MATLAB R2014a (HKLM\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
MediaManager (HKLM\...\MediaManager) (Version:  - )
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\OneDriveSetup.exe) (Version: 17.3.5930.0814 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPRO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.1.3 (HKLM\...\{DE46417A-9E9E-4BCD-BBDD-DA21943193BB}_is1) (Version: 1.1.3 - )
Mozilla Firefox 45.0.2 (x86 de) (HKLM\...\Mozilla Firefox 45.0.2 (x86 de)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyScript Stylus 2.6 (HKLM\...\MyScript Stylus_is1) (Version: 2.6.0.11 - Vision Objects)
MyScript Stylus Shared Files (HKLM\...\{FCB95BA2-F685-48D0-AB04-C88E79133B75}) (Version: 1.0.0 - Vision Objects)
NAVIGON Fresh 3.5.1 (HKLM\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Nitro Pro 8 (HKLM\...\{024201B6-AE55-4A53-B17C-00D4906990F8}) (Version: 8.5.4.11 - Nitro)
Nitro Pro 9 (HKLM\...\{0E4D0DAF-ADE8-45E3-8B1B-2AFD78BCB064}) (Version: 9.0.4.5 - Nitro)
Nmap 6.46 (HKLM\...\Nmap) (Version:  - )
No23 Recorder (HKLM\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
Noten-Manager 7.1 (HKLM\...\{3697BA5C-3C7E-436C-A783-677160B31B9F}) (Version: 1.0.0 - schule_kranz)
Novacomd (HKLM\...\{BA9A297F-0198-4EE8-90CB-F5036C180E1D}) (Version: 1.0.0.76 - Palm, Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - )
O2Micro Flash Memory Card Windows Driver (HKLM\...\InstallShield_{469ED3E8-D21E-40E8-B00F-63516D26FAE3}) (Version: 3.00.0006 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 3.00.0006 - O2Micro International LTD.) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Oracle VM VirtualBox 4.2.14 (HKLM\...\{F56A55E8-F340-484B-83A5-39C440F0407C}) (Version: 4.2.14 - Oracle Corporation)
Origin (HKLM\...\Origin) (Version: 9.3.2.2730 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
OZ711 SCR Driver  (HKLM\...\InstallShield_{5C3EA21C-22C0-4A44-BE58-D8CBB2F2B6B2}) (Version: 3.0.1.6D - O2Micro)
OZ711 SCR Driver  (Version: 3.0.1.6D - O2Micro) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
Power Saving Utility (HKLM\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version: 31.00.11.006 - FUJITSU LIMITED)
Power Saving Utility (Version: 31.00.11.006 - FUJITSU LIMITED) Hidden
Protector Suite 2012 (HKLM\...\{C767056D-3CE2-442D-BC78-F05E94F450D0}) (Version: 5.9.8.7279 - Authentec Inc.)
PS_AIO_02_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
PSPad editor (HKLM\...\PSPad editor_is1) (Version: 4.5.7.2450 - Jan Fiala)
psynetic® Gif-X 3.00 (HKLM\...\psynetic® Gif-X) (Version: 3.00 - Robert Mundt)
Python 2.7 lxml-3.3.5 (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\lxml-py2.7) (Version:  - )
Python 2.7.8 (HKLM\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
QIP 2012 4.0.9340 (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\QIP 2012) (Version: 4.0.9340 - )
QIP Infium 3.0.9044 (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\QIP Infium) (Version: 3.0.9044 - )
QIP Internet Guardian (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\QipGuard) (Version:  - )
Rainlendar2 (remove only) (HKLM\...\Rainlendar2) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
Sandboxie 4.16 (32-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Secure Download Manager (HKLM\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Security Panel (HKLM\...\InstallShield_{45CA9B23-5EF8-43AA-9851-E9E062BF0147}) (Version: 2.1.0.0 - FUJITSU LIMITED)
Security Panel Application (Version: 2.1.0.0 - FUJITSU LIMITED) Hidden
Security Panel Application for Supervisor (Version: 2.1.0.0 - FUJITSU LIMITED) Hidden
Security Panel for Supervisor (HKLM\...\InstallShield_{17F82182-0E3D-4A14-8843-5ECBFAF4F12F}) (Version: 2.1.0.0 - FUJITSU LIMITED)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version:  - Microsoft)
Shock Sensor Utility (HKLM\...\InstallShield_{827517C3-9B89-458E-A8F2-96DD24BDFE29}) (Version: 2.2.0.0 - FUJITSU LIMITED)
Shock Sensor Utility (HKLM\...\InstallShield_{ABE8CE7E-01CC-4500-BAF5-FFC29EA108A1}) (Version: 4.00.01.000 - Ihr Firmenname)
Shock Sensor Utility (Version: 2.2.0.0 - FUJITSU LIMITED) Hidden
Shock Sensor Utility (Version: 4.00.01.000 - Ihr Firmenname) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Sierra Wireless AirCard Watcher (HKLM\...\{CE619CFC-F5C0-43CC-AA66-BEDDA623CCA1}) (Version: 6.0.2849.0001 - Sierra Wireless Inc.)
SimpleTV 0.4.6 r (HKLM\...\{290A2821-B1F8-4565-B49A-25F349A5B5CB}_is1) (Version:  - SergeyVS)
Skype™ 7.21 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{746AB259-6474-4111-8966-1C62F9A6E063}) (Version: 2.3.1 - SlimWare Utilities, Inc.)
SMART Ink (HKLM\...\{FC69B741-DC56-4591-97A2-A6BA211B7E76}) (Version: 2.2.589.1 - SMART Technologies ULC)
SMART Notebook (HKLM\...\{84579080-E961-4DE7-93AB-5E2B81A96387}) (Version: 14.1.843.0 - SMART Technologies ULC)
SMART Produkttreiber (HKLM\...\{890680EC-2F88-47F0-970C-593081E62593}) (Version: 11.6.428.0 - SMART Technologies ULC)
SmartPack 1.19.0 (HKLM\...\PlexUtil) (Version: 1.19.0 - PLDS)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
Snip (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\{525d439e-e22a-4221-8fd1-25b845fe0038}) (Version: 0.1.5119.0 - Microsoft Corporation)
Snip (Version: 0.1.5119.0 - Microsoft) Hidden
SolidWorks 2014 German Resources (Version: 22.120.40 - SolidWorks Corporation) Hidden
SolidWorks 2014 SP02 (HKLM\...\SolidWorks Installation Manager 20140-40200-1100-200) (Version: 22.2.0.40 - SolidWorks Corporation)
SolidWorks 2014 SP02 (Version: 22.120.40 - SolidWorks) Hidden
SolidWorks Composer Player 2014 SP02 (Version: 22.20.40 - Dassault Systemes SolidWorks) Hidden
SolidWorks eDrawings 2014 SP02 (Version: 14.2.116 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Flow Simulation 2014 SP02 (Version: 22.20.41 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2014 SP02 (Version: 22.20.40 - SolidWorks Corporation) Hidden
Sony Ericsson PC Companion 1.60.13 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 1.60.13 - Sony Ericsson)
SopCast 3.5.0 (HKLM\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Stifttablett (HKLM\...\Pen Tablet Driver) (Version: 5.1.1.11 - Wacom Technology Corp.)
SuperEasy Driver Updater v.1.1.1 (HKLM\...\{039BC111-D60F-A6FF-85F4-7992EA886B8D}_is1) (Version: 1.1.1 - SuperEasy Software GmbH & Co. KG)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
The Video Diary (HKLM\...\The Video Diary) (Version: 1.1 - www.TheVideoDiary.com)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torrent Stream 2.0.8.11.1 (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\TorrentStream) (Version: 2.0.8.11.1 - Torrent Stream)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
Transfer Utility (HKLM\...\{0ECE15AC-CB68-40EC-B70D-1B220717844C}) (Version: 1.00.012 - PIXELA)
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
URL Snooper v2.35.02 (HKLM\...\URLSnooper 2_is1) (Version:  - DonationCoder.com)
USB2.0 Digital Camera (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 1.8.1224.01 - Vimicro Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6000 - Broadcom Corporation)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Palm (WinUSB) Palm Devices  (10/09/2009 1.0.1) (HKLM\...\332CCC08910F1AE2E4D90D25DEDE87E3EF797832) (Version: 10/09/2009 1.0.1 - Palm)
Windows-Treiberpaket - Fujitsu America, Inc. (FjBtnDrv) HIDClass  (08/27/2009 4.2.0827.2009) (HKLM\...\F02860D720F53C6FCD75A013226E3E82F54FAB68) (Version: 08/27/2009 4.2.0827.2009 - Fujitsu America, Inc.)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (12/06/2010 4.0.0000.00000) (HKLM\...\76F6B4A696B8C9A7ACFF01D4E1D6EF2D974C3E67) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
Windows-Treiberpaket - MediaTek Inc. (usbser) Ports  (01/05/2012 2.0000.0.1) (HKLM\...\49D9ABA9270C5BDFD7AE1BEB607D36B26BB90235) (Version: 01/05/2012 2.0000.0.1 - MediaTek Inc.)
Windows-Treiberpaket - MediaTek Inc. (usbser) Ports  (09/01/2011 2.0.1136.0) (HKLM\...\32DC281B7E359EA3D16ECC7D98609F6A592B981D) (Version: 09/01/2011 2.0.1136.0 - MediaTek Inc.)
Windows-Treiberpaket - MediaTek Inc. (usbser) Ports  (12/24/2011 2.0000.0.0) (HKLM\...\D0E6296D177F42BB31C0200E49412003DB6C4633) (Version: 12/24/2011 2.0000.0.0 - MediaTek Inc.)
Windows-Treiberpaket - MediaTek Inc. Net  (07/14/2011 1.1129.00) (HKLM\...\8BC3CF920AF63C7AEF78B82D1C60D94704FB95CD) (Version: 07/14/2011 1.1129.00 - MediaTek Inc.)
Windows-Treiberpaket - Microsoft (WUDFRd) WPD  (02/22/2006 5.2.5326.4762) (HKLM\...\B77DDB8A5697AAF5DA4E4859E53C301B877DD206) (Version: 02/22/2006 5.2.5326.4762 - Microsoft)
WinHTTrack Website Copier 3.48-21 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.21 - HTTrack)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireless Selector (HKLM\...\InstallShield_{51202133-E0F9-4314-ACA4-AACBA46A6C69}) (Version: 4.00.00.100 - FUJITSU LIMITED)
Wireless Selector (Version: 4.00.00.100 - FUJITSU LIMITED) Hidden
XYplorer 13.40 (HKLM\...\XYplorer) (Version: 13.40 - Donald Lessau)
YouTube PowerPoint (HKLM\...\{496B5310-3EEB-4412-B3CC-0D013AB916CC}) (Version: 2.0.0 - PPTAlchemy)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\shlxthdl.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Sascha\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{28E3B95D-371D-42D5-A276-8A3EE70100FD}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Sascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> D:\OpenOffice\INSTALLATION\program\soffice.exe -nodefault -nologo => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\shlxthdl.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\shlxthdl.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\ooofilt.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> D:\OpenOffice\INSTALLATION\program\soffice.exe -nodefault -nologo => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Sascha\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Sascha\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\propertyhdl.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Sascha\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Sascha\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\shlxthdl.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> D:\OpenOffice\INSTALLATION\program\soffice.exe -nodefault -nologo => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> D:\OpenOffice\INSTALLATION\program\soffice.exe -nodefault -nologo => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> D:\OpenOffice\INSTALLATION\program\soffice.exe -nodefault -nologo => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Sascha\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {03531F76-EDF1-402D-BAA0-D324555F9BDC} - System32\Tasks\Schnellstart => Rundll32.exe powrprof.dll,SetSuspendState Hibernate
Task: {431FBC2C-0EF4-4E5F-A693-4FD93D052F2E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2186534646-70022557-530426099-1000Core => C:\Users\Sascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {68AC8C81-D4EF-4001-87B2-FFC607A59D33} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {A332F39B-AF1E-4B60-AAF5-E55D2084D584} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {A7255C0B-70B2-4860-AA79-660C24543C40} - System32\Tasks\Fujitsu\DeskUpdate => C:\Program Files\Fujitsu\DeskUpdate\ducmd.exe [2015-06-15] (Fujitsu Technology Solutions)
Task: {C88E4571-AFD3-45A3-A0F5-DABF9E6CDDE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-16] (Google Inc.)
Task: {DBFC2214-B439-4573-B475-BF34B04460FA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2186534646-70022557-530426099-1000UA => C:\Users\Sascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {F0C6B1B3-9A5F-44A3-88A7-E7FC1FE4C4CA} - System32\Tasks\MATLAB R2014a Startup Accelerator => E:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe [2014-01-29] ()

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2186534646-70022557-530426099-1000Core.job => C:\Users\Sascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2186534646-70022557-530426099-1000UA.job => C:\Users\Sascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job => E:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{07CCC520-5524-4F5E-AEB1-296B99396CD2}.job => C:\Windows\system32\msfeedssync.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Sascha\Desktop\Sonstiges\Synaptics Neustart.bat - Verknüpfung.lnk -> C:\Users\Sascha\Desktop\Sonstiges\Synaptics Neustart.bat ()
Shortcut: C:\Users\Sascha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Synaptics Neustart.bat - Verknüpfung.lnk -> C:\Users\Sascha\Desktop\Sonstiges\Synaptics Neustart.bat ()

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-11-03 12:21 - 2015-11-03 12:21 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2008-10-09 10:25 - 2008-10-09 10:25 - 00062760 _____ () C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
2013-03-10 19:58 - 2013-03-10 19:58 - 02598496 _____ () C:\Program Files\Rainlendar2\Rainlendar2.exe
2012-05-16 21:01 - 2012-05-16 21:01 - 00140800 _____ () C:\Program Files\Rainlendar2\lua52.dll
2013-03-10 19:59 - 2013-03-10 19:59 - 00215648 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
2012-06-17 15:22 - 2012-06-17 15:22 - 00012800 _____ () C:\Program Files\Rainlendar2\lfs.dll
2013-06-05 23:57 - 2008-04-28 07:32 - 00647168 _____ () C:\Windows\system32\vmprp331.ax
2016-04-16 12:57 - 2016-03-21 23:50 - 00034768 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-04-16 12:57 - 2016-03-21 23:51 - 00019408 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-04-16 12:57 - 2016-03-21 23:50 - 00116688 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-04-16 12:57 - 2016-03-21 23:50 - 00093640 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-04-16 12:57 - 2016-03-21 23:50 - 00018376 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\select.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00019760 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00105928 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-04-16 12:57 - 2016-03-21 23:50 - 00392144 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-04-16 12:57 - 2016-04-08 20:20 - 00381752 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-04-16 12:57 - 2016-03-21 23:50 - 00692688 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-04-16 12:57 - 2016-04-08 20:19 - 00020816 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-04-16 12:57 - 2016-03-21 23:51 - 00112592 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-04-16 12:57 - 2016-04-08 20:19 - 01682760 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-04-16 12:57 - 2016-04-08 20:19 - 00020808 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00021840 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-04-16 12:57 - 2016-04-08 20:19 - 00038696 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00020936 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00024528 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00114640 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00124880 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00021832 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00024016 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00175560 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00030160 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00043472 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00028616 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00048592 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-04-16 12:57 - 2016-04-08 20:19 - 00026456 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00057808 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00024016 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-04-16 12:57 - 2016-04-08 20:19 - 00117056 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00023376 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-04-16 12:57 - 2016-03-21 23:50 - 00134608 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-04-16 12:57 - 2016-03-21 23:50 - 00134088 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-04-16 12:57 - 2016-03-21 23:51 - 00240584 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-04-16 12:57 - 2016-04-08 20:19 - 00024392 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00036296 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\librsync.dll
2016-04-16 12:57 - 2016-04-08 20:19 - 00052024 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00020800 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00021824 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00019776 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00020800 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-04-16 12:57 - 2016-04-08 20:19 - 00020280 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-04-16 12:57 - 2016-03-21 23:52 - 00350152 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00022352 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-04-16 12:57 - 2016-04-08 20:19 - 00084280 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-04-16 12:57 - 2016-04-08 20:20 - 01826096 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-04-16 12:57 - 2016-03-21 23:51 - 00083912 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\sip.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 03928880 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 01971504 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00531248 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00132912 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00223544 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00207672 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00158008 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00042808 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-04-16 12:57 - 2016-03-21 23:54 - 00017864 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-04-16 12:57 - 2016-03-21 23:54 - 01631184 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-04-16 12:57 - 2016-04-08 20:20 - 00546096 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-04-16 12:57 - 2016-04-08 20:20 - 00357680 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-04-16 12:57 - 2016-03-21 23:56 - 00697304 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows:nlsPreferences [514]
AlternateDataStreams: C:\Users\Sascha\Documents\SPSS:com.dropbox.attributes [168]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2014-09-10 18:25 - 2014-11-04 23:21 - 00001974 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com127.0.0.1 tonec.com
127.0.0.1 www.tonec.com127.0.0.1 internetdownloadmanager.com127.0.0.1 star.tonec.com
184.173.188.107 localhost 127.0.0.1 home.sopserv.com 

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2186534646-70022557-530426099-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FRITZ!DSL Startcenter.lnk => C:\Windows\pss\FRITZ!DSL Startcenter.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks 2014 Schnellstart.lnk => C:\Windows\pss\SolidWorks 2014 Schnellstart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Sascha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FRITZ!DSL Protect.lnk => C:\Windows\pss\FRITZ!DSL Protect.lnk.Startup
MSCONFIG\startupreg: ActivManager => C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AVMUSBFernanschluss => "C:\Users\Sascha\AppData\Local\Apps\2.0\LLAXTKYE.MD6\OQP2CGHO.J48\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\AVMAutoStart.exe"
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: LtMoh => C:\Program Files\ltmoh\Ltmoh.exe
MSCONFIG\startupreg: QIP Internet Guardian => C:\Users\Sascha\AppData\Roaming\QipGuard\QipGuard.exe /p
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: sbsdk-server => "C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe"
MSCONFIG\startupreg: SMART Board Service => "C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe" -d
MSCONFIG\startupreg: SMART Floating Tools => "C:\Program Files\SMART Technologies\Education Software\FloatingTools.exe"
MSCONFIG\startupreg: SMART Ink => "C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe" -a
MSCONFIG\startupreg: SMART Tray Tools => "C:\Program Files\SMART Technologies\Education Software\SMARTSystemMenu.exe"
MSCONFIG\startupreg: SMARTNotification => "C:\Program Files\SMART Technologies\Education Software\SMARTNotification.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A83C87B6-9C47-4329-A981-313B7B553DE4}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{245525EE-8D2C-4455-9B8F-AB60362FA866}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F1CB6BE8-635C-444E-AE96-A2E46AB81277}] => (Allow) D:\Program Files\Opera\opera.exe
FirewallRules: [{2C1EB595-8602-4EE9-8D7E-61EB61AEF740}] => (Allow) D:\Program Files\Opera\opera.exe
FirewallRules: [{8D98E885-2D75-4487-AE44-DF580D4977CE}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{7F27EEF5-AC05-489D-BBB7-CE0D21F3AED9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{ED3AE3F5-B686-4C72-8349-E0522F73E6D6}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{757F737F-676D-4FA5-9B05-82023E1930B5}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{527D3E2B-6D36-4533-8010-7E6E8EDA3A3F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{C0DC2148-E407-499E-94CA-355DFCA61F87}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{641F97BA-D8B3-438C-8FAF-8312D118C44E}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{842EDFE3-C585-4F3F-B1B6-4783E1D8EB29}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{42818F63-DA5A-4B37-8093-A1FD74DF2624}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{FD0B82AD-7ED6-4393-9AD3-1CA9441AFE44}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{9A132DC9-71FF-4828-8E1D-36FEDB948A54}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{A4111A70-377C-4BAE-9F9D-0B800E22CA8A}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{8B3C1031-8B28-44DA-B884-A725AC8C72A7}] => (Allow) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A32F2FD6-22B2-41C9-ABB3-4873F9197A33}] => (Allow) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BDBDEA11-B09F-4E5B-A132-6C59EC8923BA}] => (Allow) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F14909D0-1813-40A0-A08F-3595689F7D9A}] => (Allow) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{923120DE-F6E0-4684-AAE1-8BD4BC4AE6F7}] => (Allow) D:\Program Files\Opera\opera.exe
FirewallRules: [{74226C5C-1393-4DC5-B5CA-77BC76604BC0}] => (Allow) D:\Program Files\Opera\opera.exe
FirewallRules: [{9CADDBC4-A5F0-4C1B-AC05-8B773BBDE4A8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{B9298326-F53C-494C-854F-B740A552A642}] => (Allow) E:\Program Files\Steam\Steam.exe
FirewallRules: [{D127F059-E7D2-4535-9AEF-CC127E8A3CE9}] => (Allow) E:\Program Files\Steam\Steam.exe
FirewallRules: [{707F581C-EC89-4558-8571-F047E168334F}] => (Allow) C:\Program Files\SMART Technologies\Education Software\UCGui.exe
FirewallRules: [{93941037-1AC9-4C7A-AC45-357FBF5F0A15}] => (Allow) C:\Program Files\SMART Technologies\Education Software\UCGui.exe
FirewallRules: [{66A42203-55E6-4F88-B32C-6A881C9B768F}] => (Allow) C:\Program Files\SMART Technologies\Education Software\UCService.exe
FirewallRules: [{D19E6BF9-2484-44DF-B2E4-ACC256D7C0EB}] => (Allow) C:\Program Files\SMART Technologies\Education Software\UCService.exe
FirewallRules: [{2299909A-DF84-444A-B595-AC255F6BD843}] => (Allow) C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe
FirewallRules: [{FD5C8F3B-ADF7-4C31-955D-AE743F24077B}] => (Allow) C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe
FirewallRules: [{92A5C3E4-08B8-4AF5-B661-C65BDB2C274B}] => (Allow) C:\Program Files\SMART Technologies\Education Software\Notebook.exe
FirewallRules: [{1AC759F0-EFEC-441F-ADD7-F6C87593A8A3}] => (Allow) C:\Program Files\SMART Technologies\Education Software\Notebook.exe
FirewallRules: [{13C4DDC3-1D66-4029-90B9-23A89E36BC5B}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{B85DE4CD-FEF0-472B-B9C4-06905561C7E4}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{F24756D4-F4BB-40CA-892C-90DB818FA866}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{2937378E-6C9E-43B3-9444-E6C675FB999F}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{361A70E2-63E2-4EB6-9128-4518D860275B}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{AB8FE976-A1C3-4E9D-9597-24788DB0698F}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{F70BDE79-70B2-49DB-B3E5-98D0D4E5C078}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{66AC216C-92FE-404D-971C-E5200C2A3ED4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{303EC7BE-8463-495C-985E-1C10D8ACA5B2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{F312D27E-AA80-4C2F-ADFD-F45DC45CFD63}] => (Allow) C:\Users\Sascha\AppData\Local\Apps\2.0\LLAXTKYE.MD6\OQP2CGHO.J48\frit..tion_1acae14e4778b8d2_0002.0003_60014d656f6786b9\fritzbox-usb-fernanschluss.exe
FirewallRules: [{7EEBA0E5-7AF5-4440-B832-AAA61F4540A8}] => (Allow) C:\Users\Sascha\AppData\Local\Apps\2.0\LLAXTKYE.MD6\OQP2CGHO.J48\frit..tion_1acae14e4778b8d2_0002.0003_60014d656f6786b9\fritzbox-usb-fernanschluss.exe
FirewallRules: [{E419D278-7C82-436E-9F21-C6ECF689FD2F}] => (Allow) C:\Users\Sascha\AppData\Local\Apps\2.0\LLAXTKYE.MD6\OQP2CGHO.J48\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [{1354F72F-CACF-4F26-856E-7B0F8B948875}] => (Allow) C:\Users\Sascha\AppData\Local\Apps\2.0\LLAXTKYE.MD6\OQP2CGHO.J48\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [{9892A008-27C3-492C-8EA2-2E31704CB3E0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AE5593C2-C283-454A-9317-D6CE20CDB0FD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8A6FB239-06FC-4976-93F2-BB37F710D243}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{925717CE-0A4F-47DF-850E-EA3A35067E9E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{B60ECD7B-936F-45D7-BE29-C089964D0BF2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CD055597-24CE-47BF-B98F-64934E30BCE7}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
StandardProfile\AuthorizedApplications: [C:\Users\Sascha\AppData\Local\Temp\RarSFX0\SwiApiMux.exe] => Enabled:SwiApiMux
StandardProfile\AuthorizedApplications: [C:\Program Files\Sierra Wireless Inc\3G Watcher2\TRUUpdater.exe] => C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: SMART Virtual TabletPC
Description: SMART Virtual TabletPC
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: SMART Technologies ULC
Service: SMARTVTabletPCx86
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4380 series
Description: Photosmart C4380 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4380 series
Description: Photosmart C4380 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 9100 series
Description: Officejet 9100 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: hewlett-packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 9100 series
Description: Officejet 9100 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: hewlett-packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 9100 series
Description: Officejet 9100 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: hewlett-packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 9100 series
Description: Officejet 9100 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: hewlett-packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (04/20/2016 05:48:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 05:47:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IGDCTRL.EXE, Version: 3.9.11.2001, Zeitstempel: 0x4a6f013d
Name des fehlerhaften Moduls: upnpapicli.dll, Version: 4.0.104.2001, Zeitstempel: 0x4a6f0122
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018138
ID des fehlerhaften Prozesses: 0xac0
Startzeit der fehlerhaften Anwendung: 0xIGDCTRL.EXE0
Pfad der fehlerhaften Anwendung: IGDCTRL.EXE1
Pfad des fehlerhaften Moduls: IGDCTRL.EXE2
Berichtskennung: IGDCTRL.EXE3

Error: (04/20/2016 05:35:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2016 08:25:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2016 11:30:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IGDCTRL.EXE, Version: 3.9.11.2001, Zeitstempel: 0x4a6f013d
Name des fehlerhaften Moduls: upnpapicli.dll, Version: 4.0.104.2001, Zeitstempel: 0x4a6f0122
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018138
ID des fehlerhaften Prozesses: 0xa98
Startzeit der fehlerhaften Anwendung: 0xIGDCTRL.EXE0
Pfad der fehlerhaften Anwendung: IGDCTRL.EXE1
Pfad des fehlerhaften Moduls: IGDCTRL.EXE2
Berichtskennung: IGDCTRL.EXE3

Error: (04/18/2016 09:49:48 PM) (Source: Avira Antivirus) (EventID: 4129) (User: NT-AUTORITÄT)
Description: SASCHA-PC (192.168.1.10)Während des Herunterladens ist ein Fehler aufgetreten.

Error: (04/18/2016 09:43:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2016 08:12:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2016 11:42:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2016 03:52:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Systemfehler:
=============
Error: (04/20/2016 05:47:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AVM IGD CTRL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/20/2016 05:46:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (04/20/2016 05:40:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (04/19/2016 08:29:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (04/18/2016 11:30:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AVM IGD CTRL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/18/2016 09:42:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎18.‎04.‎2016 um 19:41:26 unerwartet heruntergefahren.

Error: (04/18/2016 07:30:15 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Die Smartcard konnte nicht zurückgesetzt werden.O2Micro PCMCIA Reader 0POWER01 00 00 00

Error: (04/18/2016 12:17:17 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst UNS erreicht.

Error: (04/17/2016 11:46:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (04/17/2016 11:43:06 AM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Die Smartcard konnte nicht zurückgesetzt werden.O2Micro PCMCIA Reader 0POWER01 00 00 00


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz
Prozentuale Nutzung des RAM: 68%
Installierter physikalischer RAM: 3023.87 MB
Verfügbarer physikalischer RAM: 958.28 MB
Summe virtueller Speicher: 6046.07 MB
Verfügbarer virtueller Speicher: 3608.26 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:142.23 GB) (Free:52.93 GB) NTFS
Drive d: () (Fixed) (Total:323.43 GB) (Free:247.63 GB) NTFS
Drive e: (DATA) (Fixed) (Total:232.88 GB) (Free:3.03 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 43ED5D1E)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 97CAB5A0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=142.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=323.4 GB) - (Type=07 NTFS)

==================== Ende vom Addition.txt ============================
         
und bevor du schreibst... Hier kommt der LOG von TDSSKiller: (im Anhang, da 126k Zeichen lang und gezippt, da die txt-Datei 246kb groß ist und der Upload von .txt-Dateien auf 97kb beschränkt ist - kannst es ja in der Sandbox öffnen, fallst du mir nicht vertraust) .

Beim TDSSKiller bin ich nach der Anleitung vorgegangen.
AdwCleaner und ESET kann ich auch noch drüber laufen lassen

Ansonsten warte ich auf andrere Anweisungen

Grüße

Sascha


Geändert von goro11 (20.04.2016 um 17:32 Uhr)

Alt 22.04.2016, 15:23   #6
burningice
/// Malwareteam
 
Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\" - Standard

Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\"



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Schritt 3
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

Bitte poste in deiner nächsten Antwort also:
  • Logfile von AdwCleaner
  • Logfile von Malwarebytes
  • Frst.txt
  • Addition.txt
__________________
--> Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\"

Alt 22.04.2016, 21:37   #7
goro11
 
Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\" - Standard

Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\"



Logfiles:
  • AwCleaner
    Code:
    ATTFilter
    # AdwCleaner v5.112 - Bericht erstellt am 20/04/2016 um 22:15:10
    # Aktualisiert am 17/04/2016 von Xplode
    # Datenbank : 2016-04-19.5 [Server]
    # Betriebssystem : Windows 7 Professional Service Pack 1 (X86)
    # Benutzername : Sascha - SASCHA-PC
    # Gestartet von : C:\Users\Sascha\Desktop\AdwCleaner_5.112.exe
    # Option : Suchlauf
    # Unterstützung : hxxp://toolslib.net/forum
    
    ***** [ Dienste ] *****
    
    Dienst gefunden : swdumon
    
    ***** [ Ordner ] *****
    
    Ordner gefunden : C:\ProgramData\SlimWare Utilities, Inc
    Ordner gefunden : C:\ProgramData\Application Data\SlimWare Utilities, Inc
    Ordner gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software
    Ordner gefunden : C:\Users\Public\Documents\Downloaded Installers
    Ordner gefunden : C:\Users\Sascha\AppData\Local\slimware utilities inc
    Ordner gefunden : C:\Users\Sascha\AppData\Roaming\ProgSense
    Ordner gefunden : C:\Users\Sascha\AppData\Roaming\SuperEasy Software
    
    ***** [ Dateien ] *****
    
    Datei gefunden : C:\Windows\system32\drivers\swdumon.sys
    
    ***** [ DLL ] *****
    
    
    ***** [ Verknüpfungen ] *****
    
    
    ***** [ Aufgabenplanung ] *****
    
    
    ***** [ Registrierungsdatenbank ] *****
    
    Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
    Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
    Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
    Wert gefunden : HKCU\Software\Mozilla\Firefox\Extensions [magicplayer@torrentstream.org]
    Schlüssel gefunden : HKCU\Software\Classes\.acelive
    Schlüssel gefunden : HKCU\Software\Classes\.acemedia
    Schlüssel gefunden : HKCU\Software\Classes\.tslive
    Schlüssel gefunden : HKCU\Software\Classes\acestream
    Schlüssel gefunden : HKU\S-1-5-21-2186534646-70022557-530426099-1000\Software\Classes\.acelive
    Schlüssel gefunden : HKU\S-1-5-21-2186534646-70022557-530426099-1000\Software\Classes\.acemedia
    Schlüssel gefunden : HKU\S-1-5-21-2186534646-70022557-530426099-1000\Software\Classes\.tslive
    Schlüssel gefunden : HKU\S-1-5-21-2186534646-70022557-530426099-1000\Software\Classes\acestream
    Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}
    Schlüssel gefunden : HKCU\Software\APN PIP
    Schlüssel gefunden : HKCU\Software\OCS
    Schlüssel gefunden : HKCU\Software\ProgSense
    Schlüssel gefunden : HKCU\Software\SlimWare Utilities Inc
    Schlüssel gefunden : HKCU\Software\SuperEasy Software
    Schlüssel gefunden : HKCU\Software\AppDataLow\Software\adawarebp
    Schlüssel gefunden : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
    Schlüssel gefunden : HKLM\SOFTWARE\PIP
    Schlüssel gefunden : HKLM\SOFTWARE\SlimWare Utilities Inc
    Schlüssel gefunden : HKLM\SOFTWARE\SuperEasy Software
    Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{039BC111-D60F-A6FF-85F4-7992EA886B8D}_is1
    Schlüssel gefunden : HKU\S-1-5-21-2186534646-70022557-530426099-1000\Software\APN PIP
    Schlüssel gefunden : HKU\S-1-5-21-2186534646-70022557-530426099-1000\Software\OCS
    Schlüssel gefunden : HKU\S-1-5-21-2186534646-70022557-530426099-1000\Software\ProgSense
    Schlüssel gefunden : HKU\S-1-5-21-2186534646-70022557-530426099-1000\Software\SlimWare Utilities Inc
    Schlüssel gefunden : HKU\S-1-5-21-2186534646-70022557-530426099-1000\Software\SuperEasy Software
    Schlüssel gefunden : HKU\S-1-5-21-2186534646-70022557-530426099-1000\Software\AppDataLow\Software\adawarebp
    
    ***** [ Internetbrowser ] *****
    
    
    *************************
    
    C:\AdwCleaner\AdwCleaner[S1].txt - [3561 Bytes] - [20/04/2016 22:15:10]
    
    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3634 Bytes] ##########
             
  • Malwarebytes
    Code:
    ATTFilter
     Malwarebytes Anti-Malware 
    www.malwarebytes.org
    
    Suchlaufdatum: 22.04.2016
    Suchlaufzeit: 20:53
    Protokolldatei: MBAB.txt
    Administrator: Ja
    
    Version: 2.2.1.1043
    Malware-Datenbank: v2016.04.22.05
    Rootkit-Datenbank: v2016.04.17.01
    Lizenz: Kostenlose Version
    Malware-Schutz: Deaktiviert
    Schutz vor bösartigen Websites: Deaktiviert
    Selbstschutz: Deaktiviert
    
    Betriebssystem: Windows 7 Service Pack 1
    CPU: x86
    Dateisystem: NTFS
    Benutzer: Sascha
    
    Suchlauftyp: Bedrohungssuchlauf
    Ergebnis: Abgeschlossen
    Durchsuchte Objekte: 385247
    Abgelaufene Zeit: 45 Min., 25 Sek.
    
    Speicher: Aktiviert
    Start: Aktiviert
    Dateisystem: Aktiviert
    Archive: Aktiviert
    Rootkits: Aktiviert
    Heuristik: Aktiviert
    PUP: Warnen
    PUM: Aktiviert
    
    Prozesse: 0
    (keine bösartigen Elemente erkannt)
    
    Module: 0
    (keine bösartigen Elemente erkannt)
    
    Registrierungsschlüssel: 0
    (keine bösartigen Elemente erkannt)
    
    Registrierungswerte: 0
    (keine bösartigen Elemente erkannt)
    
    Registrierungsdaten: 0
    (keine bösartigen Elemente erkannt)
    
    Ordner: 0
    (keine bösartigen Elemente erkannt)
    
    Dateien: 0
    (keine bösartigen Elemente erkannt)
    
    Physische Sektoren: 0
    (keine bösartigen Elemente erkannt)
    
    
    (end)
             
  • Addition
    Code:
    ATTFilter
    Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:17-04-2016
    durchgeführt von Sascha (2016-04-22 21:42:49)
    Gestartet von C:\Users\Sascha\Desktop
    Microsoft Windows 7 Professional  Service Pack 1 (X86) (2013-06-05 20:58:13)
    Start-Modus: Normal
    ==========================================================
    
    
    ==================== Konten: =============================
    
    Administrator (S-1-5-21-2186534646-70022557-530426099-500 - Administrator - Disabled)
    Gast (S-1-5-21-2186534646-70022557-530426099-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2186534646-70022557-530426099-1004 - Limited - Enabled)
    IWB (S-1-5-21-2186534646-70022557-530426099-1003 - Administrator - Enabled) => C:\Users\IWB
    Sascha (S-1-5-21-2186534646-70022557-530426099-1000 - Administrator - Enabled) => C:\Users\Sascha
    
    ==================== Sicherheits-Center ========================
    
    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
    
    AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
    AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    
    ==================== Installierte Programme ======================
    
    (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
    
    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
    ActivDriver x86 v5.9 (HKLM\...\{3B9BDF03-96EA-424C-9413-45D80C5B2F08}) (Version: 5.9.22 - Promethean)
    ActivInspire Core Resources (DEU) v1 (HKLM\...\{06C9F624-9F53-4C89-9720-1601A295769A}) (Version: 1.6.3 - Promethean)
    ActivInspire Help (DEU) v1 (HKLM\...\{B18A62F5-296F-4BC4-B8DD-A9FB16EE9106}) (Version: 1.6.3 - Promethean)
    ActivInspire HWR Resources (DEU) v1 (HKLM\...\{CB2158F5-B05D-41BF-B8F8-05A85695BA4E}) (Version: 1.7.1 - Promethean)
    ActivInspire v2 (HKLM\...\{84007E42-A06F-4FFE-90D2-85F82CB48615}) (Version: 2.4.66096 - Promethean)
    Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
    Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.05 - Adobe Systems)
    Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
    Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
    AIDA64 Extreme Edition v3.00 (HKLM\...\AIDA64 Extreme Edition_is1) (Version: 3.00 - FinalWire Ltd.)
    AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    Akamai NetSession Interface (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
    Akamai NetSession Interface (HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version:  - Akamai Technologies, Inc)
    Android USB Driver (HKLM\...\Z5 Android USB Driver_is1) (Version:  - )
    Angry Birds (HKLM\...\{370CA4B0-A1D8-4863-A3C5-6879AEE1663A}) (Version: 3.0.0 - Rovio)
    Angry Birds Rio (HKLM\...\{0D637670-BC00-4FAC-8E00-518EB7F65091}) (Version: 1.4.4 - Rovio)
    Angry Birds Seasons (HKLM\...\{A0CDDE99-D170-426F-917E-B2E51EB3B78F}) (Version: 3.2.0 - Rovio Entertainment Ltd.)
    Angry Birds Space (HKLM\...\{561AA971-37EB-4D63-9FB9-810B663B5CC7}) (Version: 1.4.1 - Rovio)
    Angry Birds Star Wars (HKLM\...\{C336AA55-BBA3-4908-886F-25CF6D302D13}) (Version: 1.2.0 - Rovio Entertainment Ltd.)
    AnVir Task Manager (HKLM\...\AnVir Task Manager) (Version:  - AnVir Software)
    Any Video Converter 5.5.1 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
    Ashampoo Photo Optimizer 4 v.4.0.3 (HKLM\...\Ashampoo Photo Optimizer 4_is1) (Version: 4.0.3 - Ashampoo GmbH & Co. KG)
    Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    AuthenTec Fingerprint Software (HKLM\...\{6B99AF03-2668-4572-BD3D-8C7A5D103065}) (Version: 8.5.1.28 - Ihr Firmenname)
    AuthenTec WinBio FingerPrint Software 32-bit (HKLM\...\{580C9CA9-9293-470F-8762-2925A2B3D4B7}) (Version: 3.4.4.1027 - AuthenTec, Inc.)
    Avira Professional Security (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.16.208 - Avira Operations GmbH & Co. KG)
    Bad Piggies (HKLM\...\{9577B943-AEDD-462A-AF22-5F55BB3BFB1D}) (Version: 1.1.0.0 - Rovio)
    Bluetooth Feature Pack 5.0 (HKLM\...\{0439D13F-C7CD-458A-90DE-44135CBD40B8}) (Version: 5.0.13 - CSR Plc.)
    Bouquet Wizard (HKLM\...\BouquetWizard) (Version:  - )
    Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.18.8 - Broadcom Corporation)
    BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
    C4380 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    C4380_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
    calibre (HKLM\...\{8C31E86B-2A66-40E8-BF47-32A25D65DB12}) (Version: 1.15.0 - Kovid Goyal)
    CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
    Chipcardmaster 7.11 (HKLM\...\Chipcardmaster_is1) (Version:  - Dr. Olaf Jacobsen)
    Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.1.08005 - Cisco Systems, Inc.)
    Cisco AnyConnect Secure Mobility Client (Version: 4.1.08005 - Cisco Systems, Inc.) Hidden
    Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Citavi 4 (HKLM\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
    Crazy Machines - Neue Herausforderungen (HKLM\...\{294EF51E-1453-4F42-8792-77DBFB47D0EC}) (Version: 1.12 - FAKT Software GmbH)
    Crazy Machines - Neues aus dem Labor (HKLM\...\{BFF2D920-80F2-46E9-8246-79A20BB9D8B2}) (Version: 1.20 - FAKT Software GmbH)
    Crazy Machines (HKLM\...\{8E6A3B40-DCE3-47D9-835B-FE1AD9C083D0}) (Version: 1.0 - FAKT Software GmbH)
    CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
    DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
    dboxTV v4.0.0.0 (HKLM\...\dboxTV_is1) (Version:  - DsChAeK)
    DeskUpdate (HKLM\...\DeskUpdate_is1) (Version: 4.15.0144 - Fujitsu Technology Solutions)
    DeskViewClient (HKLM\...\{EF1A6D76-8DEB-4C50-88C5-7204D8817C8F}) (Version: 6.55.0093 - Fujitsu Technology Solutions)
    Dexpot (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Dexpot) (Version: 1.6.10 - Dexpot GbR)
    Dexpot (HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dexpot) (Version: 1.6.10 - Dexpot GbR)
    Dkill95 (HKLM\...\Dkill95) (Version:  - )
    DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Dropbox (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
    Dropbox (HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
    DVD Identifier (HKLM\...\DVD Identifier_is1) (Version: 5.2.0 - Kris Schoofs)
    eBeam Capture 2.4.4.11 (HKLM\...\eBeamCapture_is1) (Version: 2.4.4.11 - Luidia, Inc.)
    eBeam Device Service 2.5.0.9 (HKLM\...\eBeamDeviceService_is1) (Version: 2.5.0.9 - Luidia, Inc.)
    eBeam Education Suite 2.5.0.9 (HKLM\...\eBeamInteract_is1) (Version: 2.5.0.9 - Luidia, Inc.)
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
    Extended Asian Language font pack for Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
    FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\2db37667170956ee) (Version: 2.3.3.2 - AVM Berlin)
    FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\2db37667170956ee) (Version: 2.3.3.2 - AVM Berlin)
    Fujitsu Button Utilities (HKLM\...\{207E8B60-07D2-4B7F-97FE-0DA448606861}) (Version: 7.02.0722.2009 - Fujitsu Computer Systems Corporation)
    Fujitsu Display Manager (HKLM\...\InstallShield_{2BDE2BF2-AD90-4191-B3C8-D0046CE54916}) (Version: 7.00.20.200 - Ihr Firmenname)
    Fujitsu Display Manager (Version: 7.00.20.200 - Ihr Firmenname) Hidden
    Fujitsu Hotkey Utility (HKLM\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.0.0 - FUJITSU LIMITED)
    Fujitsu Hotkey Utility (Version: 3.60.0.0 - FUJITSU LIMITED) Hidden
    Fujitsu MobilityCenter Extension Utility (HKLM\...\InstallShield_{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}) (Version: 3.00.00.000 - Ihr Firmenname)
    Fujitsu MobilityCenter Extension Utility (Version: 3.00.00.000 - Ihr Firmenname) Hidden
    Fujitsu System Extension Utility (HKLM\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.1.0.0 - FUJITSU LIMITED)
    Fujitsu System Extension Utility (Version: 3.1.0.0 - FUJITSU LIMITED) Hidden
    GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
    Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
    Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
    HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
    HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version:  - EFD Software)
    HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP)
    HP Photosmart Appliance Printer Driver Software 8.0.D (HKLM\...\{596A8F65-C705-4e68-B85E-CE0B45490712}) (Version: 8.0 - HP)
    HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
    HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
    HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
    hpphotosmartdisclabelplugin (Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HyperCam 2 (HKLM\...\HyperCam 2) (Version: 2.28.01 - Hyperionics Technology LLC)
    ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
    Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
    Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.2 - Intel)
    Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version:  - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM\...\{b56d9ff6-9167-47a4-8563-554f20201871}) (Version: 15.8.0 - Intel Corporation)
    Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
    Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
    JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
    Kodi (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Kodi) (Version:  - XBMC-Foundation)
    Kodi (HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Kodi) (Version:  - XBMC-Foundation)
    Langenscheidt Grammatiktrainer 6.0 Englisch (HKLM\...\Grammatiktrainer 6.0 Englisch) (Version: 01.00.00.00 - Langenscheidt)
    Langenscheidt Grammatiktrainer 6.0 Italienisch (HKLM\...\Grammatiktrainer 6.0 Italienisch) (Version: 01.00.00.00 - Langenscheidt)
    Langenscheidt Grammatiktrainer 6.0 Spanisch (HKLM\...\Grammatiktrainer 6.0 Spanisch) (Version: 01.00.00.00 - Langenscheidt)
    Langenscheidt Kurs 1 6.0 Englisch (HKLM\...\Kurs 1 6.0 Englisch) (Version: 01.00.00.00 - Langenscheidt)
    Langenscheidt Kurs 2 6.0 Englisch (HKLM\...\Kurs 2 6.0 Englisch) (Version: 01.00.00.00 - Langenscheidt)
    Langenscheidt Kurs 2 6.0 Italienisch (HKLM\...\Kurs 2 6.0 Italienisch) (Version: 01.00.00.00 - Langenscheidt)
    Langenscheidt Kurs 2 6.0 Spanisch (HKLM\...\Kurs 2 6.0 Spanisch) (Version: 01.00.00.00 - Langenscheidt)
    Langenscheidt Kurs 6.0 Italienisch (HKLM\...\Kurs 6.0 Italienisch) (Version: 01.00.00.00 - Langenscheidt)
    Langenscheidt Kurs 6.0 Spanisch (HKLM\...\Kurs 6.0 Spanisch) (Version: 01.00.00.00 - Langenscheidt)
    Langenscheidt Vokabeltrainer 6.0 Englisch (HKLM\...\{67F91DB9-1958-4328-869C-032415F04AD1}) (Version: 6.0.21 - Langenscheidt)
    Langenscheidt Vokabeltrainer 6.0 Italienisch (HKLM\...\{39DFF58C-ECB7-4317-BC1E-C567ABDBE31C}) (Version: 6.0.21 - Langenscheidt)
    Langenscheidt Vokabeltrainer 6.0 Spanisch (HKLM\...\{C2FFB8DE-7713-4A56-8EFA-C9126955BFDD}) (Version: 6.0.21 - Langenscheidt)
    LenovoUsbDriver 1.0.4 (HKLM\...\LenovoUsbDriver) (Version: 1.0.4 - Lenovo)
    lingDIALOG (HKLM\...\InstallShield_{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}) (Version: 3.0908 - WEVOSYS)
    lingDIALOG (Version: 3.0908 - WEVOSYS) Hidden
    LinuxLive USB Creator (HKLM\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
    LSI V92 MOH Application (HKLM\...\LTMOH) (Version:  - LSI Corporation)
    MakeMKV v1.8.6 (HKLM\...\MakeMKV) (Version: v1.8.6 - GuinpinSoft inc)
    Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    MATLAB R2014a (HKLM\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
    MediaManager (HKLM\...\MediaManager) (Version:  - )
    Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\OneDriveSetup.exe) (Version: 17.3.5930.0814 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.5930.0814 - Microsoft Corporation)
    Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPRO) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
    Minimal ADB and Fastboot version 1.1.3 (HKLM\...\{DE46417A-9E9E-4BCD-BBDD-DA21943193BB}_is1) (Version: 1.1.3 - )
    Mozilla Firefox 45.0.2 (x86 de) (HKLM\...\Mozilla Firefox 45.0.2 (x86 de)) (Version: 45.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MyScript Stylus 2.6 (HKLM\...\MyScript Stylus_is1) (Version: 2.6.0.11 - Vision Objects)
    MyScript Stylus Shared Files (HKLM\...\{FCB95BA2-F685-48D0-AB04-C88E79133B75}) (Version: 1.0.0 - Vision Objects)
    NAVIGON Fresh 3.5.1 (HKLM\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
    Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
    Nitro Pro 8 (HKLM\...\{024201B6-AE55-4A53-B17C-00D4906990F8}) (Version: 8.5.4.11 - Nitro)
    Nitro Pro 9 (HKLM\...\{0E4D0DAF-ADE8-45E3-8B1B-2AFD78BCB064}) (Version: 9.0.4.5 - Nitro)
    Nmap 6.46 (HKLM\...\Nmap) (Version:  - )
    No23 Recorder (HKLM\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
    Noten-Manager 7.1 (HKLM\...\{3697BA5C-3C7E-436C-A783-677160B31B9F}) (Version: 1.0.0 - schule_kranz)
    Novacomd (HKLM\...\{BA9A297F-0198-4EE8-90CB-F5036C180E1D}) (Version: 1.0.0.76 - Palm, Inc.)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - )
    O2Micro Flash Memory Card Windows Driver (HKLM\...\InstallShield_{469ED3E8-D21E-40E8-B00F-63516D26FAE3}) (Version: 3.00.0006 - O2Micro International LTD.)
    O2Micro Flash Memory Card Windows Driver (Version: 3.00.0006 - O2Micro International LTD.) Hidden
    OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
    OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
    Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
    Oracle VM VirtualBox 4.2.14 (HKLM\...\{F56A55E8-F340-484B-83A5-39C440F0407C}) (Version: 4.2.14 - Oracle Corporation)
    Origin (HKLM\...\Origin) (Version: 9.3.2.2730 - Electronic Arts, Inc.)
    Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    OZ711 SCR Driver  (HKLM\...\InstallShield_{5C3EA21C-22C0-4A44-BE58-D8CBB2F2B6B2}) (Version: 3.0.1.6D - O2Micro)
    OZ711 SCR Driver  (Version: 3.0.1.6D - O2Micro) Hidden
    PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
    Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
    Power Saving Utility (HKLM\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version: 31.00.11.006 - FUJITSU LIMITED)
    Power Saving Utility (Version: 31.00.11.006 - FUJITSU LIMITED) Hidden
    Protector Suite 2012 (HKLM\...\{C767056D-3CE2-442D-BC78-F05E94F450D0}) (Version: 5.9.8.7279 - Authentec Inc.)
    PS_AIO_02_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    PS_AIO_02_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    PS_AIO_02_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
    PSPad editor (HKLM\...\PSPad editor_is1) (Version: 4.5.7.2450 - Jan Fiala)
    psynetic® Gif-X 3.00 (HKLM\...\psynetic® Gif-X) (Version: 3.00 - Robert Mundt)
    Python 2.7 lxml-3.3.5 (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\lxml-py2.7) (Version:  - )
    Python 2.7 lxml-3.3.5 (HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\lxml-py2.7) (Version:  - )
    Python 2.7.8 (HKLM\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
    QIP 2012 4.0.9340 (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\QIP 2012) (Version: 4.0.9340 - )
    QIP 2012 4.0.9340 (HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\QIP 2012) (Version: 4.0.9340 - )
    QIP Infium 3.0.9044 (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\QIP Infium) (Version: 3.0.9044 - )
    QIP Infium 3.0.9044 (HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\QIP Infium) (Version: 3.0.9044 - )
    QIP Internet Guardian (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\QipGuard) (Version:  - )
    QIP Internet Guardian (HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\QipGuard) (Version:  - )
    Rainlendar2 (remove only) (HKLM\...\Rainlendar2) (Version:  - )
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
    Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
    Sandboxie 4.16 (32-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
    Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Secure Download Manager (HKLM\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
    Security Panel (HKLM\...\InstallShield_{45CA9B23-5EF8-43AA-9851-E9E062BF0147}) (Version: 2.1.0.0 - FUJITSU LIMITED)
    Security Panel Application (Version: 2.1.0.0 - FUJITSU LIMITED) Hidden
    Security Panel Application for Supervisor (Version: 2.1.0.0 - FUJITSU LIMITED) Hidden
    Security Panel for Supervisor (HKLM\...\InstallShield_{17F82182-0E3D-4A14-8843-5ECBFAF4F12F}) (Version: 2.1.0.0 - FUJITSU LIMITED)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version:  - Microsoft)
    Shock Sensor Utility (HKLM\...\InstallShield_{827517C3-9B89-458E-A8F2-96DD24BDFE29}) (Version: 2.2.0.0 - FUJITSU LIMITED)
    Shock Sensor Utility (HKLM\...\InstallShield_{ABE8CE7E-01CC-4500-BAF5-FFC29EA108A1}) (Version: 4.00.01.000 - Ihr Firmenname)
    Shock Sensor Utility (Version: 2.2.0.0 - FUJITSU LIMITED) Hidden
    Shock Sensor Utility (Version: 4.00.01.000 - Ihr Firmenname) Hidden
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
    Sierra Wireless AirCard Watcher (HKLM\...\{CE619CFC-F5C0-43CC-AA66-BEDDA623CCA1}) (Version: 6.0.2849.0001 - Sierra Wireless Inc.)
    SimpleTV 0.4.6 r (HKLM\...\{290A2821-B1F8-4565-B49A-25F349A5B5CB}_is1) (Version:  - SergeyVS)
    Skype™ 7.21 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
    SlimDrivers (HKLM\...\{746AB259-6474-4111-8966-1C62F9A6E063}) (Version: 2.3.1 - SlimWare Utilities, Inc.)
    SMART Ink (HKLM\...\{FC69B741-DC56-4591-97A2-A6BA211B7E76}) (Version: 2.2.589.1 - SMART Technologies ULC)
    SMART Notebook (HKLM\...\{84579080-E961-4DE7-93AB-5E2B81A96387}) (Version: 14.1.843.0 - SMART Technologies ULC)
    SMART Produkttreiber (HKLM\...\{890680EC-2F88-47F0-970C-593081E62593}) (Version: 11.6.428.0 - SMART Technologies ULC)
    SmartPack 1.19.0 (HKLM\...\PlexUtil) (Version: 1.19.0 - PLDS)
    SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
    Snip (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\{525d439e-e22a-4221-8fd1-25b845fe0038}) (Version: 0.1.5119.0 - Microsoft Corporation)
    Snip (HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{525d439e-e22a-4221-8fd1-25b845fe0038}) (Version: 0.1.5119.0 - Microsoft Corporation)
    Snip (Version: 0.1.5119.0 - Microsoft) Hidden
    SolidWorks 2014 German Resources (Version: 22.120.40 - SolidWorks Corporation) Hidden
    SolidWorks 2014 SP02 (HKLM\...\SolidWorks Installation Manager 20140-40200-1100-200) (Version: 22.2.0.40 - SolidWorks Corporation)
    SolidWorks 2014 SP02 (Version: 22.120.40 - SolidWorks) Hidden
    SolidWorks Composer Player 2014 SP02 (Version: 22.20.40 - Dassault Systemes SolidWorks) Hidden
    SolidWorks eDrawings 2014 SP02 (Version: 14.2.116 - Dassault Systèmes SolidWorks Corp) Hidden
    SolidWorks Flow Simulation 2014 SP02 (Version: 22.20.41 - SolidWorks Corporation) Hidden
    SolidWorks Plastics 2014 SP02 (Version: 22.20.40 - SolidWorks Corporation) Hidden
    Sony Ericsson PC Companion 1.60.13 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 1.60.13 - Sony Ericsson)
    SopCast 3.5.0 (HKLM\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
    Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
    Stifttablett (HKLM\...\Pen Tablet Driver) (Version: 5.1.1.11 - Wacom Technology Corp.)
    SuperEasy Driver Updater v.1.1.1 (HKLM\...\{039BC111-D60F-A6FF-85F4-7992EA886B8D}_is1) (Version: 1.1.1 - SuperEasy Software GmbH & Co. KG)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
    TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
    TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
    The Video Diary (HKLM\...\The Video Diary) (Version: 1.1 - www.TheVideoDiary.com)
    TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
    TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
    Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
    Torrent Stream 2.0.8.11.1 (HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\TorrentStream) (Version: 2.0.8.11.1 - Torrent Stream)
    Torrent Stream 2.0.8.11.1 (HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\TorrentStream) (Version: 2.0.8.11.1 - Torrent Stream)
    Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
    Transfer Utility (HKLM\...\{0ECE15AC-CB68-40EC-B70D-1B220717844C}) (Version: 1.00.012 - PIXELA)
    UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
    URL Snooper v2.35.02 (HKLM\...\URLSnooper 2_is1) (Version:  - DonationCoder.com)
    USB2.0 Digital Camera (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 1.8.1224.01 - Vimicro Corporation)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
    WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6000 - Broadcom Corporation)
    Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
    Windows Driver Package - Palm (WinUSB) Palm Devices  (10/09/2009 1.0.1) (HKLM\...\332CCC08910F1AE2E4D90D25DEDE87E3EF797832) (Version: 10/09/2009 1.0.1 - Palm)
    Windows-Treiberpaket - Fujitsu America, Inc. (FjBtnDrv) HIDClass  (08/27/2009 4.2.0827.2009) (HKLM\...\F02860D720F53C6FCD75A013226E3E82F54FAB68) (Version: 08/27/2009 4.2.0827.2009 - Fujitsu America, Inc.)
    Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (12/06/2010 4.0.0000.00000) (HKLM\...\76F6B4A696B8C9A7ACFF01D4E1D6EF2D974C3E67) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
    Windows-Treiberpaket - MediaTek Inc. (usbser) Ports  (01/05/2012 2.0000.0.1) (HKLM\...\49D9ABA9270C5BDFD7AE1BEB607D36B26BB90235) (Version: 01/05/2012 2.0000.0.1 - MediaTek Inc.)
    Windows-Treiberpaket - MediaTek Inc. (usbser) Ports  (09/01/2011 2.0.1136.0) (HKLM\...\32DC281B7E359EA3D16ECC7D98609F6A592B981D) (Version: 09/01/2011 2.0.1136.0 - MediaTek Inc.)
    Windows-Treiberpaket - MediaTek Inc. (usbser) Ports  (12/24/2011 2.0000.0.0) (HKLM\...\D0E6296D177F42BB31C0200E49412003DB6C4633) (Version: 12/24/2011 2.0000.0.0 - MediaTek Inc.)
    Windows-Treiberpaket - MediaTek Inc. Net  (07/14/2011 1.1129.00) (HKLM\...\8BC3CF920AF63C7AEF78B82D1C60D94704FB95CD) (Version: 07/14/2011 1.1129.00 - MediaTek Inc.)
    Windows-Treiberpaket - Microsoft (WUDFRd) WPD  (02/22/2006 5.2.5326.4762) (HKLM\...\B77DDB8A5697AAF5DA4E4859E53C301B877DD206) (Version: 02/22/2006 5.2.5326.4762 - Microsoft)
    WinHTTrack Website Copier 3.48-21 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.21 - HTTrack)
    WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
    WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    Wireless Selector (HKLM\...\InstallShield_{51202133-E0F9-4314-ACA4-AACBA46A6C69}) (Version: 4.00.00.100 - FUJITSU LIMITED)
    Wireless Selector (Version: 4.00.00.100 - FUJITSU LIMITED) Hidden
    XYplorer 13.40 (HKLM\...\XYplorer) (Version: 13.40 - Donald Lessau)
    YouTube PowerPoint (HKLM\...\{496B5310-3EEB-4412-B3CC-0D013AB916CC}) (Version: 2.0.0 - PPTAlchemy)
    
    ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
    
    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
    
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\shlxthdl.dll => Keine Datei
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Sascha\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{28E3B95D-371D-42D5-A276-8A3EE70100FD}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Sascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> D:\OpenOffice\INSTALLATION\program\soffice.exe -nodefault -nologo => Keine Datei
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\shlxthdl.dll => Keine Datei
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\shlxthdl.dll => Keine Datei
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\ooofilt.dll => Keine Datei
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> D:\OpenOffice\INSTALLATION\program\soffice.exe -nodefault -nologo => Keine Datei
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Sascha\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Sascha\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\propertyhdl.dll => Keine Datei
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Sascha\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Sascha\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\shlxthdl.dll => Keine Datei
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> D:\OpenOffice\INSTALLATION\program\soffice.exe -nodefault -nologo => Keine Datei
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> D:\OpenOffice\INSTALLATION\program\soffice.exe -nodefault -nologo => Keine Datei
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> D:\OpenOffice\INSTALLATION\program\soffice.exe -nodefault -nologo => Keine Datei
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Sascha\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
    
    ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
    
    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
    
    Task: {03531F76-EDF1-402D-BAA0-D324555F9BDC} - System32\Tasks\Schnellstart => Rundll32.exe powrprof.dll,SetSuspendState Hibernate
    Task: {431FBC2C-0EF4-4E5F-A693-4FD93D052F2E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2186534646-70022557-530426099-1000Core => C:\Users\Sascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
    Task: {68AC8C81-D4EF-4001-87B2-FFC607A59D33} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
    Task: {A332F39B-AF1E-4B60-AAF5-E55D2084D584} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
    Task: {A7255C0B-70B2-4860-AA79-660C24543C40} - System32\Tasks\Fujitsu\DeskUpdate => C:\Program Files\Fujitsu\DeskUpdate\ducmd.exe [2015-06-15] (Fujitsu Technology Solutions)
    Task: {C88E4571-AFD3-45A3-A0F5-DABF9E6CDDE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-16] (Google Inc.)
    Task: {DBFC2214-B439-4573-B475-BF34B04460FA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2186534646-70022557-530426099-1000UA => C:\Users\Sascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
    Task: {F0C6B1B3-9A5F-44A3-88A7-E7FC1FE4C4CA} - System32\Tasks\MATLAB R2014a Startup Accelerator => E:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe [2014-01-29] ()
    
    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
    
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2186534646-70022557-530426099-1000Core.job => C:\Users\Sascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2186534646-70022557-530426099-1000UA.job => C:\Users\Sascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job => E:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe
    Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: C:\Windows\Tasks\User_Feed_Synchronization-{07CCC520-5524-4F5E-AEB1-296B99396CD2}.job => C:\Windows\system32\msfeedssync.exe
    
    ==================== Verknüpfungen =============================
    
    (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
    
    Shortcut: C:\Users\Sascha\Desktop\Sonstiges\Synaptics Neustart.bat - Verknüpfung.lnk -> C:\Users\Sascha\Desktop\Sonstiges\Synaptics Neustart.bat ()
    Shortcut: C:\Users\Sascha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Synaptics Neustart.bat - Verknüpfung.lnk -> C:\Users\Sascha\Desktop\Sonstiges\Synaptics Neustart.bat ()
    
    ==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
    
    2015-11-03 12:21 - 2015-11-03 12:21 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
    2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2008-10-09 10:25 - 2008-10-09 10:25 - 00062760 _____ () C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
    2013-03-10 19:58 - 2013-03-10 19:58 - 02598496 _____ () C:\Program Files\Rainlendar2\Rainlendar2.exe
    2012-05-16 21:01 - 2012-05-16 21:01 - 00140800 _____ () C:\Program Files\Rainlendar2\lua52.dll
    2013-03-10 19:59 - 2013-03-10 19:59 - 00215648 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
    2012-06-17 15:22 - 2012-06-17 15:22 - 00012800 _____ () C:\Program Files\Rainlendar2\lfs.dll
    2013-06-05 23:57 - 2008-04-28 07:32 - 00647168 _____ () C:\Windows\system32\vmprp331.ax
    2016-04-16 12:57 - 2016-03-21 23:50 - 00034768 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
    2016-04-16 12:57 - 2016-03-21 23:51 - 00019408 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\faulthandler.pyd
    2016-04-16 12:57 - 2016-03-21 23:50 - 00116688 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\pywintypes27.dll
    2016-04-16 12:57 - 2016-03-21 23:50 - 00093640 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\_ctypes.pyd
    2016-04-16 12:57 - 2016-03-21 23:50 - 00018376 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\select.pyd
    2016-04-16 12:57 - 2016-04-08 20:20 - 00019760 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
    2016-04-16 12:57 - 2016-03-21 23:52 - 00105928 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32api.pyd
    2016-04-16 12:57 - 2016-03-21 23:50 - 00392144 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\pythoncom27.dll
    2016-04-16 12:57 - 2016-04-08 20:20 - 00381752 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
    2016-04-16 12:57 - 2016-03-21 23:50 - 00692688 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\unicodedata.pyd
    2016-04-16 12:57 - 2016-04-08 20:19 - 00020816 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
    2016-04-16 12:57 - 2016-03-21 23:51 - 00112592 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
    2016-04-16 12:57 - 2016-04-08 20:19 - 01682760 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
    2016-04-16 12:57 - 2016-04-08 20:19 - 00020808 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
    2016-04-16 12:57 - 2016-04-08 20:20 - 00021840 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
    2016-04-16 12:57 - 2016-04-08 20:19 - 00038696 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\fastpath.pyd
    2016-04-16 12:57 - 2016-03-21 23:52 - 00020936 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\mmapfile.pyd
    2016-04-16 12:57 - 2016-03-21 23:52 - 00024528 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32event.pyd
    2016-04-16 12:57 - 2016-03-21 23:52 - 00114640 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32security.pyd
    2016-04-16 12:57 - 2016-03-21 23:52 - 00124880 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32file.pyd
    2016-04-16 12:57 - 2016-04-08 20:20 - 00021832 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
    2016-04-16 12:57 - 2016-03-21 23:52 - 00024016 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
    2016-04-16 12:57 - 2016-03-21 23:52 - 00175560 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32gui.pyd
    2016-04-16 12:57 - 2016-03-21 23:52 - 00030160 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32pipe.pyd
    2016-04-16 12:57 - 2016-03-21 23:52 - 00043472 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32process.pyd
    2016-04-16 12:57 - 2016-03-21 23:52 - 00028616 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32ts.pyd
    2016-04-16 12:57 - 2016-03-21 23:52 - 00048592 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32service.pyd
    2016-04-16 12:57 - 2016-04-08 20:19 - 00026456 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
    2016-04-16 12:57 - 2016-03-21 23:52 - 00057808 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
    2016-04-16 12:57 - 2016-03-21 23:52 - 00024016 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\win32profile.pyd
    2016-04-16 12:57 - 2016-04-08 20:19 - 00117056 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
    2016-04-16 12:57 - 2016-04-08 20:20 - 00023376 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
    2016-04-16 12:57 - 2016-03-21 23:50 - 00134608 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\_elementtree.pyd
    2016-04-16 12:57 - 2016-03-21 23:50 - 00134088 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\pyexpat.pyd
    2016-04-16 12:57 - 2016-03-21 23:51 - 00240584 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\jpegtran.pyd
    2016-04-16 12:57 - 2016-04-08 20:19 - 00024392 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
    2016-04-16 12:57 - 2016-03-21 23:52 - 00036296 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\librsync.dll
    2016-04-16 12:57 - 2016-04-08 20:19 - 00052024 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
    2016-04-16 12:57 - 2016-04-08 20:20 - 00020800 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
    2016-04-16 12:57 - 2016-04-08 20:20 - 00021824 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
    2016-04-16 12:57 - 2016-04-08 20:20 - 00019776 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
    2016-04-16 12:57 - 2016-04-08 20:20 - 00020800 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
    2016-04-16 12:57 - 2016-04-08 20:19 - 00020280 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
    2016-04-16 12:57 - 2016-03-21 23:52 - 00350152 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\winxpgui.pyd
    2016-04-16 12:57 - 2016-04-08 20:20 - 00022352 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
    2016-04-16 12:57 - 2016-04-08 20:19 - 00084280 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
    2016-04-16 12:57 - 2016-04-08 20:20 - 01826096 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
    2016-04-16 12:57 - 2016-03-21 23:51 - 00083912 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\sip.pyd
    2016-04-16 12:57 - 2016-04-08 20:20 - 03928880 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
    2016-04-16 12:57 - 2016-04-08 20:20 - 01971504 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
    2016-04-16 12:57 - 2016-04-08 20:20 - 00531248 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
    2016-04-16 12:57 - 2016-04-08 20:20 - 00132912 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
    2016-04-16 12:57 - 2016-04-08 20:20 - 00223544 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
    2016-04-16 12:57 - 2016-04-08 20:20 - 00207672 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
    2016-04-16 12:57 - 2016-04-08 20:20 - 00158008 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
    2016-04-16 12:57 - 2016-04-08 20:20 - 00042808 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
    2016-04-16 12:57 - 2016-03-21 23:54 - 00017864 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\libEGL.dll
    2016-04-16 12:57 - 2016-03-21 23:54 - 01631184 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2016-04-16 12:57 - 2016-04-08 20:20 - 00546096 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
    2016-04-16 12:57 - 2016-04-08 20:20 - 00357680 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
    2016-04-16 12:57 - 2016-03-21 23:56 - 00697304 _____ () C:\Users\Sascha\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
    2015-08-12 23:15 - 2015-08-08 02:13 - 01405768 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.155\libglesv2.dll
    2015-08-12 23:15 - 2015-08-08 02:13 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.155\libegl.dll
    
    ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
    
    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
    
    AlternateDataStreams: C:\Windows:nlsPreferences [514]
    AlternateDataStreams: C:\Users\Sascha\Documents\SPSS:com.dropbox.attributes [168]
    
    ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
    
    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
    
    
    ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
    
    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
    
    
    ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
    
    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
    
    
    ==================== Hosts Inhalt: ==========================
    
    (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
    
    2014-09-10 18:25 - 2014-11-04 23:21 - 00001974 ____A C:\Windows\system32\Drivers\etc\hosts
    
    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 lmlicenses.wip4.adobe.com
    127.0.0.1 lm.licenses.adobe.com
    127.0.0.1 activate.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 lmlicenses.wip4.adobe.com127.0.0.1 tonec.com
    127.0.0.1 www.tonec.com127.0.0.1 internetdownloadmanager.com127.0.0.1 star.tonec.com
    184.173.188.107 localhost 127.0.0.1 home.sopserv.com 
    
    ==================== Andere Bereiche ============================
    
    (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
    
    HKU\S-1-5-21-2186534646-70022557-530426099-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    HKU\S-1-5-21-2186534646-70022557-530426099-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\IWB\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall ist deaktiviert.
    
    ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
    
    (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
    
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FRITZ!DSL Startcenter.lnk => C:\Windows\pss\FRITZ!DSL Startcenter.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks 2014 Schnellstart.lnk => C:\Windows\pss\SolidWorks 2014 Schnellstart.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Sascha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FRITZ!DSL Protect.lnk => C:\Windows\pss\FRITZ!DSL Protect.lnk.Startup
    MSCONFIG\startupreg: ActivManager => C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: AVMUSBFernanschluss => "C:\Users\Sascha\AppData\Local\Apps\2.0\LLAXTKYE.MD6\OQP2CGHO.J48\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\AVMAutoStart.exe"
    MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
    MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    MSCONFIG\startupreg: LtMoh => C:\Program Files\ltmoh\Ltmoh.exe
    MSCONFIG\startupreg: QIP Internet Guardian => C:\Users\Sascha\AppData\Roaming\QipGuard\QipGuard.exe /p
    MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
    MSCONFIG\startupreg: sbsdk-server => "C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe"
    MSCONFIG\startupreg: SMART Board Service => "C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe" -d
    MSCONFIG\startupreg: SMART Floating Tools => "C:\Program Files\SMART Technologies\Education Software\FloatingTools.exe"
    MSCONFIG\startupreg: SMART Ink => "C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe" -a
    MSCONFIG\startupreg: SMART Tray Tools => "C:\Program Files\SMART Technologies\Education Software\SMARTSystemMenu.exe"
    MSCONFIG\startupreg: SMARTNotification => "C:\Program Files\SMART Technologies\Education Software\SMARTNotification.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    
    ==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
    
    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
    
    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{A83C87B6-9C47-4329-A981-313B7B553DE4}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{245525EE-8D2C-4455-9B8F-AB60362FA866}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
    FirewallRules: [{F1CB6BE8-635C-444E-AE96-A2E46AB81277}] => (Allow) D:\Program Files\Opera\opera.exe
    FirewallRules: [{2C1EB595-8602-4EE9-8D7E-61EB61AEF740}] => (Allow) D:\Program Files\Opera\opera.exe
    FirewallRules: [{8D98E885-2D75-4487-AE44-DF580D4977CE}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{7F27EEF5-AC05-489D-BBB7-CE0D21F3AED9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{ED3AE3F5-B686-4C72-8349-E0522F73E6D6}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{757F737F-676D-4FA5-9B05-82023E1930B5}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{527D3E2B-6D36-4533-8010-7E6E8EDA3A3F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
    FirewallRules: [{C0DC2148-E407-499E-94CA-355DFCA61F87}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{641F97BA-D8B3-438C-8FAF-8312D118C44E}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
    FirewallRules: [{842EDFE3-C585-4F3F-B1B6-4783E1D8EB29}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
    FirewallRules: [{42818F63-DA5A-4B37-8093-A1FD74DF2624}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
    FirewallRules: [{FD0B82AD-7ED6-4393-9AD3-1CA9441AFE44}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
    FirewallRules: [{9A132DC9-71FF-4828-8E1D-36FEDB948A54}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
    FirewallRules: [{A4111A70-377C-4BAE-9F9D-0B800E22CA8A}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [{8B3C1031-8B28-44DA-B884-A725AC8C72A7}] => (Allow) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{A32F2FD6-22B2-41C9-ABB3-4873F9197A33}] => (Allow) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{BDBDEA11-B09F-4E5B-A132-6C59EC8923BA}] => (Allow) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{F14909D0-1813-40A0-A08F-3595689F7D9A}] => (Allow) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{923120DE-F6E0-4684-AAE1-8BD4BC4AE6F7}] => (Allow) D:\Program Files\Opera\opera.exe
    FirewallRules: [{74226C5C-1393-4DC5-B5CA-77BC76604BC0}] => (Allow) D:\Program Files\Opera\opera.exe
    FirewallRules: [{9CADDBC4-A5F0-4C1B-AC05-8B773BBDE4A8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{B9298326-F53C-494C-854F-B740A552A642}] => (Allow) E:\Program Files\Steam\Steam.exe
    FirewallRules: [{D127F059-E7D2-4535-9AEF-CC127E8A3CE9}] => (Allow) E:\Program Files\Steam\Steam.exe
    FirewallRules: [{707F581C-EC89-4558-8571-F047E168334F}] => (Allow) C:\Program Files\SMART Technologies\Education Software\UCGui.exe
    FirewallRules: [{93941037-1AC9-4C7A-AC45-357FBF5F0A15}] => (Allow) C:\Program Files\SMART Technologies\Education Software\UCGui.exe
    FirewallRules: [{66A42203-55E6-4F88-B32C-6A881C9B768F}] => (Allow) C:\Program Files\SMART Technologies\Education Software\UCService.exe
    FirewallRules: [{D19E6BF9-2484-44DF-B2E4-ACC256D7C0EB}] => (Allow) C:\Program Files\SMART Technologies\Education Software\UCService.exe
    FirewallRules: [{2299909A-DF84-444A-B595-AC255F6BD843}] => (Allow) C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe
    FirewallRules: [{FD5C8F3B-ADF7-4C31-955D-AE743F24077B}] => (Allow) C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe
    FirewallRules: [{92A5C3E4-08B8-4AF5-B661-C65BDB2C274B}] => (Allow) C:\Program Files\SMART Technologies\Education Software\Notebook.exe
    FirewallRules: [{1AC759F0-EFEC-441F-ADD7-F6C87593A8A3}] => (Allow) C:\Program Files\SMART Technologies\Education Software\Notebook.exe
    FirewallRules: [{13C4DDC3-1D66-4029-90B9-23A89E36BC5B}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
    FirewallRules: [{B85DE4CD-FEF0-472B-B9C4-06905561C7E4}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
    FirewallRules: [{F24756D4-F4BB-40CA-892C-90DB818FA866}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
    FirewallRules: [{2937378E-6C9E-43B3-9444-E6C675FB999F}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
    FirewallRules: [{361A70E2-63E2-4EB6-9128-4518D860275B}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
    FirewallRules: [{AB8FE976-A1C3-4E9D-9597-24788DB0698F}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
    FirewallRules: [{F70BDE79-70B2-49DB-B3E5-98D0D4E5C078}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{66AC216C-92FE-404D-971C-E5200C2A3ED4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{303EC7BE-8463-495C-985E-1C10D8ACA5B2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
    FirewallRules: [{F312D27E-AA80-4C2F-ADFD-F45DC45CFD63}] => (Allow) C:\Users\Sascha\AppData\Local\Apps\2.0\LLAXTKYE.MD6\OQP2CGHO.J48\frit..tion_1acae14e4778b8d2_0002.0003_60014d656f6786b9\fritzbox-usb-fernanschluss.exe
    FirewallRules: [{7EEBA0E5-7AF5-4440-B832-AAA61F4540A8}] => (Allow) C:\Users\Sascha\AppData\Local\Apps\2.0\LLAXTKYE.MD6\OQP2CGHO.J48\frit..tion_1acae14e4778b8d2_0002.0003_60014d656f6786b9\fritzbox-usb-fernanschluss.exe
    FirewallRules: [{E419D278-7C82-436E-9F21-C6ECF689FD2F}] => (Allow) C:\Users\Sascha\AppData\Local\Apps\2.0\LLAXTKYE.MD6\OQP2CGHO.J48\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
    FirewallRules: [{1354F72F-CACF-4F26-856E-7B0F8B948875}] => (Allow) C:\Users\Sascha\AppData\Local\Apps\2.0\LLAXTKYE.MD6\OQP2CGHO.J48\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
    FirewallRules: [{9892A008-27C3-492C-8EA2-2E31704CB3E0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{AE5593C2-C283-454A-9317-D6CE20CDB0FD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{8A6FB239-06FC-4976-93F2-BB37F710D243}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{925717CE-0A4F-47DF-850E-EA3A35067E9E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{B60ECD7B-936F-45D7-BE29-C089964D0BF2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{CD055597-24CE-47BF-B98F-64934E30BCE7}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    StandardProfile\AuthorizedApplications: [C:\Users\Sascha\AppData\Local\Temp\RarSFX0\SwiApiMux.exe] => Enabled:SwiApiMux
    StandardProfile\AuthorizedApplications: [C:\Program Files\Sierra Wireless Inc\3G Watcher2\TRUUpdater.exe] => C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater
    
    ==================== Wiederherstellungspunkte =========================
    
    ACHTUNG: Systemwiederherstellung ist deaktiviert
    
    ==================== Fehlerhafte Geräte im Gerätemanager =============
    
    Name: SMART Virtual TabletPC
    Description: SMART Virtual TabletPC
    Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Manufacturer: SMART Technologies ULC
    Service: SMARTVTabletPCx86
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
    
    Name: Photosmart C4380 series
    Description: Photosmart C4380 series
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: HP
    Service: StillCam
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
    
    Name: Photosmart C4380 series
    Description: Photosmart C4380 series
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service: 
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
    
    Name: Officejet 9100 series
    Description: Officejet 9100 series
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: hewlett-packard
    Service: 
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
    
    Name: Officejet 9100 series
    Description: Officejet 9100 series
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: hewlett-packard
    Service: 
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
    
    Name: Officejet 9100 series
    Description: Officejet 9100 series
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: hewlett-packard
    Service: 
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
    
    Name: Officejet 9100 series
    Description: Officejet 9100 series
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: hewlett-packard
    Service: 
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
    
    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: vpnva
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
    
    Name: VirtualBox Host-Only Ethernet Adapter
    Description: VirtualBox Host-Only Ethernet Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Oracle Corporation
    Service: VBoxNetAdp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
    
    
    ==================== Fehlereinträge in der Ereignisanzeige: =========================
    
    Applikationsfehler:
    ==================
    Error: (04/22/2016 07:59:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    
    Error: (04/22/2016 03:15:18 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Name der fehlerhaften Anwendung: IGDCTRL.EXE, Version: 3.9.11.2001, Zeitstempel: 0x4a6f013d
    Name des fehlerhaften Moduls: upnpapicli.dll, Version: 4.0.104.2001, Zeitstempel: 0x4a6f0122
    Ausnahmecode: 0xc0000005
    Fehleroffset: 0x00018138
    ID des fehlerhaften Prozesses: 0xa9c
    Startzeit der fehlerhaften Anwendung: 0xIGDCTRL.EXE0
    Pfad der fehlerhaften Anwendung: IGDCTRL.EXE1
    Pfad des fehlerhaften Moduls: IGDCTRL.EXE2
    Berichtskennung: IGDCTRL.EXE3
    
    Error: (04/22/2016 02:00:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    
    Error: (04/22/2016 12:06:06 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Name der fehlerhaften Anwendung: IGDCTRL.EXE, Version: 3.9.11.2001, Zeitstempel: 0x4a6f013d
    Name des fehlerhaften Moduls: upnpapicli.dll, Version: 4.0.104.2001, Zeitstempel: 0x4a6f0122
    Ausnahmecode: 0xc0000005
    Fehleroffset: 0x00018138
    ID des fehlerhaften Prozesses: 0xb58
    Startzeit der fehlerhaften Anwendung: 0xIGDCTRL.EXE0
    Pfad der fehlerhaften Anwendung: IGDCTRL.EXE1
    Pfad des fehlerhaften Moduls: IGDCTRL.EXE2
    Berichtskennung: IGDCTRL.EXE3
    
    Error: (04/21/2016 08:19:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    
    Error: (04/20/2016 09:45:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    
    Error: (04/20/2016 05:48:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    
    Error: (04/20/2016 05:47:09 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Name der fehlerhaften Anwendung: IGDCTRL.EXE, Version: 3.9.11.2001, Zeitstempel: 0x4a6f013d
    Name des fehlerhaften Moduls: upnpapicli.dll, Version: 4.0.104.2001, Zeitstempel: 0x4a6f0122
    Ausnahmecode: 0xc0000005
    Fehleroffset: 0x00018138
    ID des fehlerhaften Prozesses: 0xac0
    Startzeit der fehlerhaften Anwendung: 0xIGDCTRL.EXE0
    Pfad der fehlerhaften Anwendung: IGDCTRL.EXE1
    Pfad des fehlerhaften Moduls: IGDCTRL.EXE2
    Berichtskennung: IGDCTRL.EXE3
    
    Error: (04/20/2016 05:35:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    
    Error: (04/19/2016 08:25:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    
    
    Systemfehler:
    =============
    Error: (04/22/2016 09:11:08 PM) (Source: SCardSvr) (EventID: 610) (User: )
    Description: Die Smartcard konnte nicht zurückgesetzt werden.O2Micro PCMCIA Reader 0POWER01 00 00 00
    
    Error: (04/22/2016 08:02:38 PM) (Source: SCardSvr) (EventID: 610) (User: )
    Description: Die Smartcard konnte nicht zurückgesetzt werden.O2Micro PCMCIA Reader 0POWER01 00 00 00
    
    Error: (04/22/2016 08:02:36 PM) (Source: SCardSvr) (EventID: 610) (User: )
    Description: Die Smartcard konnte nicht zurückgesetzt werden.O2Micro PCMCIA Reader 0POWER01 00 00 00
    
    Error: (04/22/2016 08:01:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
    
    Error: (04/22/2016 03:15:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Dienst "AVM IGD CTRL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
    
    Error: (04/22/2016 02:03:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
    
    Error: (04/22/2016 12:06:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Dienst "AVM IGD CTRL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
    
    Error: (04/21/2016 08:22:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
    
    Error: (04/20/2016 09:49:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
    
    Error: (04/20/2016 05:47:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Dienst "AVM IGD CTRL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
    
    
    ==================== Memory info =========================== 
    
    Processor: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz
    Prozentuale Nutzung des RAM: 71%
    Installierter physikalischer RAM: 3023.87 MB
    Verfügbarer physikalischer RAM: 857.95 MB
    Summe virtueller Speicher: 6046.07 MB
    Verfügbarer virtueller Speicher: 2892.07 MB
    
    ==================== Laufwerke ================================
    
    Drive c: () (Fixed) (Total:142.23 GB) (Free:52.54 GB) NTFS
    Drive d: () (Fixed) (Total:323.43 GB) (Free:247.63 GB) NTFS
    Drive e: (DATA) (Fixed) (Total:232.88 GB) (Free:3.03 GB) NTFS
    
    ==================== MBR & Partitionstabelle ==================
    
    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 43ED5D1E)
    Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
    
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 97CAB5A0)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=142.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=323.4 GB) - (Type=07 NTFS)
    
    ==================== Ende vom Addition.txt ============================
             

Alt 22.04.2016, 21:39   #8
goro11
 
Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\" - Standard

Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\"



  • FRST
    Code:
    ATTFilter
    Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:17-04-2016
    durchgeführt von Sascha (Administrator) auf SASCHA-PC (22-04-2016 21:40:31)
    Gestartet von C:\Users\Sascha\Desktop
    Geladene Profile: Sascha &  (Verfügbare Profile: Sascha & IWB)
    Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
    Internet Explorer Version 11 (Standard-Browser: FF)
    Start-Modus: Normal
    Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    
    ==================== Prozesse (Nicht auf der Ausnahmeliste) =================
    
    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
    
    (AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
    (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
    (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (Authentec Inc.) C:\Program Files\Protector Suite\upeksvr.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    (Fujitsu Technology Solutions) C:\Program Files\Fujitsu\DeskView\Common\FscHMCfg.exe
    (AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
    (Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
    (Nitro PDF Software) D:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
    (Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    (FUJITSU LIMITED) C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    (Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    () C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
    (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    () C:\Program Files\Rainlendar2\Rainlendar2.exe
    (Microsoft Corporation) C:\Users\Sascha\AppData\Local\Snip\Snip.exe
    (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
    (Dropbox, Inc.) C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Wacom Technology, Corp.) C:\Windows\System32\WTablet\Pen_TabletUser.exe
    (Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
    (Nitro PDF Software) D:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
    (Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Sierra Wireless, Inc.) C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\usrreq.exe
    
    
    ==================== Registry (Nicht auf der Ausnahmeliste) ===========================
    
    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
    
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7703072 2009-08-05] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
    HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [764528 2016-03-10] (Avira Operations GmbH & Co. KG)
    HKLM\...\Run: [IndicatorUtility] => C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47464 2009-06-22] (FUJITSU LIMITED)
    HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975760 2015-11-03] (Cisco Systems, Inc.)
    HKLM\...\Run: [FUJ02B1_Apps] => C:\Program Files\Fujitsu\FUJ02B1\CheckBatteryPack.exe [366376 2016-03-17] (FUJITSU LIMITED)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
    Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll [2012-10-23] (Authentec Inc.)
    HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [FRITZ!protect] => FwebProt.exe
    HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> 
    HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
    HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Run: [Dropbox Update] => C:\Users\Sascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
    HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Run: [Snip] => C:\Users\Sascha\AppData\Local\Snip\Snip.exe [1713312 2015-10-19] (Microsoft Corporation)
    HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50676864 2016-03-01] (Skype Technologies S.A.)
    HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\MountPoints2: {0cebd7cc-ce8f-11e2-b157-00a0d5ffffa5} - F:\Startme.exe
    HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\MountPoints2: {50d5c9c3-7f73-11e4-b352-001742fd5e4f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\autorun.exe /auto
    HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\MountPoints2: {f690ec43-7c86-11e4-b1bc-fc6fd48a52bd} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\autorun.exe /auto
    HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\MountPoints2: {fb8e2f6d-7ebc-11e4-9153-001742fd5e4f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\autorun.exe /auto
    HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\MountPoints2: {fb8e3063-7ebc-11e4-9153-001742fd5e4f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\autorun.exe /auto
    HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
    HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\Sascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
    HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Snip] => C:\Users\Sascha\AppData\Local\Snip\Snip.exe [1713312 2015-10-19] (Microsoft Corporation)
    HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50676864 2016-03-01] (Skype Technologies S.A.)
    HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0cebd7cc-ce8f-11e2-b157-00a0d5ffffa5} - F:\Startme.exe
    HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {50d5c9c3-7f73-11e4-b352-001742fd5e4f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\autorun.exe /auto
    HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f690ec43-7c86-11e4-b1bc-fc6fd48a52bd} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\autorun.exe /auto
    HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {fb8e2f6d-7ebc-11e4-9153-001742fd5e4f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\autorun.exe /auto
    HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {fb8e3063-7ebc-11e4-9153-001742fd5e4f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\autorun.exe /auto
    HKU\S-1-5-18\...\Run: [FRITZ!protect] => FwebProt.exe
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
    Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll
    ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => D:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sascha\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite\farchns.dll [2012-10-23] (Authentec Inc.)
    ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite\farchns.dll [2012-10-23] (Authentec Inc.)
    Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe - Verknüpfung.lnk [2013-11-22]
    ShortcutTarget: ctfmon.exe - Verknüpfung.lnk -> C:\Windows\System32\ctfmon.exe (Microsoft Corporation)
    Startup: C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-16]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Sascha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    
    ==================== Internet (Nicht auf der Ausnahmeliste) ====================
    
    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
    
    Winsock: Catalog5 01 C:\Windows\system32\NLAapi.dll [52224 2012-10-03] (Microsoft Corporation) ACHTUNG: LibraryPath sollte sein "C:\Windows)\system32\NLAapi.dll"
    Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{69767269-0577-45C1-88DC-B1D78DE44DAF}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{AB78458C-7E79-49A8-8741-7B110BCDCC40}: [NameServer] 62.134.11.4 195.182.110.132塚BḈ¿ↅ䍟謓並BḈ¿
    
    Internet Explorer:
    ==================
    HKU\S-1-5-21-2186534646-70022557-530426099-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
    HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> D:\Program Files\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
    BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation)
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-09-05] (Adobe Systems Incorporated)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-09-05] (Adobe Systems Incorporated)
    BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-09-05] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-2186534646-70022557-530426099-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-09-05] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-09-05] (Adobe Systems Incorporated)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-03-18] (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
    
    FireFox:
    ========
    FF ProfilePath: C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094
    FF Homepage: hxxp://www.google.de
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> E:\Program Files\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
    FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin: @nitropdf.com/NitroPDF -> D:\Program Files\Nitro\Pro 8\npnitromozilla.dll [2013-05-27] (Nitro PDF)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC 0.8.6\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: Adobe Acrobat -> D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2013-09-26] (Adobe Systems Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-2186534646-70022557-530426099-1000: @torrentstream.net/tsplugin,version=2.0.8.11.1 -> C:\Users\Sascha\AppData\Roaming\TorrentStream\player\npts_plugin.dll [2014-04-25] (Innovative Digital Technologies)
    FF Plugin HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @torrentstream.net/tsplugin,version=2.0.8.11.1 -> C:\Users\Sascha\AppData\Roaming\TorrentStream\player\npts_plugin.dll [2014-04-25] (Innovative Digital Technologies)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll [2014-01-09] (Dassault Systèmes SolidWorks Corp.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-04-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-04-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-04-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-04-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-04-24] (Apple Inc.)
    FF Extension: Adobe Acrobat - Create PDF - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-12-02] [ist nicht signiert]
    FF Extension: Web Developer - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2015-07-12]
    FF Extension: NoScript - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-07]
    FF Extension: DownThemAll! AntiContainer - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094\extensions\anticontainer@downthemall.net.xpi [2016-04-15]
    FF Extension: DownThemAll! - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-04-15]
    FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094\Extensions\elemhidehelper@adblockplus.org.xpi [2016-02-18]
    FF Extension: uBlock Origin - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094\Extensions\uBlock0@raymondhill.net.xpi [2016-04-07]
    FF Extension: Adblock Plus - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\3bkhj32i.default-1436688253094\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
    FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-01] [ist nicht signiert]
    FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
    FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-04-01] [ist nicht signiert]
    FF HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\Sascha\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org
    FF Extension: TS Magic Player - C:\Users\Sascha\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org [2015-03-04] [ist nicht signiert]
    FF HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files\Internet Download Manager\idmmzcc2.xpi
    FF Extension: IDM integration - D:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-03-10]
    FF HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Sascha\AppData\Roaming\IDM\idmmzcc5
    FF Extension: IDM CC - C:\Users\Sascha\AppData\Roaming\IDM\idmmzcc5 [2016-04-16] [ist nicht signiert]
    FF HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files\Internet Download Manager\idmmzcc2.xpi
    FF HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\Sascha\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org
    FF HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files\Internet Download Manager\idmmzcc2.xpi
    FF HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Sascha\AppData\Roaming\IDM\idmmzcc5
    FF HKU\S-1-5-21-2186534646-70022557-530426099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files\Internet Download Manager\idmmzcc2.xpi
    
    Chrome: 
    =======
    CHR Profile: C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Web Developer) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2015-05-27]
    CHR Extension: (kimono) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoaddaobnieaecelinfdllcgdehimih [2016-04-14]
    CHR Extension: (Adobe Acrobat) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-12]
    CHR Extension: (AdBlock) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-17]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-12]
    CHR Extension: (IDM Integration Module) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-04-14]
    CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
    CHR Extension: (Citavi Picker) - C:\Users\Sascha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2015-11-02]
    CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-09-05]
    CHR HKLM\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - D:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-02-11]
    CHR HKLM\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - D:\Program Files\Citavi 4\Pickers\Chrome\ChromePicker.crx [2014-02-07]
    
    Opera: 
    =======
    StartMenuInternet: (HKLM) Opera - D:\Program Files\Opera\Opera.exe
    
    ==================== Dienste (Nicht auf der Ausnahmeliste) ========================
    
    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
    
    S3 ActivControl; C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe [21328 2013-04-25] (Promethean)
    S3 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [593376 2013-04-11] (Intel Corporation)
    R2 AntiVirFireWallService; C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe [1055488 2016-03-10] (Avira Operations GmbH & Co. KG)
    R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [856760 2016-03-10] (Avira Operations GmbH & Co. KG)
    R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [463720 2016-03-10] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [463720 2016-03-10] (Avira Operations GmbH & Co. KG)
    R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1043664 2016-03-10] (Avira Operations GmbH & Co. KG)
    R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1807608 2009-07-31] (AuthenTec, Inc.)
    S3 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104240 2012-09-12] (Intel(R) Corporation)
    S3 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
    S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [76328 2014-01-11] (Dassault Systèmes SolidWorks Corp.)
    S3 eBeam Device Service; C:\Program Files\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe [180224 2013-06-05] (Luidia, Inc.) [Datei ist nicht signiert]
    S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1074480 2014-06-28] (Flexera Software LLC)
    R2 FscHmCfg; C:\Program Files\Fujitsu\DeskView\Common\FscHMCfg.exe [150656 2012-11-13] (Fujitsu Technology Solutions)
    R2 HPSLPSVC; C:\Users\Sascha\AppData\Local\Temp\7zS38EB\hpslpsvc32.dll [701288 2013-02-06] (Hewlett-Packard Co.)
    R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [73528 2009-07-28] (AVM Berlin)
    S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files\Microsoft Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
    S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [242928 2013-04-18] ()
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
    R2 NitroDriverReadSpool8; D:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe [196616 2013-05-27] (Nitro PDF Software)
    R2 NitroDriverReadSpool9; D:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2013-11-12] (Nitro PDF Software)
    S3 NovacomD; C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe [61440 2011-06-24] (Palm) [Datei ist nicht signiert]
    S3 O2Flash; C:\Windows\system32\o2flash.exe [65536 2007-02-12] (O2Micro International) [Datei ist nicht signiert]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
    R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [62824 2009-07-27] (FUJITSU LIMITED)
    S3 RemoteSolverDispatcher; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [191112 2014-01-10] (Mentor Graphics Corporation) [Datei ist nicht signiert]
    R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [135176 2015-02-18] (Sandboxie Holdings, LLC)
    S3 SMARTHelperService; C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe [538928 2014-05-29] (SMART Technologies)
    S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-11-01] (SolidWorks) [Datei ist nicht signiert]
    R2 SwiCardDetectSvc; C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe [238960 2010-12-02] (Sierra Wireless, Inc.)
    R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
    S3 TomTomHOMEService; D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-08-27] (TomTom)
    S3 UDisk Monitor Z5 Phone; C:\Program Files\Android_USB_Driver_Z\Bin\MonServiceUDisk.exe [585416 2013-11-18] ()
    R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-08-04] (Intel Corporation)
    S3 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [111488 2009-10-12] (CSR, plc)
    R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [579984 2015-11-03] (Cisco Systems, Inc.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
    R2 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62760 2008-10-09] ()
    S3 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2532592 2013-04-18] (Intel® Corporation)
    
    ===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
    
    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
    
    S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [109248 2015-11-03] (Cisco Systems, Inc.)
    S3 ACTIVhidmini; C:\Windows\System32\DRIVERS\ACTIVhidmini.sys [87296 2012-10-30] (Promethean Technologies Ltd)
    R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [112608 2013-04-11] (Windows (R) Win 7 DDK provider)
    S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [112608 2013-04-11] (Windows (R) Win 7 DDK provider)
    R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [92448 2014-08-15] (Avira GmbH)
    R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [113024 2014-08-15] (Avira GmbH)
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [109016 2016-03-10] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136272 2016-03-10] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-08-15] (Avira Operations GmbH & Co. KG)
    R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [105728 2013-06-06] (AVM Berlin)
    R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-10] (Avira Operations GmbH & Co. KG)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-06-06] (DT Soft Ltd)
    S3 eapihdrv; C:\Users\Sascha\AppData\Local\Temp\ehdrv.sys [135760 2016-04-20] (ESET)
    R3 FjBtnDrv; C:\Windows\System32\DRIVERS\FjBtnDrv.sys [18816 2009-08-27] (Fujitsu America, Inc.)
    R0 FJGSDisk; C:\Windows\System32\DRIVERS\FJGSDisk.sys [12712 2013-06-06] (FUJITSU LIMITED)
    R2 FJSPA; C:\Program Files\Fujitsu\FJSPA\FJSPA.sys [17712 2006-12-07] (FUJITSU LIMITED)
    R3 FlashDrv; C:\Windows\System32\DRIVERS\FlashDrv.sys [22344 2012-11-13] (Fujitsu Technology Solutions)
    R3 FscCmos; C:\Windows\System32\DRIVERS\FscCmos.sys [17224 2012-11-13] (Fujitsu Technology Solutions)
    R3 FscCpuid; C:\Windows\System32\DRIVERS\FscCpuid.sys [18248 2012-11-13] (Fujitsu Technology Solutions)
    R3 FscEfDmi; C:\Windows\System32\DRIVERS\FscEfDmi.sys [18760 2012-11-13] (Fujitsu Technology Solutions)
    R3 FscGabi; C:\Windows\System32\DRIVERS\FscGabi.sys [21064 2012-11-13] (Fujitsu Technology Solutions)
    R3 FscTime; C:\Windows\System32\DRIVERS\FscTime.sys [20296 2012-11-13] (Fujitsu Technology Solutions)
    R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [48552 2016-03-17] (FUJITSU LIMITED)
    S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [42592 2014-08-25] (hxxp://libusb-win32.sourceforge.net)
    R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7523840 2012-01-23] (Intel Corporation)
    R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc.)
    R3 O2SCBUS; C:\Windows\System32\DRIVERS\ozscr.sys [102560 2009-05-15] (O2Micro)
    S3 prmvmouse; C:\Windows\System32\DRIVERS\activmouse.sys [6656 2012-10-30] (Promethean Technologies Ltd)
    S3 s1029bus; C:\Windows\System32\DRIVERS\s1029bus.sys [90280 2009-05-25] (MCCI Corporation)
    S3 s1029mdfl; C:\Windows\System32\DRIVERS\s1029mdfl.sys [15016 2009-05-25] (MCCI Corporation)
    S3 s1029mdm; C:\Windows\System32\DRIVERS\s1029mdm.sys [122280 2009-05-25] (MCCI Corporation)
    S3 s1029mgmt; C:\Windows\System32\DRIVERS\s1029mgmt.sys [115880 2009-05-25] (MCCI Corporation)
    S3 s1029nd5; C:\Windows\System32\DRIVERS\s1029nd5.sys [26024 2009-05-25] (MCCI Corporation)
    S3 s1029obex; C:\Windows\System32\DRIVERS\s1029obex.sys [111912 2009-05-25] (MCCI Corporation)
    S3 s1029unic; C:\Windows\System32\DRIVERS\s1029unic.sys [116904 2009-05-25] (MCCI Corporation)
    R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161288 2015-02-18] (Sandboxie Holdings, LLC)
    R3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [8192 2014-05-29] (SMART Technologies)
    R3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [7680 2014-05-29] (SMART Technologies)
    S3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [15872 2014-05-29] (SMART Technologies ULC)
    R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [27696 2015-06-22] (Avira Operations GmbH & Co. KG)
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13368 2015-12-26] (SlimWare Utilities, Inc.)
    S3 swiwdmbus; C:\Windows\System32\DRIVERS\swiwdmbus.sys [82048 2010-11-16] (Sierra Wireless Inc.)
    S3 SWNC8U3C; C:\Windows\System32\DRIVERS\swnc8u3C.sys [231936 2010-11-16] (Sierra Wireless Inc.)
    S3 SWUMX3C; C:\Windows\System32\DRIVERS\swumx3C.sys [156672 2010-11-16] (Sierra Wireless Inc.)
    R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
    R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [977024 2009-08-25] (Vimicro Corporation)
    S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-08-15] (Cisco Systems, Inc.)
    R3 vvftav323; C:\Windows\System32\drivers\vvftav323.sys [475136 2007-03-19] (Vimicro Corporation)
    R3 WISDPen; C:\Windows\System32\DRIVERS\wisdpen.sys [36648 2009-08-24] (Wacom Technology)
    S3 FscBapi; system32\DRIVERS\FscBapi.sys [X]
    S3 OemF0211; system32\DRIVERS\OemF0211.sys [X]
    S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]
    S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
    S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
    
    ==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
    
    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
    
    
    ==================== Ein Monat: Erstellte Dateien und Ordner ========
    
    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
    
    2016-04-22 21:40 - 2016-04-22 21:42 - 00036441 _____ C:\Users\Sascha\Desktop\FRST.txt
    2016-04-22 21:39 - 2016-04-22 21:39 - 00001206 _____ C:\Users\Sascha\Desktop\MBAB.txt
    2016-04-21 20:32 - 2016-04-21 20:32 - 00000000 ____D C:\Program Files\Common Files\Java
    2016-04-21 06:20 - 2016-04-21 06:20 - 00002616 _____ C:\Users\Sascha\Desktop\Eset-log.txt
    2016-04-20 22:38 - 2016-04-20 22:38 - 00000000 ____D C:\Program Files\ESET
    2016-04-20 22:36 - 2016-04-20 22:36 - 00003716 _____ C:\Users\Sascha\Desktop\AdwCleaner[S1].txt
    2016-04-20 22:12 - 2016-04-20 22:15 - 00000000 ____D C:\AdwCleaner
    2016-04-20 22:10 - 2016-04-20 22:10 - 02870984 _____ (ESET) C:\Users\Sascha\Desktop\esetsmartinstaller_deu.exe
    2016-04-20 22:09 - 2016-04-20 22:09 - 03683904 _____ C:\Users\Sascha\Desktop\AdwCleaner_5.112.exe
    2016-04-20 18:30 - 2016-04-20 18:30 - 00045605 _____ C:\Users\Sascha\Desktop\TDSSKiller.3.1.0.9_20.04.2016_18.03.27_log.7z
    2016-04-20 18:03 - 2016-04-20 18:27 - 00252280 _____ C:\TDSSKiller.3.1.0.9_20.04.2016_18.03.27_log.txt
    2016-04-20 17:41 - 2016-04-20 17:41 - 00000079 _____ C:\Windows\wininit.ini
    2016-04-18 13:52 - 2016-04-18 14:00 - 00253194 _____ C:\TDSSKiller.3.1.0.9_18.04.2016_13.52.20_log.txt
    2016-04-18 13:50 - 2016-04-18 13:50 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Sascha\Desktop\tdsskiller.exe
    2016-04-18 10:10 - 2016-04-18 10:11 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Sascha\Desktop\mbar-1.09.3.1001.exe
    2016-04-18 09:21 - 2016-04-18 09:21 - 00023336 _____ C:\Users\Sascha\Desktop\Ereignisse.txt
    2016-04-18 08:47 - 2016-04-22 21:40 - 00000000 ____D C:\FRST
    2016-04-18 08:42 - 2016-04-18 08:42 - 01726464 _____ (Farbar) C:\Users\Sascha\Desktop\FRST.exe
    2016-04-17 22:41 - 2016-04-17 22:41 - 00001892 _____ C:\Users\Sascha\Desktop\Ad-Aware_Report_Full_Manual_2016-04-17T22-30-36.318465.xml
    2016-04-16 16:08 - 2016-03-31 20:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-04-16 16:08 - 2016-03-31 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2016-04-16 16:08 - 2016-03-31 02:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2016-04-16 16:08 - 2016-03-31 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2016-04-16 16:08 - 2016-03-31 01:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2016-04-16 16:08 - 2016-03-31 01:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2016-04-16 16:08 - 2016-03-31 01:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2016-04-16 16:08 - 2016-03-31 01:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-04-16 16:08 - 2016-03-31 01:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2016-04-16 16:08 - 2016-03-31 01:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2016-04-16 16:08 - 2016-03-31 01:45 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2016-04-16 16:08 - 2016-03-31 01:41 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2016-04-16 16:08 - 2016-03-31 01:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2016-04-16 16:08 - 2016-03-31 01:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2016-04-16 16:08 - 2016-03-31 01:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2016-04-16 16:08 - 2016-03-31 01:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2016-04-16 16:08 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-04-16 16:08 - 2016-03-31 01:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2016-04-16 16:08 - 2016-03-31 01:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-04-16 16:08 - 2016-03-31 01:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-04-16 16:08 - 2016-03-31 01:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-04-16 16:08 - 2016-03-31 01:23 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-04-16 16:08 - 2016-03-31 01:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-04-16 16:08 - 2016-03-31 01:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-04-16 16:08 - 2016-03-31 01:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-04-16 16:08 - 2016-03-31 01:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-04-16 16:07 - 2016-03-31 02:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-04-16 16:07 - 2016-03-31 01:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-04-16 16:07 - 2016-03-31 01:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2016-04-16 16:07 - 2016-03-31 01:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2016-04-16 16:07 - 2016-03-31 01:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-04-16 16:07 - 2016-03-31 01:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-04-16 16:07 - 2016-03-31 01:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-04-16 16:07 - 2016-03-31 01:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-04-16 16:07 - 2016-03-31 01:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2016-04-16 16:07 - 2016-03-11 20:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2016-04-16 13:10 - 2016-03-18 00:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2016-04-16 13:10 - 2016-03-18 00:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-04-16 13:10 - 2016-03-18 00:36 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-04-16 13:10 - 2016-03-18 00:36 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-04-16 13:10 - 2016-03-18 00:33 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-04-16 13:10 - 2016-03-18 00:30 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2016-04-16 13:10 - 2016-03-18 00:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-04-16 13:10 - 2016-03-18 00:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2016-04-16 13:10 - 2016-03-18 00:30 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-04-16 13:10 - 2016-03-18 00:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-04-16 13:10 - 2016-03-18 00:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2016-04-16 13:10 - 2016-03-18 00:29 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-04-16 13:10 - 2016-03-18 00:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-04-16 13:10 - 2016-03-18 00:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2016-04-16 13:10 - 2016-03-18 00:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2016-04-16 13:10 - 2016-03-18 00:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-04-16 13:10 - 2016-03-18 00:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2016-04-16 13:10 - 2016-03-18 00:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-04-16 13:10 - 2016-03-18 00:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-04-16 13:10 - 2016-03-18 00:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-04-16 13:10 - 2016-03-18 00:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-04-16 13:10 - 2016-03-18 00:26 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-04-16 13:10 - 2016-03-18 00:26 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2016-04-16 13:10 - 2016-03-18 00:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-04-16 13:10 - 2016-03-18 00:26 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2016-04-16 13:10 - 2016-03-18 00:25 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2016-04-16 13:10 - 2016-03-18 00:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-17 23:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2016-04-16 13:10 - 2016-03-17 23:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2016-04-16 13:10 - 2016-03-17 23:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2016-04-16 13:10 - 2016-03-17 23:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2016-04-16 13:10 - 2016-03-17 23:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-04-16 13:10 - 2016-03-17 23:36 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2016-04-16 13:10 - 2016-03-17 23:35 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2016-04-16 13:10 - 2016-03-17 23:30 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-04-16 13:10 - 2016-03-17 23:30 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-04-16 13:10 - 2016-03-17 23:30 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-04-16 13:10 - 2016-03-17 23:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2016-04-16 13:10 - 2016-03-17 23:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-04-16 13:10 - 2016-03-17 23:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-04-16 13:10 - 2016-03-17 23:29 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-04-16 13:10 - 2016-03-17 23:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-17 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-17 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-04-16 13:10 - 2016-03-17 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2016-04-16 13:08 - 2016-03-06 20:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2016-04-16 13:08 - 2016-03-06 20:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2016-04-16 13:04 - 2016-03-29 19:35 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-04-16 13:03 - 2016-04-16 13:03 - 00000000 ____D C:\Program Files\Lavasoft
    2016-04-16 12:58 - 2016-04-16 12:58 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-04-15 01:24 - 2016-03-16 01:53 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
    2016-04-15 01:24 - 2016-03-16 01:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
    2016-04-14 00:18 - 2016-04-14 00:18 - 01695703 _____ C:\Users\Sascha\Desktop\1366_269-13.pdf
    2016-04-12 21:36 - 2016-04-13 09:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2016-04-11 17:02 - 2016-04-11 17:02 - 61815001 _____ C:\Users\Sascha\Desktop\d9722cf018848242e0bb565de93b5dc1.mp4
    2016-04-11 16:46 - 2016-04-16 13:52 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\IDM
    2016-04-11 16:46 - 2016-04-11 16:46 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    2016-04-11 16:46 - 2016-04-11 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    2016-04-11 16:42 - 2016-04-11 16:42 - 00000000 ____D C:\Users\Sascha\Desktop\IDM_6.25_Build_14_Fix_exe___Serials
    2016-04-10 22:08 - 2016-04-10 22:08 - 00000000 ____D C:\php
    2016-04-10 22:07 - 2016-04-10 22:07 - 21790696 _____ C:\Users\Sascha\Desktop\php-7.0.5-nts-Win32-VC14-x86.zip
    2016-04-05 11:47 - 2016-03-25 20:36 - 00034024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-04-05 11:47 - 2016-03-25 20:25 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-04-05 11:47 - 2016-03-23 16:02 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-04-05 11:47 - 2016-03-23 16:02 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2016-04-05 11:47 - 2016-03-17 20:04 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-04-05 11:47 - 2016-03-17 20:04 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-04-05 11:47 - 2016-03-17 20:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-04-05 11:47 - 2016-03-17 20:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-04-05 11:47 - 2016-02-02 20:48 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
    2016-04-05 11:47 - 2016-02-01 21:02 - 00105408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2016-04-05 11:47 - 2016-02-01 20:49 - 02364928 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2016-04-05 11:47 - 2016-02-01 20:49 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2016-04-05 11:47 - 2016-02-01 20:49 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2016-04-05 11:47 - 2016-02-01 20:45 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-04-05 11:47 - 2016-02-01 20:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2016-04-05 11:47 - 2016-01-21 02:51 - 00057280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
    2016-04-05 11:46 - 2016-02-05 20:44 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
    2016-04-05 11:46 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
    2016-04-05 11:46 - 2015-06-03 22:22 - 00355456 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
    2016-04-05 11:33 - 2016-04-05 11:33 - 00000000 ____D C:\Program Files\Common Files\Skype
    2016-03-24 12:48 - 2016-03-24 12:48 - 01474560 _____ C:\Users\Sascha\Desktop\vmscsi-1.2.0.4.flp
    2016-03-24 12:12 - 2016-04-12 00:27 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\VMware
    2016-03-24 12:12 - 2016-04-10 22:31 - 00000000 ____D C:\Users\Sascha\AppData\Local\VMware
    2016-03-24 12:03 - 2016-04-12 00:33 - 00000000 ____D C:\ProgramData\VMware
    2016-03-24 12:03 - 2016-04-12 00:33 - 00000000 ____D C:\Program Files\Common Files\VMware
    2016-03-23 23:44 - 2016-03-23 23:44 - 00000000 ____D C:\ProgramData\Dell
    2016-03-23 20:27 - 2009-07-21 01:48 - 00485920 _____ (NVIDIA Corporation) C:\Windows\system32\NVUNINST.EXE
    2016-03-23 19:17 - 2016-04-18 08:19 - 00000000 ____D C:\Users\Sascha\Desktop\VMware-convertercd-4.1.1-206170
    
    ==================== Ein Monat: Geänderte Dateien und Ordner ========
    
    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
    
    2016-04-22 21:42 - 2013-06-06 11:18 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Skype
    2016-04-22 21:39 - 2014-01-17 19:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-04-22 21:01 - 2015-06-16 09:50 - 00001228 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2186534646-70022557-530426099-1000UA.job
    2016-04-22 20:53 - 2014-11-29 16:00 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-04-22 20:12 - 2009-07-14 06:34 - 00022048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-04-22 20:12 - 2009-07-14 06:34 - 00022048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-04-22 20:04 - 2015-08-30 21:27 - 00323599 _____ C:\Users\Sascha\AppData\Local\Snip.txt
    2016-04-22 19:59 - 2015-10-28 12:47 - 00215160 _____ C:\Users\Sascha\AppData\Local\SnipUsages.txt
    2016-04-22 19:59 - 2013-10-14 14:47 - 00000000 ____D C:\Users\Sascha\.rainlendar2
    2016-04-22 19:59 - 2013-06-11 17:55 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\WTablet
    2016-04-22 19:58 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-04-21 20:36 - 2013-12-14 00:43 - 00000000 ____D C:\ProgramData\Oracle
    2016-04-21 20:32 - 2016-01-16 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-04-21 20:32 - 2014-10-30 19:08 - 00000000 ____D C:\Program Files\Java
    2016-04-21 20:31 - 2016-01-16 16:02 - 00000000 ____D C:\Users\Sascha\.oracle_jre_usage
    2016-04-21 20:30 - 2016-01-16 16:02 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2016-04-21 04:38 - 2015-06-13 20:45 - 00000000 ____D C:\Windows\rescache
    2016-04-20 18:28 - 2013-06-05 22:58 - 00000000 ____D C:\Users\Sascha\AppData\Local\VirtualStore
    2016-04-20 17:48 - 2013-12-03 14:29 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
    2016-04-20 17:41 - 2013-12-03 14:29 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2016-04-20 01:24 - 2013-06-06 18:37 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\vlc
    2016-04-19 23:00 - 2013-06-06 09:33 - 00000000 ____D C:\Users\Sascha\AppData\Local\Deployment
    2016-04-19 22:53 - 2016-02-04 15:18 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Kodi
    2016-04-18 23:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
    2016-04-18 10:20 - 2013-06-09 09:27 - 00003268 _____ C:\Windows\Sandboxie.ini
    2016-04-18 10:01 - 2015-06-16 09:50 - 00001176 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2186534646-70022557-530426099-1000Core.job
    2016-04-18 09:09 - 2014-11-29 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
    2016-04-18 09:09 - 2014-11-29 15:59 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
    2016-04-18 08:24 - 2015-09-25 22:13 - 00000000 ____D C:\Users\Sascha\Desktop\Family
    2016-04-18 08:22 - 2015-09-25 22:06 - 00000000 ____D C:\Users\Sascha\Desktop\Rechnungen + Reisen
    2016-04-18 08:21 - 2015-11-17 00:21 - 00000000 ____D C:\Users\Sascha\Desktop\Work
    2016-04-18 08:21 - 2015-06-08 13:52 - 00000000 ____D C:\Users\Sascha\Desktop\Uni
    2016-04-17 11:48 - 2011-04-12 03:30 - 00699342 _____ C:\Windows\system32\perfh007.dat
    2016-04-17 11:48 - 2011-04-12 03:30 - 00149450 _____ C:\Windows\system32\perfc007.dat
    2016-04-17 11:48 - 2010-11-20 23:01 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-04-17 11:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
    2016-04-17 11:42 - 2009-07-14 06:33 - 00489496 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-04-17 01:26 - 2015-01-26 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2016-04-16 14:27 - 2013-07-12 10:44 - 00000000 ____D C:\Windows\system32\MRT
    2016-04-16 14:13 - 2013-06-06 00:10 - 132539272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-04-16 14:08 - 2013-06-30 12:32 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\DMCache
    2016-04-16 12:59 - 2013-07-01 21:54 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Dropbox
    2016-04-15 01:16 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-04-13 09:49 - 2013-07-03 07:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2016-04-13 01:57 - 2013-07-01 11:41 - 00000000 ____D C:\Users\Sascha\.VirtualBox
    2016-04-13 00:32 - 2013-06-30 12:32 - 00000000 ____D C:\Users\Sascha\Downloads\Video
    2016-04-12 00:38 - 2013-06-06 22:30 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\DAEMON Tools Lite
    2016-04-11 23:01 - 2013-06-06 23:55 - 00000000 ____D C:\Windows\pss
    2016-04-11 22:32 - 2013-06-06 21:32 - 01952155 _____ C:\Users\Sascha\DesktopStCenter.txt
    2016-04-11 15:43 - 2015-06-27 11:11 - 00036218 _____ C:\Users\Sascha\Desktop\Geld zurück Aktionen_stand 27.06.xlsx
    2016-04-11 15:36 - 2015-08-30 21:27 - 00000000 ____D C:\Users\Sascha\Documents\My Snips
    2016-04-11 14:44 - 2013-06-12 09:04 - 00000000 ____D C:\Users\Sascha\AppData\Roaming\Nitro PDF
    2016-04-11 13:09 - 2015-06-24 01:12 - 00000000 ____D C:\Users\Sascha\Desktop\Coupons&Aktionen
    2016-04-10 13:37 - 2013-06-08 11:02 - 00000000 ____D C:\Users\Sascha\Desktop\scan
    2016-04-08 21:39 - 2013-12-15 14:28 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2016-04-08 21:39 - 2013-12-15 14:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2016-04-07 19:39 - 2016-02-05 23:13 - 00000405 ____H C:\Users\Sascha\.swfinfo
    2016-04-06 10:18 - 2014-09-10 17:55 - 00374944 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2016-04-05 13:30 - 2015-04-21 10:03 - 00000000 ____D C:\Windows\system32\appraiser
    2016-04-05 11:34 - 2013-06-06 11:18 - 00000000 ____D C:\ProgramData\Skype
    2016-04-05 11:33 - 2015-12-30 23:11 - 00000000 ___RD C:\Program Files\Skype
    2016-03-26 15:32 - 2016-03-16 11:03 - 00000000 ____D C:\Users\Sascha\Desktop\qipu
    2016-03-24 01:32 - 2014-08-25 09:55 - 00000628 __RSH C:\ProgramData\ntuser.pol
    2016-03-24 01:10 - 2013-06-10 14:56 - 00000000 ____D C:\WTablet
    2016-03-23 22:30 - 2014-11-01 10:48 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2016-03-23 19:03 - 2013-06-06 09:01 - 00134600 _____ C:\Users\Sascha\AppData\Local\GDIPFONTCACHEV1.DAT
    
    ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
    
    2013-06-06 09:02 - 2015-08-02 20:47 - 0003540 _____ () C:\Users\Sascha\AppData\Roaming\FjMenu1.XML
    2006-12-11 20:13 - 2006-12-11 20:13 - 0097336 _____ (Un4seen Developments) C:\Users\Sascha\AppData\Local\bass.dll
    2006-12-11 20:13 - 2006-12-11 20:13 - 0013872 _____ (Un4seen Developments) C:\Users\Sascha\AppData\Local\basscd.dll
    2007-08-13 18:46 - 2007-08-13 18:46 - 0102912 _____ (Albert L Faber) C:\Users\Sascha\AppData\Local\CDRip.dll
    2014-06-26 10:04 - 2014-06-26 10:04 - 0003909 ____H () C:\Users\Sascha\AppData\Local\cimiekki.ini
    2014-05-09 13:42 - 2016-01-04 02:42 - 0001194 _____ () C:\Users\Sascha\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
    2013-07-11 22:09 - 2013-07-11 22:19 - 0004608 _____ () C:\Users\Sascha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-12-01 18:54 - 2013-12-01 18:57 - 0004096 ____H () C:\Users\Sascha\AppData\Local\keyfile3.drm
    2007-08-13 18:46 - 2007-08-13 18:46 - 0155136 _____ () C:\Users\Sascha\AppData\Local\lame_enc.dll
    2007-01-18 22:09 - 2007-01-18 22:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\Sascha\AppData\Local\No23 Recorder.exe
    2005-08-23 23:34 - 2005-08-23 23:34 - 0029184 _____ () C:\Users\Sascha\AppData\Local\no23xwrapper.dll
    2006-10-26 02:06 - 2006-10-26 02:06 - 0015872 _____ () C:\Users\Sascha\AppData\Local\ogg.dll
    2013-12-22 21:37 - 2013-12-22 21:37 - 0001448 _____ () C:\Users\Sascha\AppData\Local\RecConfig.xml
    2015-10-01 15:04 - 2015-10-01 15:04 - 0002112 _____ () C:\Users\Sascha\AppData\Local\recently-used.xbel
    2015-08-30 21:27 - 2016-04-22 20:04 - 0323599 _____ () C:\Users\Sascha\AppData\Local\Snip.txt
    2015-10-28 12:47 - 2016-04-22 19:59 - 0215160 _____ () C:\Users\Sascha\AppData\Local\SnipUsages.txt
    2014-11-03 17:03 - 2014-12-01 21:58 - 0000000 _____ () C:\Users\Sascha\AppData\Local\Temptable.xml
    2006-10-26 02:06 - 2006-10-26 02:06 - 0143872 _____ () C:\Users\Sascha\AppData\Local\vorbis.dll
    2006-10-26 02:06 - 2006-10-26 02:06 - 0064000 _____ () C:\Users\Sascha\AppData\Local\vorbisenc.dll
    2006-10-26 02:06 - 2006-10-26 02:06 - 0019456 _____ () C:\Users\Sascha\AppData\Local\vorbisfile.dll
    2013-07-01 18:12 - 2013-09-14 14:26 - 0006947 _____ () C:\ProgramData\hpzinstall.log
    2014-10-07 23:13 - 2014-10-07 23:13 - 0000095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    
    Einige Dateien in TEMP:
    ====================
    C:\Users\IWB\AppData\Local\Temp\avgnt.exe
    C:\Users\Sascha\AppData\Local\Temp\avgnt.exe
    C:\Users\Sascha\AppData\Local\Temp\jre-8u91-windows-au.exe
    
    
    ==================== Bamital & volsnap =================
    
    (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
    
    C:\Windows\explorer.exe => Datei ist digital signiert
    C:\Windows\system32\winlogon.exe => Datei ist digital signiert
    C:\Windows\system32\wininit.exe => Datei ist digital signiert
    C:\Windows\system32\svchost.exe => Datei ist digital signiert
    C:\Windows\system32\services.exe => Datei ist digital signiert
    C:\Windows\system32\User32.dll => Datei ist digital signiert
    C:\Windows\system32\userinit.exe => Datei ist digital signiert
    C:\Windows\system32\rpcss.dll => Datei ist digital signiert
    C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
    C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
    
    
    LastRegBack: 2016-04-07 10:09
    
    ==================== Ende vom FRST.txt ============================
             
  • ESET-Online LOG (nur drüber gelaufen, reinigung skipped)
    Code:
    ATTFilter
    D:\MtkDroidTools_v2.52.zip	Mehrere Bedrohungen
    D:\MtkDroidTools_v252.exe	Mehrere Bedrohungen
    D:\SopCast-3.5.0.zip	Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung
    D:\MtkDroidTools\files\pwn	Android/Exploit.Lotoor.EP Trojaner
    D:\MtkDroidTools\files\zR	Android/Exploit.Lotoor.DH Trojaner
    D:\Program Files\SuperEasy Software\Driver Updater\supereasydu.exe	Variante von Win32/Systweak.H evtl. unerwünschte Anwendung
    E:\Internet Download Manager - CHIP-Downloader.exe	Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
    E:\Heli Handy\ZTE\root dir\TitaniumBackup_full\com.shinymobi.app.funweather-24991a9d6ec7dac3d0ad740fdc3d148a.apk.gz	Variante von Android/TrojanSMS.Agent.BSM Trojaner
    E:\Sascha\Datentraeger C\Users\Sascha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2UFUJUIG\anonym_to[1].htm	HTML/Refresh.BC Trojaner
    E:\Sascha\Datentraeger C\Users\Sascha\Desktop\Nero-9.4.12.3d_free.exe	Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung
    E:\Sascha\GOROS-PC\Backup Set 2009-10-07 112057\Backup Files 2009-10-07 112057\Backup files 82.zip	Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung
    E:\Sascha\GOROS-PC\Backup Set 2009-10-07 112057\Backup Files 2009-10-07 112057\Backup files 88.zip	Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung
             

Alt 24.04.2016, 23:02   #9
burningice
/// Malwareteam
 
Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\" - Standard

Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\"



Hast du noch irgendwelche Probleme mit deinem Rechner?
__________________
Mfg,
Rafael

~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~

Unterstütze uns mit einer Spende
......... Lob, Kritik oder Wünsche .........
.......... Folge uns auf Facebook ..........

Alt 29.04.2016, 22:02   #10
goro11
 
Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\" - Icon17

Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\"



Hallo Rafael!
Danke für deine Hilfe! Probleme habe ich mit dem PC keine, es ist nun beruhigend zu wissen, dass es falscher Alarm war.

Eine Frage hätte ich noch: was kann man aus den FRST und Addition Logs großartig auslesen, bzw. wie erkennt man die Schädlinge? Gibt es eine Anleitung um auf einen ähnlichen Stand zu kommen wie Ihr?

Grüüßee

Alt 30.04.2016, 19:48   #11
burningice
/// Malwareteam
 
Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\" - Standard

Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\"



eine Anleitung? *haha* das braucht bisschen mehr als eine Anleitung Es gibt eine Ausbildung dazu beispielsweise auf diesem Board.

Schritt: 0
Ich würde SuperEasy Driver Updater deinstallieren, es gilt als Potentiell Unerwünschtes Programm.

Deine "MtkDroidTools" werden als Trojaner angezeigt, ich kenne das Paket bzw. diesen Rooter zu wenig, um zu sagen, ob das ein false positiv ist, ich würde es jedenfalls so nicht verwenden und am besten löschen.

Die Datei unter "Heli Handy" Backup könnte darauf hindeuten, dass dieses Handy infiziert sein könnte. Außerdem sind deine Backups da aus 2009 auch nicht wirklich brauchbar mehr...

Schritt: 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\shlxthdl.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> D:\OpenOffice\INSTALLATION\program\soffice.exe -nodefault -nologo => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\shlxthdl.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\shlxthdl.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\ooofilt.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> D:\OpenOffice\INSTALLATION\program\soffice.exe -nodefault -nologo => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\propertyhdl.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> D:\OpenOffice\INSTALLATION\program\shlxthdl\shlxthdl.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> D:\OpenOffice\INSTALLATION\program\soffice.exe -nodefault -nologo => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> D:\OpenOffice\INSTALLATION\program\soffice.exe -nodefault -nologo => Keine Datei
CustomCLSID: HKU\S-1-5-21-2186534646-70022557-530426099-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> D:\OpenOffice\INSTALLATION\program\soffice.exe -nodefault -nologo => Keine Datei
hosts:
cmd: netsh firewall set opmode enable 
StandardProfile\AuthorizedApplications: [C:\Users\Sascha\AppData\Local\Temp\RarSFX0\SwiApiMux.exe] => Enabled:SwiApiMux
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\MountPoints2: {0cebd7cc-ce8f-11e2-b157-00a0d5ffffa5} - F:\Startme.exe
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\MountPoints2: {50d5c9c3-7f73-11e4-b352-001742fd5e4f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\autorun.exe /auto
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\MountPoints2: {f690ec43-7c86-11e4-b1bc-fc6fd48a52bd} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\autorun.exe /auto
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\MountPoints2: {fb8e2f6d-7ebc-11e4-9153-001742fd5e4f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\autorun.exe /auto
HKU\S-1-5-21-2186534646-70022557-530426099-1000\...\MountPoints2: {fb8e3063-7ebc-11e4-9153-001742fd5e4f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\autorun.exe /auto
Tcpip\..\Interfaces\{AB78458C-7E79-49A8-8741-7B110BCDCC40}: [NameServer] 62.134.11.4 195.182.110.132塚BḈ¿ↅ䍟謓並BḈ¿
FF NetworkProxy: "type", 0
emptytemp:
createrestorepoint:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt: 3
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.
__________________
Mfg,
Rafael

~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~

Unterstütze uns mit einer Spende
......... Lob, Kritik oder Wünsche .........
.......... Folge uns auf Facebook ..........

Antwort

Themen zu Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\"
ad-aware, adaware, antivir, antivirus, avira, coupons, defender, desktop, dnsapi.dll, dsl, flash player, frage, geld, homepage, internet, malware, monitor, mozilla, programm, realtek, registry, rundll, scan, services.exe, sierra, svchost.exe, temp ordner, ublock, ublock origin, usb, virus, windows



Ähnliche Themen: Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\"


  1. mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"
    Log-Analyse und Auswertung - 20.02.2016 (51)
  2. Fehlerhinweis "Ungültiges Bild" unter WINDOWS 7: "C:\PROGRA~2\SEARCH~2\SEARCH~1\bin\VC32LO~1.DLL" +
    Log-Analyse und Auswertung - 19.04.2015 (9)
  3. "TR/Dldr.Agent.1169920.4 in c:\windows\temp\db22.exe" & "ADWARE\InstallCore.771128 in c:\Users\Julian\Downloads\openal-2.0.7.0.exe"
    Plagegeister aller Art und deren Bekämpfung - 26.01.2015 (9)
  4. Windows 7, nach "netstat" mehrere fremde Remoteadressen erkannt, Trojaner?
    Log-Analyse und Auswertung - 03.06.2014 (7)
  5. Ständiger wiederkehrender Maleware Fund "Trojan.Win32.Vague.cg" in C:\Windows\Temp\41560_updater.exe
    Plagegeister aller Art und deren Bekämpfung - 27.05.2014 (19)
  6. Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.04.2014 (77)
  7. Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAM
    Log-Analyse und Auswertung - 22.08.2013 (19)
  8. TR/Boigy.J wird von Antivir in "C:\WINDOWS\Temp\*jedes mal eine andere Datei*\plugin.dll" gefunden
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (9)
  9. "JS: pdfka-gen [Expl]" in "C:\Users\***\AppData\Local\Temp\plugtmp-44\plugin-dare.php"
    Log-Analyse und Auswertung - 19.03.2013 (13)
  10. "Redirect-Virus" unter Windows 8 / "document has moved redirecting..."
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (11)
  11. Trojaner "Der Computer ist für die Verletzung..." unter Windows 7
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (38)
  12. Trojaner "please wait while the connection is being established" unter Windows 7
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (19)
  13. "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\"
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (25)
  14. Infizierung mit "TR/Crypt.XPACK.Gen3" in C:/Windows/Temp/...
    Plagegeister aller Art und deren Bekämpfung - 23.10.2010 (4)
  15. Versteckte Datei "kdzqj.exe" in System32 und Reg-Eintrag "System" unter Winlogon
    Plagegeister aller Art und deren Bekämpfung - 25.03.2008 (22)
  16. Der "JAMES BOND" unter den Viren.....?
    Plagegeister aller Art und deren Bekämpfung - 14.09.2006 (10)
  17. mehrere GB grosser avast ordner unter windows/temp/_AVAST4_ normal ?
    Antiviren-, Firewall- und andere Schutzprogramme - 19.01.2005 (10)

Zum Thema Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\" - Hallo liebe Gemeinde. Ich habe (zum Glück) lange kein neues Thema mehr erstellt. Doch von Zeit zur Zeit brauche ich eure Hilfe Ich benutze das Avira Professional und habe die - Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\"...
Archiv
Du betrachtest: Mehrere Viren/Trojaner vorallem unter "C:\Windows\Temp\" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.